rspec/rules/S4426/kotlin/how-to-fix-it/java-cryptography-extension.adoc

== How to fix it in Java Cryptography Extension

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

include::../../common/fix/rsa.adoc[]

[source,kotlin,diff-id=1,diff-type=noncompliant]
----
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;

fun main(args: Array<String>) {
    try {
        val keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024); // Noncompliant

    } catch (e: NoSuchAlgorithmException) {
        // ...
    }
}
----

include::../../common/fix/aes.adoc[]

[source,kotlin,diff-id=2,diff-type=noncompliant]
----
import java.security.KeyGenerator;
import java.security.NoSuchAlgorithmException;

fun main(args: Array<String>) {
    try {
        val keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.initialize(64); // Noncompliant

    } catch (e: NoSuchAlgorithmException) {
        // ...
    }
}
----

include::../../common/fix/ec.adoc[]

[source,kotlin,diff-id=3,diff-type=noncompliant]
----
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.ECGenParameterSpec;

fun main(args: Array<String>) {
    try {
        val keyPairGenerator  = KeyPairGenerator.getInstance("EC");
        val ellipticCurveName = new ECGenParameterSpec("secp112r1"); // Noncompliant
        keyPairGenerator.initialize(ellipticCurveName);

    } catch (e: NoSuchAlgorithmException) {
        // ...
    } catch (e: InvalidAlgorithmParameterException) {
        // ...
    }
}
----

==== Compliant solution

[source,kotlin,diff-id=1,diff-type=compliant]
----
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;

fun main(args: Array<String>) {
    try {
        val keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);

    } catch (e: NoSuchAlgorithmException) {
        // ...
    }
}
----

[source,kotlin,diff-id=2,diff-type=compliant]
----
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;

public static void main(String[] args) {
    try {
        val keyPairGenerator = KeyPairGenerator.getInstance("AES");
        keyPairGenerator.initialize(128);

    } catch (e: NoSuchAlgorithmException) {
        // ...
    }
}
----

[source,kotlin,diff-id=3,diff-type=compliant]
----
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.ECGenParameterSpec;

public static void main(String[] args) {
    try {
        val keyPairGenerator  = KeyPairGenerator.getInstance("EC");
        val ellipticCurveName = new ECGenParameterSpec("secp256r1");
        keyPairGenerator.initialize(ellipticCurveName);

    } catch (e: NoSuchAlgorithmException) {
        // ...
    } catch (e: InvalidAlgorithmParameterException) {
        // ...
    }
}
----

=== How does this work?

include::../../common/fix/fix.adoc[]

=== Going the extra mile

include::../../common/extra-mile/pre-quantum.adoc[]
Modify JVM Crypto rules: Change framework name (#3550) * Modify JVM Crypto rules: Change title * changed names * Apply suggestions from code review * fixed includes 2024-01-25 15:18:07 +01:00			`== How to fix it in Java Cryptography Extension`
Modify S4426: Learn-As-You-Code Migration (#2166) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 12:08:25 +02:00
			`=== Code examples`

			`include::../../common/fix/code-rationale.adoc[]`

			`==== Noncompliant code example`

			`include::../../common/fix/rsa.adoc[]`

			`[source,kotlin,diff-id=1,diff-type=noncompliant]`
			`----`
			`import java.security.KeyPairGenerator;`
			`import java.security.NoSuchAlgorithmException;`

			`fun main(args: Array<String>) {`
			`try {`
			`val keyPairGenerator = KeyPairGenerator.getInstance("RSA");`
			`keyPairGenerator.initialize(1024); // Noncompliant`

			`} catch (e: NoSuchAlgorithmException) {`
			`// ...`
			`}`
			`}`
			`----`

			`include::../../common/fix/aes.adoc[]`

			`[source,kotlin,diff-id=2,diff-type=noncompliant]`
			`----`
			`import java.security.KeyGenerator;`
			`import java.security.NoSuchAlgorithmException;`

			`fun main(args: Array<String>) {`
			`try {`
			`val keyGenerator = KeyGenerator.getInstance("AES");`
			`keyGenerator.initialize(64); // Noncompliant`

			`} catch (e: NoSuchAlgorithmException) {`
			`// ...`
			`}`
			`}`
			`----`

			`include::../../common/fix/ec.adoc[]`

			`[source,kotlin,diff-id=3,diff-type=noncompliant]`
			`----`
			`import java.security.KeyPairGenerator;`
			`import java.security.NoSuchAlgorithmException;`
			`import java.security.InvalidAlgorithmParameterException;`
			`import java.security.spec.ECGenParameterSpec;`

			`fun main(args: Array<String>) {`
			`try {`
			`val keyPairGenerator = KeyPairGenerator.getInstance("EC");`
			`val ellipticCurveName = new ECGenParameterSpec("secp112r1"); // Noncompliant`
			`keyPairGenerator.initialize(ellipticCurveName);`

			`} catch (e: NoSuchAlgorithmException) {`
			`// ...`
			`} catch (e: InvalidAlgorithmParameterException) {`
			`// ...`
			`}`
			`}`
			`----`

			`==== Compliant solution`

			`[source,kotlin,diff-id=1,diff-type=compliant]`
			`----`
			`import java.security.KeyPairGenerator;`
			`import java.security.NoSuchAlgorithmException;`

			`fun main(args: Array<String>) {`
			`try {`
			`val keyPairGenerator = KeyPairGenerator.getInstance("RSA");`
			`keyPairGenerator.initialize(2048);`

			`} catch (e: NoSuchAlgorithmException) {`
			`// ...`
			`}`
			`}`
			`----`

			`[source,kotlin,diff-id=2,diff-type=compliant]`
			`----`
			`import java.security.KeyPairGenerator;`
			`import java.security.NoSuchAlgorithmException;`

			`public static void main(String[] args) {`
			`try {`
			`val keyPairGenerator = KeyPairGenerator.getInstance("AES");`
			`keyPairGenerator.initialize(128);`

			`} catch (e: NoSuchAlgorithmException) {`
			`// ...`
			`}`
			`}`
			`----`

			`[source,kotlin,diff-id=3,diff-type=compliant]`
			`----`
			`import java.security.KeyPairGenerator;`
			`import java.security.NoSuchAlgorithmException;`
			`import java.security.InvalidAlgorithmParameterException;`
			`import java.security.spec.ECGenParameterSpec;`

			`public static void main(String[] args) {`
			`try {`
			`val keyPairGenerator = KeyPairGenerator.getInstance("EC");`
			`val ellipticCurveName = new ECGenParameterSpec("secp256r1");`
			`keyPairGenerator.initialize(ellipticCurveName);`

			`} catch (e: NoSuchAlgorithmException) {`
			`// ...`
			`} catch (e: InvalidAlgorithmParameterException) {`
			`// ...`
			`}`
			`}`
			`----`

			`=== How does this work?`

			`include::../../common/fix/fix.adoc[]`

			`=== Going the extra mile`

			`include::../../common/extra-mile/pre-quantum.adoc[]`