1 /*
2 * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.security.spec.AlgorithmParameterSpec;
29 import java.util.*;
30 import java.util.concurrent.ConcurrentHashMap;
31 import java.io.*;
32 import java.security.cert.Certificate;
33 import java.security.cert.X509Certificate;
34
35 import java.nio.ByteBuffer;
36
37 import java.security.Provider.Service;
38
39 import javax.crypto.Cipher;
40 import javax.crypto.CipherSpi;
41 import javax.crypto.IllegalBlockSizeException;
42 import javax.crypto.BadPaddingException;
43 import javax.crypto.NoSuchPaddingException;
44
45 import sun.security.util.Debug;
46 import sun.security.jca.*;
47 import sun.security.jca.GetInstance.Instance;
48
49 /**
50 * The Signature class is used to provide applications the functionality
51 * of a digital signature algorithm. Digital signatures are used for
52 * authentication and integrity assurance of digital data.
53 *
54 * <p> The signature algorithm can be, among others, the NIST standard
55 * DSA, using DSA and SHA-1. The DSA algorithm using the
56 * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}.
57 * In the case of RSA, there are multiple choices for the message digest
58 * algorithm, so the signing algorithm could be specified as, for example,
59 * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}.
60 * The algorithm name must be specified, as there is no default.
61 *
62 * <p> A Signature object can be used to generate and verify digital
63 * signatures.
64 *
65 * <p> There are three phases to the use of a Signature object for
66 * either signing data or verifying a signature:<ol>
67 *
68 * <li>Initialization, with either
69 *
70 * <ul>
71 *
72 * <li>a public key, which initializes the signature for
73 * verification (see {@link #initVerify(PublicKey) initVerify}), or
74 *
75 * <li>a private key (and optionally a Secure Random Number Generator),
76 * which initializes the signature for signing
77 * (see {@link #initSign(PrivateKey)}
78 * and {@link #initSign(PrivateKey, SecureRandom)}).
79 *
80 * </ul>
81 *
82 * <li>Updating
83 *
84 * <p>Depending on the type of initialization, this will update the
85 * bytes to be signed or verified. See the
86 * {@link #update(byte) update} methods.
87 *
88 * <li>Signing or Verifying a signature on all updated bytes. See the
89 * {@link #sign() sign} methods and the {@link #verify(byte[]) verify}
90 * method.
91 *
92 * </ol>
93 *
94 * <p>Note that this class is abstract and extends from
95 * {@code SignatureSpi} for historical reasons.
96 * Application developers should only take notice of the methods defined in
97 * this {@code Signature} class; all the methods in
98 * the superclass are intended for cryptographic service providers who wish to
99 * supply their own implementations of digital signature algorithms.
100 *
101 * <p> Every implementation of the Java platform is required to support the
102 * following standard {@code Signature} algorithms:
103 * <ul>
104 * <li>{@code SHA1withDSA}</li>
105 * <li>{@code SHA1withRSA}</li>
106 * <li>{@code SHA256withRSA}</li>
107 * </ul>
108 * These algorithms are described in the <a href=
109 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
110 * Signature section</a> of the
111 * Java Cryptography Architecture Standard Algorithm Name Documentation.
112 * Consult the release documentation for your implementation to see if any
113 * other algorithms are supported.
114 *
115 * @author Benjamin Renaud
116 *
117 */
118
119 public abstract class Signature extends SignatureSpi {
120
121 private static final Debug debug =
122 Debug.getInstance("jca", "Signature");
123
124 private static final Debug pdebug =
125 Debug.getInstance("provider", "Provider");
126 private static final boolean skipDebug =
127 Debug.isOn("engine=") && !Debug.isOn("signature");
128
129 /*
130 * The algorithm for this signature object.
131 * This value is used to map an OID to the particular algorithm.
132 * The mapping is done in AlgorithmObject.algOID(String algorithm)
133 */
134 private String algorithm;
135
136 // The provider
137 Provider provider;
138
139 /**
140 * Possible {@link #state} value, signifying that
141 * this signature object has not yet been initialized.
142 */
143 protected final static int UNINITIALIZED = 0;
144
145 /**
146 * Possible {@link #state} value, signifying that
147 * this signature object has been initialized for signing.
148 */
149 protected final static int SIGN = 2;
150
151 /**
152 * Possible {@link #state} value, signifying that
153 * this signature object has been initialized for verification.
154 */
155 protected final static int VERIFY = 3;
156
157 /**
158 * Current state of this signature object.
159 */
160 protected int state = UNINITIALIZED;
161
162 /**
163 * Creates a Signature object for the specified algorithm.
164 *
165 * @param algorithm the standard string name of the algorithm.
166 * See the Signature section in the <a href=
167 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
168 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
169 * for information about standard algorithm names.
170 */
171 protected Signature(String algorithm) {
172 this.algorithm = algorithm;
173 }
174
175 // name of the special signature alg
176 private final static String RSA_SIGNATURE = "NONEwithRSA";
177
178 // name of the equivalent cipher alg
179 private final static String RSA_CIPHER = "RSA/ECB/PKCS1Padding";
180
181 // all the services we need to lookup for compatibility with Cipher
182 private final static List<ServiceId> rsaIds = Arrays.asList(
183 new ServiceId[] {
184 new ServiceId("Signature", "NONEwithRSA"),
185 new ServiceId("Cipher", "RSA/ECB/PKCS1Padding"),
186 new ServiceId("Cipher", "RSA/ECB"),
187 new ServiceId("Cipher", "RSA//PKCS1Padding"),
188 new ServiceId("Cipher", "RSA"),
189 }
190 );
191
192 /**
193 * Returns a Signature object that implements the specified signature
194 * algorithm.
