1 /*
2 * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.security.spec.AlgorithmParameterSpec;
29 import java.util.*;
30 import java.util.concurrent.ConcurrentHashMap;
31 import java.io.*;
32 import java.security.cert.Certificate;
33 import java.security.cert.X509Certificate;
34
35 import java.nio.ByteBuffer;
36
37 import java.security.Provider.Service;
38
39 import javax.crypto.Cipher;
40 import javax.crypto.CipherSpi;
41 import javax.crypto.IllegalBlockSizeException;
42 import javax.crypto.BadPaddingException;
43 import javax.crypto.NoSuchPaddingException;
44
45 import sun.security.util.Debug;
46 import sun.security.jca.*;
47 import sun.security.jca.GetInstance.Instance;
48
49 /**
50 * The Signature class is used to provide applications the functionality
51 * of a digital signature algorithm. Digital signatures are used for
52 * authentication and integrity assurance of digital data.
53 *
54 * <p> The signature algorithm can be, among others, the NIST standard
55 * DSA, using DSA and SHA-1. The DSA algorithm using the
56 * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}.
57 * In the case of RSA, there are multiple choices for the message digest
58 * algorithm, so the signing algorithm could be specified as, for example,
59 * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}.
60 * The algorithm name must be specified, as there is no default.
61 *
62 * <p> A Signature object can be used to generate and verify digital
63 * signatures.
64 *
65 * <p> There are three phases to the use of a Signature object for
66 * either signing data or verifying a signature:<ol>
67 *
68 * <li>Initialization, with either
69 *
70 * <ul>
71 *
72 * <li>a public key, which initializes the signature for
73 * verification (see {@link #initVerify(PublicKey) initVerify}), or
74 *
75 * <li>a private key (and optionally a Secure Random Number Generator),
76 * which initializes the signature for signing
77 * (see {@link #initSign(PrivateKey)}
78 * and {@link #initSign(PrivateKey, SecureRandom)}).
79 *
80 * </ul>
81 *
82 * <li>Updating
83 *
84 * <p>Depending on the type of initialization, this will update the
85 * bytes to be signed or verified. See the
86 * {@link #update(byte) update} methods.
87 *
88 * <li>Signing or Verifying a signature on all updated bytes. See the
89 * {@link #sign() sign} methods and the {@link #verify(byte[]) verify}
90 * method.
91 *
92 * </ol>
93 *
94 * <p>Note that this class is abstract and extends from
95 * {@code SignatureSpi} for historical reasons.
96 * Application developers should only take notice of the methods defined in
97 * this {@code Signature} class; all the methods in
98 * the superclass are intended for cryptographic service providers who wish to
99 * supply their own implementations of digital signature algorithms.
100 *
101 * <p> Every implementation of the Java platform is required to support the
102 * following standard {@code Signature} algorithms:
103 * <ul>
104 * <li>{@code SHA1withDSA}</li>
105 * <li>{@code SHA256withDSA}</li>
106 * <li>{@code SHA1withRSA}</li>
107 * <li>{@code SHA256withRSA}</li>
108 * </ul>
109 * These algorithms are described in the <a href=
110 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
111 * Signature section</a> of the
112 * Java Cryptography Architecture Standard Algorithm Name Documentation.
113 * Consult the release documentation for your implementation to see if any
114 * other algorithms are supported.
115 *
116 * @author Benjamin Renaud
117 *
118 */
119
120 public abstract class Signature extends SignatureSpi {
121
122 private static final Debug debug =
123 Debug.getInstance("jca", "Signature");
124
125 private static final Debug pdebug =
126 Debug.getInstance("provider", "Provider");
127 private static final boolean skipDebug =
128 Debug.isOn("engine=") && !Debug.isOn("signature");
129
130 /*
131 * The algorithm for this signature object.
132 * This value is used to map an OID to the particular algorithm.
133 * The mapping is done in AlgorithmObject.algOID(String algorithm)
134 */
135 private String algorithm;
136
137 // The provider
138 Provider provider;
139
140 /**
141 * Possible {@link #state} value, signifying that
142 * this signature object has not yet been initialized.
143 */
144 protected static final int UNINITIALIZED = 0;
145
146 /**
147 * Possible {@link #state} value, signifying that
148 * this signature object has been initialized for signing.
149 */
150 protected static final int SIGN = 2;
151
152 /**
153 * Possible {@link #state} value, signifying that
154 * this signature object has been initialized for verification.
155 */
156 protected static final int VERIFY = 3;
157
158 /**
159 * Current state of this signature object.
160 */
161 protected int state = UNINITIALIZED;
162
163 /**
164 * Creates a Signature object for the specified algorithm.
165 *
166 * @param algorithm the standard string name of the algorithm.
167 * See the Signature section in the <a href=
168 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
169 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
170 * for information about standard algorithm names.
171 */
172 protected Signature(String algorithm) {
173 this.algorithm = algorithm;
174 }
175
176 // name of the special signature alg
177 private static final String RSA_SIGNATURE = "NONEwithRSA";
178
179 // name of the equivalent cipher alg
180 private static final String RSA_CIPHER = "RSA/ECB/PKCS1Padding";
181
182 // all the services we need to lookup for compatibility with Cipher
183 private static final List<ServiceId> rsaIds = Arrays.asList(
184 new ServiceId[] {
185 new ServiceId("Signature", "NONEwithRSA"),
186 new ServiceId("Cipher", "RSA/ECB/PKCS1Padding"),
187 new ServiceId("Cipher", "RSA/ECB"),
188 new ServiceId("Cipher", "RSA//PKCS1Padding"),
189 new ServiceId("Cipher", "RSA"),
190 }
191 );
192
193 /**
194 * Returns a Signature object that implements the specified signature
195 * algorithm.
