-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 5.0
-
Component/s: security-libs
-
None
-
beta
-
sparc
-
solaris_7
The specification of DSAKeyPairGenerator.initialize(DSAParams params,
SecureRandom random) states:
Throws:
InvalidParameterException - if the parameters passed are invalid or null.
However, it is not clear whether parameters refer to both params and random,
or just params.
Currently, if random is null, no exception is thrown. It is not clear what
has happened and whether the operation is successful. See the following
program:
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.math.*;
public class DSAKeyPairTest {
public static DSAParams getDSAParams(int modlen, boolean genParams)
throws GeneralSecurityException, InvalidParameterException{
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
((DSAKeyPairGenerator) keyGen).initialize(modlen, genParams, new SecureRandom());
KeyPair pair = keyGen.generateKeyPair();
return ((DSAPublicKey) pair.getPublic()).getParams();
}
public static void main(String[] args) {
DSAKeyPairGenerator keyGen = null;
try {
keyGen = (DSAKeyPairGenerator) KeyPairGenerator.getInstance("DSA", "SUN");
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
DSAParameterSpec spec = null;
try {
DSAParams params = getDSAParams(512, false);
BigInteger p = params.getP();
BigInteger g = params.getG();
BigInteger q = params.getQ();
spec = new DSAParameterSpec(p, q, g);
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
try {
keyGen.initialize(spec, null);
System.out.println("InvalidParameterException expected");
} catch (InvalidParameterException e) {
System.out.println("OKAY");
}
}
}
Output:
InvalidParameterException expected
The same problem applies to initialize(int modlen, boolean genParams,
SecureRandom random)
SecureRandom random) states:
Throws:
InvalidParameterException - if the parameters passed are invalid or null.
However, it is not clear whether parameters refer to both params and random,
or just params.
Currently, if random is null, no exception is thrown. It is not clear what
has happened and whether the operation is successful. See the following
program:
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.math.*;
public class DSAKeyPairTest {
public static DSAParams getDSAParams(int modlen, boolean genParams)
throws GeneralSecurityException, InvalidParameterException{
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
((DSAKeyPairGenerator) keyGen).initialize(modlen, genParams, new SecureRandom());
KeyPair pair = keyGen.generateKeyPair();
return ((DSAPublicKey) pair.getPublic()).getParams();
}
public static void main(String[] args) {
DSAKeyPairGenerator keyGen = null;
try {
keyGen = (DSAKeyPairGenerator) KeyPairGenerator.getInstance("DSA", "SUN");
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
DSAParameterSpec spec = null;
try {
DSAParams params = getDSAParams(512, false);
BigInteger p = params.getP();
BigInteger g = params.getG();
BigInteger q = params.getQ();
spec = new DSAParameterSpec(p, q, g);
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
try {
keyGen.initialize(spec, null);
System.out.println("InvalidParameterException expected");
} catch (InvalidParameterException e) {
System.out.println("OKAY");
}
}
}
Output:
InvalidParameterException expected
The same problem applies to initialize(int modlen, boolean genParams,
SecureRandom random)