1 /*
2 * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
25
26 package sun.security.x509;
27
28 import java.io.BufferedReader;
29 import java.io.BufferedInputStream;
30 import java.io.ByteArrayOutputStream;
31 import java.io.IOException;
32 import java.io.InputStream;
33 import java.io.InputStreamReader;
34 import java.io.OutputStream;
35 import java.math.BigInteger;
36 import java.security.*;
37 import java.security.spec.AlgorithmParameterSpec;
38 import java.security.cert.*;
39 import java.security.cert.Certificate;
40 import java.util.*;
41 import java.util.concurrent.ConcurrentHashMap;
42
43 import javax.security.auth.x500.X500Principal;
44
45 import java.util.Base64;
46 import sun.security.util.*;
47 import sun.security.provider.X509Factory;
48
49 /**
50 * The X509CertImpl class represents an X.509 certificate. These certificates
51 * are widely used to support authentication and other functionality in
52 * Internet security systems. Common applications include Privacy Enhanced
53 * Mail (PEM), Transport Layer Security (SSL), code signing for trusted
54 * software distribution, and Secure Electronic Transactions (SET). There
55 * is a commercial infrastructure ready to manage large scale deployments
56 * of X.509 identity certificates.
57 *
58 * <P>These certificates are managed and vouched for by <em>Certificate
59 * Authorities</em> (CAs). CAs are services which create certificates by
60 * placing data in the X.509 standard format and then digitally signing
61 * that data. Such signatures are quite difficult to forge. CAs act as
62 * trusted third parties, making introductions between agents who have no
63 * direct knowledge of each other. CA certificates are either signed by
64 * themselves, or by some other CA such as a "root" CA.
65 *
588 * @exception SignatureException on signature errors
589 * @exception CertificateException on encoding errors
590 */
591 public void sign(PrivateKey key, AlgorithmParameterSpec signingParams,
592 String algorithm, String provider)
593 throws CertificateException, NoSuchAlgorithmException,
594 InvalidKeyException, InvalidAlgorithmParameterException,
595 NoSuchProviderException, SignatureException {
596 try {
597 if (readOnly)
598 throw new CertificateEncodingException(
599 "cannot over-write existing certificate");
600 Signature sigEngine = null;
601 if (provider == null || provider.isEmpty())
602 sigEngine = Signature.getInstance(algorithm);
603 else
604 sigEngine = Signature.getInstance(algorithm, provider);
605
606 sigEngine.initSign(key);
607
608 // set parameters after Signature.initSign/initVerify call, so
609 // the deferred provider selection happens when the key is set
610 try {
611 sigEngine.setParameter(signingParams);
612 } catch (UnsupportedOperationException e) {
613 // for backward compatibility, only re-throw when
614 // parameters is not null
615 if (signingParams != null) throw e;
616 }
617
618 // in case the name is reset
619 if (signingParams != null) {
620 algId = AlgorithmId.get(sigEngine.getParameters());
621 } else {
622 algId = AlgorithmId.get(algorithm);
623 }
624 DerOutputStream out = new DerOutputStream();
625 DerOutputStream tmp = new DerOutputStream();
626
627 // encode certificate info
628 info.encode(tmp);
629 byte[] rawCert = tmp.toByteArray();
630
631 // encode algorithm identifier
632 algId.encode(tmp);
633
634 // Create and encode the signature itself.
635 sigEngine.update(rawCert, 0, rawCert.length);
|
1 /*
2 * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
25
26 package sun.security.x509;
27
28 import java.io.BufferedReader;
29 import java.io.BufferedInputStream;
30 import java.io.ByteArrayOutputStream;
31 import java.io.IOException;
32 import java.io.InputStream;
33 import java.io.InputStreamReader;
34 import java.io.OutputStream;
35 import java.math.BigInteger;
36 import java.security.*;
37 import java.security.spec.AlgorithmParameterSpec;
38 import java.security.cert.*;
39 import java.security.cert.Certificate;
40 import java.util.*;
41 import java.util.concurrent.ConcurrentHashMap;
42
43 import javax.security.auth.x500.X500Principal;
44
45 import sun.security.util.*;
46 import sun.security.provider.X509Factory;
47
48 /**
49 * The X509CertImpl class represents an X.509 certificate. These certificates
50 * are widely used to support authentication and other functionality in
51 * Internet security systems. Common applications include Privacy Enhanced
52 * Mail (PEM), Transport Layer Security (SSL), code signing for trusted
53 * software distribution, and Secure Electronic Transactions (SET). There
54 * is a commercial infrastructure ready to manage large scale deployments
55 * of X.509 identity certificates.
56 *
57 * <P>These certificates are managed and vouched for by <em>Certificate
58 * Authorities</em> (CAs). CAs are services which create certificates by
59 * placing data in the X.509 standard format and then digitally signing
60 * that data. Such signatures are quite difficult to forge. CAs act as
61 * trusted third parties, making introductions between agents who have no
62 * direct knowledge of each other. CA certificates are either signed by
63 * themselves, or by some other CA such as a "root" CA.
64 *
587 * @exception SignatureException on signature errors
588 * @exception CertificateException on encoding errors
589 */
590 public void sign(PrivateKey key, AlgorithmParameterSpec signingParams,
591 String algorithm, String provider)
592 throws CertificateException, NoSuchAlgorithmException,
593 InvalidKeyException, InvalidAlgorithmParameterException,
594 NoSuchProviderException, SignatureException {
595 try {
596 if (readOnly)
597 throw new CertificateEncodingException(
598 "cannot over-write existing certificate");
599 Signature sigEngine = null;
600 if (provider == null || provider.isEmpty())
601 sigEngine = Signature.getInstance(algorithm);
602 else
603 sigEngine = Signature.getInstance(algorithm, provider);
604
605 sigEngine.initSign(key);
606
607 if (signingParams != null) {
608 // set parameters after Signature.initSign/initVerify call, so
609 // the deferred provider selection happens when the key is set
610 sigEngine.setParameter(signingParams);
611 }
612
613 // in case the name is reset
614 if (signingParams != null) {
615 algId = AlgorithmId.get(sigEngine.getParameters());
616 } else {
617 algId = AlgorithmId.get(algorithm);
618 }
619 DerOutputStream out = new DerOutputStream();
620 DerOutputStream tmp = new DerOutputStream();
621
622 // encode certificate info
623 info.encode(tmp);
624 byte[] rawCert = tmp.toByteArray();
625
626 // encode algorithm identifier
627 algId.encode(tmp);
628
629 // Create and encode the signature itself.
630 sigEngine.update(rawCert, 0, rawCert.length);
|