196 *
197 * <p> This method traverses the list of registered security Providers,
198 * starting with the most preferred Provider.
199 * A new Signature object encapsulating the
200 * SignatureSpi implementation from the first
201 * Provider that supports the specified algorithm is returned.
202 *
203 * <p> Note that the list of registered providers may be retrieved via
204 * the {@link Security#getProviders() Security.getProviders()} method.
205 *
206 * @implNote
207 * The JDK Reference Implementation additionally uses the
208 * {@code jdk.security.provider.preferred}
209 * {@link Security#getProperty(String) Security} property to determine
210 * the preferred provider order for the specified algorithm. This
211 * may be different than the order of providers returned by
212 * {@link Security#getProviders() Security.getProviders()}.
213 *
214 * @param algorithm the standard name of the algorithm requested.
215 * See the Signature section in the <a href=
216 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
217 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
218 * for information about standard algorithm names.
219 *
220 * @return the new Signature object.
221 *
222 * @exception NoSuchAlgorithmException if no Provider supports a
223 * Signature implementation for the
224 * specified algorithm.
225 *
226 * @see Provider
227 */
228 public static Signature getInstance(String algorithm)
229 throws NoSuchAlgorithmException {
230 List<Service> list;
231 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
232 list = GetInstance.getServices(rsaIds);
233 } else {
234 list = GetInstance.getServices("Signature", algorithm);
235 }
236 Iterator<Service> t = list.iterator();
237 if (t.hasNext() == false) {
238 throw new NoSuchAlgorithmException
239 (algorithm + " Signature not available");
240 }
241 // try services until we find an Spi or a working Signature subclass
242 NoSuchAlgorithmException failure;
243 do {
244 Service s = t.next();
245 if (isSpi(s)) {
246 return new Delegate(s, t, algorithm);
247 } else {
248 // must be a subclass of Signature, disable dynamic selection
249 try {
250 Instance instance =
251 GetInstance.getInstance(s, SignatureSpi.class);
252 return getInstance(instance, algorithm);
253 } catch (NoSuchAlgorithmException e) {
254 failure = e;
255 }
256 }
257 } while (t.hasNext());
258 throw failure;
259 }
260
261 private static Signature getInstance(Instance instance, String algorithm) {
262 Signature sig;
263 if (instance.impl instanceof Signature) {
264 sig = (Signature)instance.impl;
265 sig.algorithm = algorithm;
266 } else {
267 SignatureSpi spi = (SignatureSpi)instance.impl;
268 sig = new Delegate(spi, algorithm);
269 }
270 sig.provider = instance.provider;
271 return sig;
272 }
273
274 private static final Map<String,Boolean> signatureInfo;
275
276 static {
277 signatureInfo = new ConcurrentHashMap<>();
278 Boolean TRUE = Boolean.TRUE;
279 // pre-initialize with values for our SignatureSpi implementations
280 signatureInfo.put("sun.security.provider.DSA$RawDSA", TRUE);
281 signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", TRUE);
282 signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", TRUE);
283 signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", TRUE);
284 signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", TRUE);
285 signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE);
286 signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
287 signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
288 signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
289 signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
290 }
291
292 private static boolean isSpi(Service s) {
293 if (s.getType().equals("Cipher")) {
294 // must be a CipherSpi, which we can wrap with the CipherAdapter
295 return true;
296 }
297 String className = s.getClassName();
298 Boolean result = signatureInfo.get(className);
299 if (result == null) {
300 try {
301 Object instance = s.newInstance(null);
302 // Signature extends SignatureSpi
303 // so it is a "real" Spi if it is an
304 // instance of SignatureSpi but not Signature
305 boolean r = (instance instanceof SignatureSpi)
306 && (instance instanceof Signature == false);
307 if ((debug != null) && (r == false)) {
308 debug.println("Not a SignatureSpi " + className);
309 debug.println("Delayed provider selection may not be "
310 + "available for algorithm " + s.getAlgorithm());
311 }
312 result = Boolean.valueOf(r);
313 signatureInfo.put(className, result);
314 } catch (Exception e) {
315 // something is wrong, assume not an SPI
316 return false;
317 }
318 }
319 return result.booleanValue();
320 }
321
322 /**
323 * Returns a Signature object that implements the specified signature
324 * algorithm.
325 *
326 * <p> A new Signature object encapsulating the
327 * SignatureSpi implementation from the specified provider
328 * is returned. The specified provider must be registered
329 * in the security provider list.
330 *
331 * <p> Note that the list of registered providers may be retrieved via
332 * the {@link Security#getProviders() Security.getProviders()} method.
333 *
334 * @param algorithm the name of the algorithm requested.
335 * See the Signature section in the <a href=
336 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
337 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
338 * for information about standard algorithm names.
339 *
340 * @param provider the name of the provider.
341 *
342 * @return the new Signature object.
343 *
344 * @exception NoSuchAlgorithmException if a SignatureSpi
345 * implementation for the specified algorithm is not
346 * available from the specified provider.
347 *
348 * @exception NoSuchProviderException if the specified provider is not
349 * registered in the security provider list.
350 *
351 * @exception IllegalArgumentException if the provider name is null
352 * or empty.
