add large exponent option to the key generation code

git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@87 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e

src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java

@@ -29,10 +29,12 @@
 
 package com.verisignlabs.dnssec.security;
 
+import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.Signature;
+import java.security.spec.RSAKeyGenParameterSpec;
 import java.util.HashMap;
 import java.util.logging.Logger;
 
@@ -226,7 +228,7 @@ public class DnsKeyAlgorithm
     return (baseType(algorithm) == DSA);
   }
 
-  public KeyPair generateKeyPair(int algorithm, int keysize)
+  public KeyPair generateKeyPair(int algorithm, int keysize, boolean useLargeExp)
       throws NoSuchAlgorithmException
   {
     KeyPair pair = null;
@@ -237,7 +239,27 @@ public class DnsKeyAlgorithm
         {
           mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA");
         }
-        mRSAKeyGenerator.initialize(keysize);
+        
+        RSAKeyGenParameterSpec rsa_spec;
+        if (useLargeExp)
+        {
+          rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
+        }
+        else
+        {
+          rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
+        }
+        try
+        {
+          mRSAKeyGenerator.initialize(rsa_spec);
+        }
+        catch (InvalidAlgorithmParameterException e)
+        {
+          // Fold the InvalidAlgorithmParameterException into our existing
+          // thrown exception. Ugly, but requires less code change.
+          throw new NoSuchAlgorithmException("invalid key parameter spec");
+        }
+        
         pair = mRSAKeyGenerator.generateKeyPair();
         break;
       case DSA :
@@ -255,6 +277,12 @@ public class DnsKeyAlgorithm
     return pair;
   }
 
+  public KeyPair generateKeyPair(int algorithm, int keysize)
+      throws NoSuchAlgorithmException
+  {
+    return generateKeyPair(algorithm, keysize, false);
+  }
+  
   public static DnsKeyAlgorithm getInstance()
   {
     if (mInstance == null) mInstance = new DnsKeyAlgorithm();

src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java

@@ -63,16 +63,18 @@ public class JCEDnsSecSigner
    * @param algorithm the DNSSEC algorithm (RSAMD5, RSASHA1, or DSA).
    * @param flags any flags for the KEY RR.
    * @param keysize the size of the key to generate.
+   * @param useLargeExponent if generating an RSA key, use the large exponent.
    * @return a DnsKeyPair with the public and private keys populated.
    */
   public DnsKeyPair generateKey(Name owner, long ttl, int dclass,
-      int algorithm, int flags, int keysize) throws NoSuchAlgorithmException
+      int algorithm, int flags, int keysize, boolean useLargeExponent)
+      throws NoSuchAlgorithmException
   {
     DnsKeyAlgorithm algorithms = DnsKeyAlgorithm.getInstance();
 
     if (ttl < 0) ttl = 86400; // set to a reasonable default.
 
-    KeyPair pair = algorithms.generateKeyPair(algorithm, keysize);
+    KeyPair pair = algorithms.generateKeyPair(algorithm, keysize, useLargeExponent);
 
     if (mKeyConverter == null)
     {