< prev index next >
src/share/classes/sun/security/pkcs10/PKCS10.java
Print this page
rev 12532 : 8171319: keytool should print out warnings when reading or generating cert/cert req using weak algorithms
Reviewed-by: coffeys
*** 165,175 ****
//
// OK, we parsed it all ... validate the signature using the
// key and signature algorithm we found.
//
try {
! sig = Signature.getInstance(id.getName());
sig.initVerify(subjectPublicKeyInfo);
sig.update(data);
if (!sig.verify(sigData))
throw new SignatureException("Invalid PKCS #10 signature");
} catch (InvalidKeyException e) {
--- 165,176 ----
//
// OK, we parsed it all ... validate the signature using the
// key and signature algorithm we found.
//
try {
! sigAlg = id.getName();
! sig = Signature.getInstance(sigAlg);
sig.initVerify(subjectPublicKeyInfo);
sig.update(data);
if (!sig.verify(sigData))
throw new SignatureException("Invalid PKCS #10 signature");
} catch (InvalidKeyException e) {
*** 216,225 ****
--- 217,227 ----
* Sign it ...
*/
signature.update(certificateRequestInfo, 0,
certificateRequestInfo.length);
sig = signature.sign();
+ sigAlg = signature.getAlgorithm();
/*
* Build guts of SIGNED macro
*/
AlgorithmId algId = null;
*** 249,258 ****
--- 251,265 ----
*/
public PublicKey getSubjectPublicKeyInfo()
{ return subjectPublicKeyInfo; }
/**
+ * Returns the signature algorithm.
+ */
+ public String getSigAlg() { return sigAlg; }
+
+ /**
* Returns the additional attributes requested.
*/
public PKCS10Attributes getAttributes()
{ return attributeSet; }
*** 346,353 ****
--- 353,361 ----
return(retval);
}
private X500Name subject;
private PublicKey subjectPublicKeyInfo;
+ private String sigAlg;
private PKCS10Attributes attributeSet;
private byte[] encoded; // signed
}
< prev index next >