353 *
354 * @see Provider
355 */
356 public static Signature getInstance(String algorithm, String provider)
357 throws NoSuchAlgorithmException, NoSuchProviderException {
358 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
359 // exception compatibility with existing code
360 if ((provider == null) || (provider.length() == 0)) {
361 throw new IllegalArgumentException("missing provider");
362 }
363 Provider p = Security.getProvider(provider);
364 if (p == null) {
365 throw new NoSuchProviderException
366 ("no such provider: " + provider);
367 }
368 return getInstanceRSA(p);
369 }
370 Instance instance = GetInstance.getInstance
371 ("Signature", SignatureSpi.class, algorithm, provider);
372 return getInstance(instance, algorithm);
373 }
374
375 /**
376 * Returns a Signature object that implements the specified
377 * signature algorithm.
378 *
379 * <p> A new Signature object encapsulating the
380 * SignatureSpi implementation from the specified Provider
381 * object is returned. Note that the specified Provider object
382 * does not have to be registered in the provider list.
383 *
384 * @param algorithm the name of the algorithm requested.
385 * See the Signature section in the <a href=
386 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
387 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
388 * for information about standard algorithm names.
389 *
390 * @param provider the provider.
391 *
392 * @return the new Signature object.
393 *
394 * @exception NoSuchAlgorithmException if a SignatureSpi
395 * implementation for the specified algorithm is not available
396 * from the specified Provider object.
397 *
398 * @exception IllegalArgumentException if the provider is null.
399 *
400 * @see Provider
401 *
402 * @since 1.4
403 */
404 public static Signature getInstance(String algorithm, Provider provider)
405 throws NoSuchAlgorithmException {
406 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
407 // exception compatibility with existing code
408 if (provider == null) {
409 throw new IllegalArgumentException("missing provider");
410 }
411 return getInstanceRSA(provider);
412 }
413 Instance instance = GetInstance.getInstance
414 ("Signature", SignatureSpi.class, algorithm, provider);
415 return getInstance(instance, algorithm);
416 }
417
418 // return an implementation for NONEwithRSA, which is a special case
419 // because of the Cipher.RSA/ECB/PKCS1Padding compatibility wrapper
420 private static Signature getInstanceRSA(Provider p)
421 throws NoSuchAlgorithmException {
422 // try Signature first
423 Service s = p.getService("Signature", RSA_SIGNATURE);
424 if (s != null) {
425 Instance instance = GetInstance.getInstance(s, SignatureSpi.class);
426 return getInstance(instance, RSA_SIGNATURE);
427 }
428 // check Cipher
429 try {
430 Cipher c = Cipher.getInstance(RSA_CIPHER, p);
431 return new Delegate(new CipherAdapter(c), RSA_SIGNATURE);
432 } catch (GeneralSecurityException e) {
433 // throw Signature style exception message to avoid confusion,
434 // but append Cipher exception as cause
435 throw new NoSuchAlgorithmException("no such algorithm: "
436 + RSA_SIGNATURE + " for provider " + p.getName(), e);
437 }
438 }
439
440 /**
441 * Returns the provider of this signature object.
442 *
443 * @return the provider of this signature object
444 */
445 public final Provider getProvider() {
446 chooseFirstProvider();
447 return this.provider;
448 }
449
450 void chooseFirstProvider() {
451 // empty, overridden in Delegate
452 }
453
454 /**
455 * Initializes this object for verification. If this method is called
456 * again with a different argument, it negates the effect
457 * of this call.
458 *
459 * @param publicKey the public key of the identity whose signature is
460 * going to be verified.
461 *
462 * @exception InvalidKeyException if the key is invalid.
463 */
464 public final void initVerify(PublicKey publicKey)
465 throws InvalidKeyException {
466 engineInitVerify(publicKey);
467 state = VERIFY;
468
469 if (!skipDebug && pdebug != null) {
470 pdebug.println("Signature." + algorithm +
471 " verification algorithm from: " + this.provider.getName());
472 }
473 }
474
475 /**
476 * Initializes this object for verification, using the public key from
477 * the given certificate.
478 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
479 * extension field marked as critical, and the value of the <i>key usage</i>
480 * extension field implies that the public key in
481 * the certificate and its corresponding private key are not
482 * supposed to be used for digital signatures, an
483 * {@code InvalidKeyException} is thrown.
484 *
485 * @param certificate the certificate of the identity whose signature is
486 * going to be verified.
487 *
488 * @exception InvalidKeyException if the public key in the certificate
489 * is not encoded properly or does not include required parameter
490 * information or cannot be used for digital signature purposes.
491 * @since 1.3
492 */
493 public final void initVerify(Certificate certificate)
494 throws InvalidKeyException {
495 // If the certificate is of type X509Certificate,
496 // we should check whether it has a Key Usage
497 // extension marked as critical.
498 if (certificate instanceof java.security.cert.X509Certificate) {
499 // Check whether the cert has a key usage extension
500 // marked as a critical extension.
501 // The OID for KeyUsage extension is 2.5.29.15.
502 X509Certificate cert = (X509Certificate)certificate;
503 Set<String> critSet = cert.getCriticalExtensionOIDs();
504
505 if (critSet != null && !critSet.isEmpty()
506 && critSet.contains("2.5.29.15")) {
507 boolean[] keyUsageInfo = cert.getKeyUsage();
508 // keyUsageInfo[0] is for digitalSignature.
