1 /*
2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
2473 // name comparison checks (converting to a String and back to
2474 // an encoded DN could cause the types of String attribute
2475 // values to be changed)
2476 X509CertInfo tbsCert = new
2477 X509CertInfo(certChain[0].getTBSCertificate());
2478 issuerName = (Principal)
2479 tbsCert.get(X509CertInfo.ISSUER + "." +
2480 X509CertInfo.DN_NAME);
2481 }
2482 BigInteger serial = certChain[0].getSerialNumber();
2483
2484 String signatureAlgorithm;
2485 String keyAlgorithm = privateKey.getAlgorithm();
2486 /*
2487 * If no signature algorithm was specified, we choose a
2488 * default that is compatible with the private key algorithm.
2489 */
2490 if (sigalg == null) {
2491
2492 if (keyAlgorithm.equalsIgnoreCase("DSA"))
2493 signatureAlgorithm = "SHA1withDSA";
2494 else if (keyAlgorithm.equalsIgnoreCase("RSA"))
2495 signatureAlgorithm = "SHA256withRSA";
2496 else if (keyAlgorithm.equalsIgnoreCase("EC"))
2497 signatureAlgorithm = "SHA256withECDSA";
2498 else
2499 throw new RuntimeException("private key is not a DSA or "
2500 + "RSA key");
2501 } else {
2502 signatureAlgorithm = sigalg;
2503 }
2504
2505 // check common invalid key/signature algorithm combinations
2506 String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
2507 if ((sigAlgUpperCase.endsWith("WITHRSA") &&
2508 !keyAlgorithm.equalsIgnoreCase("RSA")) ||
2509 (sigAlgUpperCase.endsWith("WITHECDSA") &&
2510 !keyAlgorithm.equalsIgnoreCase("EC")) ||
2511 (sigAlgUpperCase.endsWith("WITHDSA") &&
2512 !keyAlgorithm.equalsIgnoreCase("DSA"))) {
2513 throw new SignatureException
|
1 /*
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
2473 // name comparison checks (converting to a String and back to
2474 // an encoded DN could cause the types of String attribute
2475 // values to be changed)
2476 X509CertInfo tbsCert = new
2477 X509CertInfo(certChain[0].getTBSCertificate());
2478 issuerName = (Principal)
2479 tbsCert.get(X509CertInfo.ISSUER + "." +
2480 X509CertInfo.DN_NAME);
2481 }
2482 BigInteger serial = certChain[0].getSerialNumber();
2483
2484 String signatureAlgorithm;
2485 String keyAlgorithm = privateKey.getAlgorithm();
2486 /*
2487 * If no signature algorithm was specified, we choose a
2488 * default that is compatible with the private key algorithm.
2489 */
2490 if (sigalg == null) {
2491
2492 if (keyAlgorithm.equalsIgnoreCase("DSA"))
2493 signatureAlgorithm = "SHA256withDSA";
2494 else if (keyAlgorithm.equalsIgnoreCase("RSA"))
2495 signatureAlgorithm = "SHA256withRSA";
2496 else if (keyAlgorithm.equalsIgnoreCase("EC"))
2497 signatureAlgorithm = "SHA256withECDSA";
2498 else
2499 throw new RuntimeException("private key is not a DSA or "
2500 + "RSA key");
2501 } else {
2502 signatureAlgorithm = sigalg;
2503 }
2504
2505 // check common invalid key/signature algorithm combinations
2506 String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
2507 if ((sigAlgUpperCase.endsWith("WITHRSA") &&
2508 !keyAlgorithm.equalsIgnoreCase("RSA")) ||
2509 (sigAlgUpperCase.endsWith("WITHECDSA") &&
2510 !keyAlgorithm.equalsIgnoreCase("EC")) ||
2511 (sigAlgUpperCase.endsWith("WITHDSA") &&
2512 !keyAlgorithm.equalsIgnoreCase("DSA"))) {
2513 throw new SignatureException
|