509 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
510 throw new InvalidKeyException("Wrong key usage");
511 }
512 }
513
514 PublicKey publicKey = certificate.getPublicKey();
515 engineInitVerify(publicKey);
516 state = VERIFY;
517
518 if (!skipDebug && pdebug != null) {
519 pdebug.println("Signature." + algorithm +
520 " verification algorithm from: " + this.provider.getName());
521 }
522 }
523
524 /**
525 * Initialize this object for signing. If this method is called
526 * again with a different argument, it negates the effect
527 * of this call.
528 *
529 * @param privateKey the private key of the identity whose signature
530 * is going to be generated.
531 *
532 * @exception InvalidKeyException if the key is invalid.
533 */
534 public final void initSign(PrivateKey privateKey)
535 throws InvalidKeyException {
536 engineInitSign(privateKey);
537 state = SIGN;
538
539 if (!skipDebug && pdebug != null) {
540 pdebug.println("Signature." + algorithm +
541 " signing algorithm from: " + this.provider.getName());
542 }
543 }
544
545 /**
546 * Initialize this object for signing. If this method is called
547 * again with a different argument, it negates the effect
548 * of this call.
549 *
550 * @param privateKey the private key of the identity whose signature
551 * is going to be generated.
552 *
553 * @param random the source of randomness for this signature.
554 *
555 * @exception InvalidKeyException if the key is invalid.
556 */
557 public final void initSign(PrivateKey privateKey, SecureRandom random)
558 throws InvalidKeyException {
559 engineInitSign(privateKey, random);
560 state = SIGN;
561
562 if (!skipDebug && pdebug != null) {
563 pdebug.println("Signature." + algorithm +
564 " signing algorithm from: " + this.provider.getName());
565 }
566 }
567
568 /**
569 * Returns the signature bytes of all the data updated.
570 * The format of the signature depends on the underlying
571 * signature scheme.
572 *
573 * <p>A call to this method resets this signature object to the state
574 * it was in when previously initialized for signing via a
575 * call to {@code initSign(PrivateKey)}. That is, the object is
576 * reset and available to generate another signature from the same
577 * signer, if desired, via new calls to {@code update} and
578 * {@code sign}.
579 *
580 * @return the signature bytes of the signing operation's result.
581 *
582 * @exception SignatureException if this signature object is not
583 * initialized properly or if this signature algorithm is unable to
584 * process the input data provided.
585 */
586 public final byte[] sign() throws SignatureException {
587 if (state == SIGN) {
588 return engineSign();
589 }
590 throw new SignatureException("object not initialized for " +
591 "signing");
592 }
593
594 /**
595 * Finishes the signature operation and stores the resulting signature
596 * bytes in the provided buffer {@code outbuf}, starting at
597 * {@code offset}.
598 * The format of the signature depends on the underlying
599 * signature scheme.
600 *
601 * <p>This signature object is reset to its initial state (the state it
602 * was in after a call to one of the {@code initSign} methods) and
603 * can be reused to generate further signatures with the same private key.
604 *
605 * @param outbuf buffer for the signature result.
606 *
607 * @param offset offset into {@code outbuf} where the signature is
608 * stored.
609 *
610 * @param len number of bytes within {@code outbuf} allotted for the
611 * signature.
612 *
613 * @return the number of bytes placed into {@code outbuf}.
614 *
615 * @exception SignatureException if this signature object is not
616 * initialized properly, if this signature algorithm is unable to
617 * process the input data provided, or if {@code len} is less
618 * than the actual signature length.
619 * @exception IllegalArgumentException if {@code outbuf} is {@code null},
620 * or {@code offset} or {@code len} is less than 0, or the sum of
621 * {@code offset} and {@code len} is greater than the length of
622 * {@code outbuf}.
623 *
624 * @since 1.2
625 */
626 public final int sign(byte[] outbuf, int offset, int len)
627 throws SignatureException {
628 if (outbuf == null) {
629 throw new IllegalArgumentException("No output buffer given");
630 }
631 if (offset < 0 || len < 0) {
632 throw new IllegalArgumentException("offset or len is less than 0");
633 }
634 if (outbuf.length - offset < len) {
635 throw new IllegalArgumentException
636 ("Output buffer too small for specified offset and length");
637 }
638 if (state != SIGN) {
639 throw new SignatureException("object not initialized for " +
640 "signing");
641 }
642 return engineSign(outbuf, offset, len);
643 }
644
645 /**
646 * Verifies the passed-in signature.
647 *
648 * <p>A call to this method resets this signature object to the state
649 * it was in when previously initialized for verification via a
650 * call to {@code initVerify(PublicKey)}. That is, the object is
651 * reset and available to verify another signature from the identity
652 * whose public key was specified in the call to {@code initVerify}.
653 *
654 * @param signature the signature bytes to be verified.
655 *
656 * @return true if the signature was verified, false if not.
657 *
658 * @exception SignatureException if this signature object is not
659 * initialized properly, the passed-in signature is improperly
660 * encoded or of the wrong type, if this signature algorithm is unable to
661 * process the input data provided, etc.
662 */
663 public final boolean verify(byte[] signature) throws SignatureException {
664 if (state == VERIFY) {
665 return engineVerify(signature);
666 }
667 throw new SignatureException("object not initialized for " +
668 "verification");
669 }
670
671 /**
672 * Verifies the passed-in signature in the specified array
673 * of bytes, starting at the specified offset.
674 *
675 * <p>A call to this method resets this signature object to the state
676 * it was in when previously initialized for verification via a
677 * call to {@code initVerify(PublicKey)}. That is, the object is
678 * reset and available to verify another signature from the identity
679 * whose public key was specified in the call to {@code initVerify}.
680 *
681 *
682 * @param signature the signature bytes to be verified.
683 * @param offset the offset to start from in the array of bytes.
684 * @param length the number of bytes to use, starting at offset.
685 *
686 * @return true if the signature was verified, false if not.
687 *
688 * @exception SignatureException if this signature object is not
689 * initialized properly, the passed-in signature is improperly
690 * encoded or of the wrong type, if this signature algorithm is unable to
691 * process the input data provided, etc.
692 * @exception IllegalArgumentException if the {@code signature}
693 * byte array is null, or the {@code offset} or {@code length}
694 * is less than 0, or the sum of the {@code offset} and
695 * {@code length} is greater than the length of the
696 * {@code signature} byte array.
697 * @since 1.4
698 */
699 public final boolean verify(byte[] signature, int offset, int length)
700 throws SignatureException {
701 if (state == VERIFY) {
702 if (signature == null) {
703 throw new IllegalArgumentException("signature is null");
704 }
705 if (offset < 0 || length < 0) {
706 throw new IllegalArgumentException
707 ("offset or length is less than 0");
708 }
709 if (signature.length - offset < length) {
710 throw new IllegalArgumentException
711 ("signature too small for specified offset and length");
712 }
713
714 return engineVerify(signature, offset, length);
715 }
716 throw new SignatureException("object not initialized for " +
717 "verification");
718 }
719
720 /**
721 * Updates the data to be signed or verified by a byte.
722 *
723 * @param b the byte to use for the update.
724 *
725 * @exception SignatureException if this signature object is not
726 * initialized properly.
727 */
728 public final void update(byte b) throws SignatureException {
729 if (state == VERIFY || state == SIGN) {
730 engineUpdate(b);
731 } else {
732 throw new SignatureException("object not initialized for "
733 + "signature or verification");
734 }
735 }
736
737 /**
738 * Updates the data to be signed or verified, using the specified
739 * array of bytes.
740 *
741 * @param data the byte array to use for the update.
742 *
743 * @exception SignatureException if this signature object is not
744 * initialized properly.
745 */
746 public final void update(byte[] data) throws SignatureException {
747 update(data, 0, data.length);
748 }
749
750 /**
751 * Updates the data to be signed or verified, using the specified
752 * array of bytes, starting at the specified offset.
753 *
754 * @param data the array of bytes.
755 * @param off the offset to start from in the array of bytes.
756 * @param len the number of bytes to use, starting at offset.
757 *
758 * @exception SignatureException if this signature object is not
759 * initialized properly.
760 * @exception IllegalArgumentException if {@code data} is {@code null},
761 * or {@code off} or {@code len} is less than 0, or the sum of
762 * {@code off} and {@code len} is greater than the length of
763 * {@code data}.
764 */
765 public final void update(byte[] data, int off, int len)
766 throws SignatureException {
767 if (state == SIGN || state == VERIFY) {
768 if (data == null) {
769 throw new IllegalArgumentException("data is null");
770 }
771 if (off < 0 || len < 0) {
772 throw new IllegalArgumentException("off or len is less than 0");
773 }
774 if (data.length - off < len) {
775 throw new IllegalArgumentException
776 ("data too small for specified offset and length");
777 }
778 engineUpdate(data, off, len);
779 } else {
780 throw new SignatureException("object not initialized for "
781 + "signature or verification");
782 }
783 }
784
785 /**
786 * Updates the data to be signed or verified using the specified
787 * ByteBuffer. Processes the {@code data.remaining()} bytes
788 * starting at {@code data.position()}.
789 * Upon return, the buffer's position will be equal to its limit;
790 * its limit will not have changed.
791 *
792 * @param data the ByteBuffer
793 *
794 * @exception SignatureException if this signature object is not
795 * initialized properly.
796 * @since 1.5
797 */
798 public final void update(ByteBuffer data) throws SignatureException {
799 if ((state != SIGN) && (state != VERIFY)) {
800 throw new SignatureException("object not initialized for "
801 + "signature or verification");
802 }
803 if (data == null) {
804 throw new NullPointerException();
805 }
806 engineUpdate(data);
807 }
808
809 /**
810 * Returns the name of the algorithm for this signature object.
811 *
812 * @return the name of the algorithm for this signature object.
813 */
814 public final String getAlgorithm() {
815 return this.algorithm;
816 }
817
818 /**
819 * Returns a string representation of this signature object,
820 * providing information that includes the state of the object
821 * and the name of the algorithm used.
822 *
823 * @return a string representation of this signature object.
824 */
825 public String toString() {
826 String initState = "";
827 switch (state) {
828 case UNINITIALIZED:
829 initState = "<not initialized>";
830 break;
831 case VERIFY:
832 initState = "<initialized for verifying>";
833 break;
834 case SIGN:
835 initState = "<initialized for signing>";
836 break;
837 }
838 return "Signature object: " + getAlgorithm() + initState;
839 }
840
841 /**
842 * Sets the specified algorithm parameter to the specified value.
843 * This method supplies a general-purpose mechanism through
844 * which it is possible to set the various parameters of this object.
845 * A parameter may be any settable parameter for the algorithm, such as
846 * a parameter size, or a source of random bits for signature generation
847 * (if appropriate), or an indication of whether or not to perform
848 * a specific but optional computation. A uniform algorithm-specific
849 * naming scheme for each parameter is desirable but left unspecified
850 * at this time.
851 *
852 * @param param the string identifier of the parameter.
853 * @param value the parameter value.
854 *
855 * @exception InvalidParameterException if {@code param} is an
856 * invalid parameter for this signature algorithm engine,
857 * the parameter is already set
858 * and cannot be set again, a security exception occurs, and so on.
859 *
860 * @see #getParameter
861 *
862 * @deprecated Use
863 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
864 * setParameter}.
865 */
866 @Deprecated
867 public final void setParameter(String param, Object value)
868 throws InvalidParameterException {
869 engineSetParameter(param, value);
870 }
871
872 /**
873 * Initializes this signature engine with the specified parameter set.
874 *
875 * @param params the parameters
876 *
877 * @exception InvalidAlgorithmParameterException if the given parameters
878 * are inappropriate for this signature engine
879 *
880 * @see #getParameters
881 */
882 public final void setParameter(AlgorithmParameterSpec params)
883 throws InvalidAlgorithmParameterException {
884 engineSetParameter(params);
885 }
886
887 /**
888 * Returns the parameters used with this signature object.
889 *
890 * <p>The returned parameters may be the same that were used to initialize
891 * this signature, or may contain a combination of default and randomly
892 * generated parameter values used by the underlying signature
893 * implementation if this signature requires algorithm parameters but
894 * was not initialized with any.
895 *
896 * @return the parameters used with this signature, or null if this
897 * signature does not use any parameters.
898 *
899 * @see #setParameter(AlgorithmParameterSpec)
900 * @since 1.4
901 */
902 public final AlgorithmParameters getParameters() {
903 return engineGetParameters();
904 }
905
906 /**
907 * Gets the value of the specified algorithm parameter. This method
908 * supplies a general-purpose mechanism through which it is possible to
909 * get the various parameters of this object. A parameter may be any
910 * settable parameter for the algorithm, such as a parameter size, or
911 * a source of random bits for signature generation (if appropriate),
912 * or an indication of whether or not to perform a specific but optional
913 * computation. A uniform algorithm-specific naming scheme for each
914 * parameter is desirable but left unspecified at this time.
915 *
916 * @param param the string name of the parameter.
917 *
918 * @return the object that represents the parameter value, or null if
919 * there is none.
920 *
921 * @exception InvalidParameterException if {@code param} is an invalid
922 * parameter for this engine, or another exception occurs while
923 * trying to get this parameter.
924 *
925 * @see #setParameter(String, Object)
926 *
927 * @deprecated
928 */
929 @Deprecated
930 public final Object getParameter(String param)
931 throws InvalidParameterException {
932 return engineGetParameter(param);
933 }
934
935 /**
936 * Returns a clone if the implementation is cloneable.
937 *
938 * @return a clone if the implementation is cloneable.
939 *
940 * @exception CloneNotSupportedException if this is called
941 * on an implementation that does not support {@code Cloneable}.
942 */
943 public Object clone() throws CloneNotSupportedException {
944 if (this instanceof Cloneable) {
945 return super.clone();
946 } else {
947 throw new CloneNotSupportedException();
948 }
949 }
950
951 /*
952 * The following class allows providers to extend from SignatureSpi
953 * rather than from Signature. It represents a Signature with an
954 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
955 * If the provider implementation is an instance of SignatureSpi, the
956 * getInstance() methods above return an instance of this class, with
957 * the SPI object encapsulated.
958 *
959 * Note: All SPI methods from the original Signature class have been
960 * moved up the hierarchy into a new class (SignatureSpi), which has
961 * been interposed in the hierarchy between the API (Signature)
962 * and its original parent (Object).
963 */
964
965 @SuppressWarnings("deprecation")
966 private static class Delegate extends Signature {
967
968 // The provider implementation (delegate)
969 // filled in once the provider is selected
970 private SignatureSpi sigSpi;
971
972 // lock for mutex during provider selection
973 private final Object lock;
974
975 // next service to try in provider selection
976 // null once provider is selected
977 private Service firstService;
978
979 // remaining services to try in provider selection
980 // null once provider is selected
981 private Iterator<Service> serviceIterator;
982
983 // constructor
984 Delegate(SignatureSpi sigSpi, String algorithm) {
985 super(algorithm);
986 this.sigSpi = sigSpi;
987 this.lock = null; // no lock needed
988 }
989
990 // used with delayed provider selection
991 Delegate(Service service,
992 Iterator<Service> iterator, String algorithm) {
993 super(algorithm);
994 this.firstService = service;
995 this.serviceIterator = iterator;
996 this.lock = new Object();
997 }
998
999 /**
1000 * Returns a clone if the delegate is cloneable.
1001 *
1002 * @return a clone if the delegate is cloneable.
1003 *
1004 * @exception CloneNotSupportedException if this is called on a
1005 * delegate that does not support {@code Cloneable}.
1006 */
1007 public Object clone() throws CloneNotSupportedException {
1008 chooseFirstProvider();
1009 if (sigSpi instanceof Cloneable) {
1010 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
1011 // Because 'algorithm' and 'provider' are private
1012 // members of our supertype, we must perform a cast to
1013 // access them.
1014 Signature that =
1015 new Delegate(sigSpiClone, ((Signature)this).algorithm);
1016 that.provider = ((Signature)this).provider;
1017 return that;
1018 } else {
1019 throw new CloneNotSupportedException();
1020 }
1021 }
1022
1023 private static SignatureSpi newInstance(Service s)
1024 throws NoSuchAlgorithmException {
1025 if (s.getType().equals("Cipher")) {
1026 // must be NONEwithRSA
1027 try {
1028 Cipher c = Cipher.getInstance(RSA_CIPHER, s.getProvider());
1029 return new CipherAdapter(c);
1030 } catch (NoSuchPaddingException e) {
1031 throw new NoSuchAlgorithmException(e);
1032 }
1033 } else {
1034 Object o = s.newInstance(null);
1035 if (o instanceof SignatureSpi == false) {
1036 throw new NoSuchAlgorithmException
1037 ("Not a SignatureSpi: " + o.getClass().getName());
1038 }
1039 return (SignatureSpi)o;
1040 }
1041 }
1042
1043 // max number of debug warnings to print from chooseFirstProvider()
1044 private static int warnCount = 10;
1045
1046 /**
1047 * Choose the Spi from the first provider available. Used if
1048 * delayed provider selection is not possible because initSign()/
1049 * initVerify() is not the first method called.
1050 */
1051 void chooseFirstProvider() {
1052 if (sigSpi != null) {
1053 return;
1054 }
1055 synchronized (lock) {
1056 if (sigSpi != null) {
1057 return;
1058 }
1059 if (debug != null) {
1060 int w = --warnCount;
1061 if (w >= 0) {
1062 debug.println("Signature.init() not first method "
1063 + "called, disabling delayed provider selection");
1064 if (w == 0) {
1065 debug.println("Further warnings of this type will "
1066 + "be suppressed");
1067 }
1068 new Exception("Call trace").printStackTrace();
1069 }
1070 }
1071 Exception lastException = null;
1072 while ((firstService != null) || serviceIterator.hasNext()) {
1073 Service s;
1074 if (firstService != null) {
1075 s = firstService;
1076 firstService = null;
1077 } else {
1078 s = serviceIterator.next();
1079 }
1080 if (isSpi(s) == false) {
1081 continue;
1082 }
1083 try {
1084 sigSpi = newInstance(s);
1085 provider = s.getProvider();
1086 // not needed any more
1087 firstService = null;
1088 serviceIterator = null;
1089 return;
1090 } catch (NoSuchAlgorithmException e) {
1091 lastException = e;
1092 }
1093 }
1094 ProviderException e = new ProviderException
1095 ("Could not construct SignatureSpi instance");
1096 if (lastException != null) {
1097 e.initCause(lastException);
1098 }
1099 throw e;
1100 }
1101 }
1102
1103 private void chooseProvider(int type, Key key, SecureRandom random)
1104 throws InvalidKeyException {
1105 synchronized (lock) {
1106 if (sigSpi != null) {
1107 init(sigSpi, type, key, random);
1108 return;
1109 }
1110 Exception lastException = null;
1111 while ((firstService != null) || serviceIterator.hasNext()) {
1112 Service s;
1113 if (firstService != null) {
1114 s = firstService;
1115 firstService = null;
1116 } else {
1117 s = serviceIterator.next();
1118 }
1119 // if provider says it does not support this key, ignore it
1120 if (s.supportsParameter(key) == false) {
1121 continue;
1122 }
1123 // if instance is not a SignatureSpi, ignore it
1124 if (isSpi(s) == false) {
1125 continue;
1126 }
1127 try {
1128 SignatureSpi spi = newInstance(s);
1129 init(spi, type, key, random);
1130 provider = s.getProvider();
1131 sigSpi = spi;
1132 firstService = null;
1133 serviceIterator = null;
1134 return;
1135 } catch (Exception e) {
1136 // NoSuchAlgorithmException from newInstance()
1137 // InvalidKeyException from init()
1138 // RuntimeException (ProviderException) from init()
1139 if (lastException == null) {
1140 lastException = e;
1141 }
1142 }
1143 }
1144 // no working provider found, fail
1145 if (lastException instanceof InvalidKeyException) {
1146 throw (InvalidKeyException)lastException;
1147 }
1148 if (lastException instanceof RuntimeException) {
1149 throw (RuntimeException)lastException;
1150 }
1151 String k = (key != null) ? key.getClass().getName() : "(null)";
1152 throw new InvalidKeyException
1153 ("No installed provider supports this key: "
1154 + k, lastException);
1155 }
1156 }
1157
1158 private static final int I_PUB = 1;
1159 private static final int I_PRIV = 2;
1160 private static final int I_PRIV_SR = 3;
1161
1162 private void init(SignatureSpi spi, int type, Key key,
1163 SecureRandom random) throws InvalidKeyException {
1164 switch (type) {
1165 case I_PUB:
1166 spi.engineInitVerify((PublicKey)key);
1167 break;
1168 case I_PRIV:
1169 spi.engineInitSign((PrivateKey)key);
1170 break;
1171 case I_PRIV_SR:
1172 spi.engineInitSign((PrivateKey)key, random);
1173 break;
1174 default:
1175 throw new AssertionError("Internal error: " + type);
1176 }
1177 }
1178
1179 protected void engineInitVerify(PublicKey publicKey)
1180 throws InvalidKeyException {
1181 if (sigSpi != null) {
1182 sigSpi.engineInitVerify(publicKey);
1183 } else {
1184 chooseProvider(I_PUB, publicKey, null);
1185 }
1186 }
1187
1188 protected void engineInitSign(PrivateKey privateKey)
1189 throws InvalidKeyException {
1190 if (sigSpi != null) {
1191 sigSpi.engineInitSign(privateKey);
1192 } else {
1193 chooseProvider(I_PRIV, privateKey, null);
1194 }
1195 }
1196
1197 protected void engineInitSign(PrivateKey privateKey, SecureRandom sr)
1198 throws InvalidKeyException {
1199 if (sigSpi != null) {
1200 sigSpi.engineInitSign(privateKey, sr);
1201 } else {
1202 chooseProvider(I_PRIV_SR, privateKey, sr);
1203 }
1204 }
1205
1206 protected void engineUpdate(byte b) throws SignatureException {
1207 chooseFirstProvider();
1208 sigSpi.engineUpdate(b);
1209 }
1210
1211 protected void engineUpdate(byte[] b, int off, int len)
1212 throws SignatureException {
1213 chooseFirstProvider();
1214 sigSpi.engineUpdate(b, off, len);
1215 }
1216
1217 protected void engineUpdate(ByteBuffer data) {
1218 chooseFirstProvider();
1219 sigSpi.engineUpdate(data);
1220 }
1221
1222 protected byte[] engineSign() throws SignatureException {
1223 chooseFirstProvider();
1224 return sigSpi.engineSign();
1225 }
1226
1227 protected int engineSign(byte[] outbuf, int offset, int len)
1228 throws SignatureException {
1229 chooseFirstProvider();
1230 return sigSpi.engineSign(outbuf, offset, len);
1231 }
1232
1233 protected boolean engineVerify(byte[] sigBytes)
1234 throws SignatureException {
1235 chooseFirstProvider();
1236 return sigSpi.engineVerify(sigBytes);
1237 }
1238
1239 protected boolean engineVerify(byte[] sigBytes, int offset, int length)
1240 throws SignatureException {
1241 chooseFirstProvider();
1242 return sigSpi.engineVerify(sigBytes, offset, length);
1243 }
1244
1245 protected void engineSetParameter(String param, Object value)
1246 throws InvalidParameterException {
1247 chooseFirstProvider();
1248 sigSpi.engineSetParameter(param, value);
1249 }
1250
1251 protected void engineSetParameter(AlgorithmParameterSpec params)
1252 throws InvalidAlgorithmParameterException {
1253 chooseFirstProvider();
1254 sigSpi.engineSetParameter(params);
1255 }
1256
1257 protected Object engineGetParameter(String param)
1258 throws InvalidParameterException {
1259 chooseFirstProvider();
1260 return sigSpi.engineGetParameter(param);
1261 }
1262
1263 protected AlgorithmParameters engineGetParameters() {
1264 chooseFirstProvider();
1265 return sigSpi.engineGetParameters();
1266 }
1267 }
1268
1269 // adapter for RSA/ECB/PKCS1Padding ciphers
1270 @SuppressWarnings("deprecation")
1271 private static class CipherAdapter extends SignatureSpi {
1272
1273 private final Cipher cipher;
1274
1275 private ByteArrayOutputStream data;
1276
1277 CipherAdapter(Cipher cipher) {
1278 this.cipher = cipher;
1279 }
1280
1281 protected void engineInitVerify(PublicKey publicKey)
1282 throws InvalidKeyException {
1283 cipher.init(Cipher.DECRYPT_MODE, publicKey);
1284 if (data == null) {
1285 data = new ByteArrayOutputStream(128);
1286 } else {
1287 data.reset();
1288 }
1289 }
1290
1291 protected void engineInitSign(PrivateKey privateKey)
1292 throws InvalidKeyException {
1293 cipher.init(Cipher.ENCRYPT_MODE, privateKey);
1294 data = null;
1295 }
1296
1297 protected void engineInitSign(PrivateKey privateKey,
1298 SecureRandom random) throws InvalidKeyException {
1299 cipher.init(Cipher.ENCRYPT_MODE, privateKey, random);
1300 data = null;
1301 }
1302
1303 protected void engineUpdate(byte b) throws SignatureException {
1304 engineUpdate(new byte[] {b}, 0, 1);
1305 }
1306
1307 protected void engineUpdate(byte[] b, int off, int len)
1308 throws SignatureException {
1309 if (data != null) {
1310 data.write(b, off, len);
1311 return;
1312 }
1313 byte[] out = cipher.update(b, off, len);
1314 if ((out != null) && (out.length != 0)) {
1315 throw new SignatureException
1316 ("Cipher unexpectedly returned data");
1317 }
1318 }
1319
1320 protected byte[] engineSign() throws SignatureException {
1321 try {
1322 return cipher.doFinal();
1323 } catch (IllegalBlockSizeException e) {
1324 throw new SignatureException("doFinal() failed", e);
1325 } catch (BadPaddingException e) {
1326 throw new SignatureException("doFinal() failed", e);
1327 }
1328 }
1329
1330 protected boolean engineVerify(byte[] sigBytes)
1331 throws SignatureException {
1332 try {
1333 byte[] out = cipher.doFinal(sigBytes);
1334 byte[] dataBytes = data.toByteArray();
1335 data.reset();
1336 return MessageDigest.isEqual(out, dataBytes);
1337 } catch (BadPaddingException e) {
1338 // e.g. wrong public key used
1339 // return false rather than throwing exception
1340 return false;
1341 } catch (IllegalBlockSizeException e) {
1342 throw new SignatureException("doFinal() failed", e);
1343 }
1344 }
1345
1346 protected void engineSetParameter(String param, Object value)
1347 throws InvalidParameterException {
1348 throw new InvalidParameterException("Parameters not supported");
1349 }
1350
1351 protected Object engineGetParameter(String param)
1352 throws InvalidParameterException {
1353 throw new InvalidParameterException("Parameters not supported");
1354 }
1355
1356 }
1357
1358 }