195 *
196 * <p> This method traverses the list of registered security Providers,
197 * starting with the most preferred Provider.
198 * A new Signature object encapsulating the
199 * SignatureSpi implementation from the first
200 * Provider that supports the specified algorithm is returned.
201 *
202 * <p> Note that the list of registered providers may be retrieved via
203 * the {@link Security#getProviders() Security.getProviders()} method.
204 *
205 * @param algorithm the standard name of the algorithm requested.
206 * See the Signature section in the <a href=
207 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
208 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
209 * for information about standard algorithm names.
210 *
211 * @return the new Signature object.
212 *
213 * @exception NoSuchAlgorithmException if no Provider supports a
214 * Signature implementation for the
215 * specified algorithm.
216 *
217 * @see Provider
218 */
219 public static Signature getInstance(String algorithm)
220 throws NoSuchAlgorithmException {
221 List<Service> list;
222 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
223 list = GetInstance.getServices(rsaIds);
224 } else {
225 list = GetInstance.getServices("Signature", algorithm);
226 }
227 Iterator<Service> t = list.iterator();
228 if (t.hasNext() == false) {
229 throw new NoSuchAlgorithmException
230 (algorithm + " Signature not available");
231 }
232 // try services until we find an Spi or a working Signature subclass
233 NoSuchAlgorithmException failure;
234 do {
235 Service s = t.next();
236 if (isSpi(s)) {
237 return new Delegate(s, t, algorithm);
238 } else {
239 // must be a subclass of Signature, disable dynamic selection
240 try {
241 Instance instance =
242 GetInstance.getInstance(s, SignatureSpi.class);
243 return getInstance(instance, algorithm);
244 } catch (NoSuchAlgorithmException e) {
245 failure = e;
246 }
247 }
248 } while (t.hasNext());
249 throw failure;
250 }
251
252 private static Signature getInstance(Instance instance, String algorithm) {
253 Signature sig;
254 if (instance.impl instanceof Signature) {
255 sig = (Signature)instance.impl;
256 sig.algorithm = algorithm;
257 } else {
258 SignatureSpi spi = (SignatureSpi)instance.impl;
259 sig = new Delegate(spi, algorithm);
260 }
261 sig.provider = instance.provider;
262 return sig;
263 }
264
265 private final static Map<String,Boolean> signatureInfo;
266
267 static {
268 signatureInfo = new ConcurrentHashMap<String,Boolean>();
269 Boolean TRUE = Boolean.TRUE;
270 // pre-initialize with values for our SignatureSpi implementations
271 signatureInfo.put("sun.security.provider.DSA$RawDSA", TRUE);
272 signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", TRUE);
273 signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", TRUE);
274 signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", TRUE);
275 signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", TRUE);
276 signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE);
277 signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
278 signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
279 signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
280 signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
281 }
282
283 private static boolean isSpi(Service s) {
284 if (s.getType().equals("Cipher")) {
285 // must be a CipherSpi, which we can wrap with the CipherAdapter
286 return true;
287 }
288 String className = s.getClassName();
289 Boolean result = signatureInfo.get(className);
290 if (result == null) {
291 try {
292 Object instance = s.newInstance(null);
293 // Signature extends SignatureSpi
294 // so it is a "real" Spi if it is an
295 // instance of SignatureSpi but not Signature
296 boolean r = (instance instanceof SignatureSpi)
297 && (instance instanceof Signature == false);
298 if ((debug != null) && (r == false)) {
299 debug.println("Not a SignatureSpi " + className);
300 debug.println("Delayed provider selection may not be "
301 + "available for algorithm " + s.getAlgorithm());
302 }
303 result = Boolean.valueOf(r);
304 signatureInfo.put(className, result);
305 } catch (Exception e) {
306 // something is wrong, assume not an SPI
307 return false;
308 }
309 }
310 return result.booleanValue();
311 }
312
313 /**
314 * Returns a Signature object that implements the specified signature
315 * algorithm.
316 *
317 * <p> A new Signature object encapsulating the
318 * SignatureSpi implementation from the specified provider
319 * is returned. The specified provider must be registered
320 * in the security provider list.
321 *
322 * <p> Note that the list of registered providers may be retrieved via
323 * the {@link Security#getProviders() Security.getProviders()} method.
324 *
325 * @param algorithm the name of the algorithm requested.
326 * See the Signature section in the <a href=
327 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
328 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
329 * for information about standard algorithm names.
330 *
331 * @param provider the name of the provider.
332 *
333 * @return the new Signature object.
334 *
335 * @exception NoSuchAlgorithmException if a SignatureSpi
336 * implementation for the specified algorithm is not
337 * available from the specified provider.
338 *
339 * @exception NoSuchProviderException if the specified provider is not
340 * registered in the security provider list.
341 *
342 * @exception IllegalArgumentException if the provider name is null
343 * or empty.
344 *
345 * @see Provider
346 */
347 public static Signature getInstance(String algorithm, String provider)
348 throws NoSuchAlgorithmException, NoSuchProviderException {
349 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
350 // exception compatibility with existing code
351 if ((provider == null) || (provider.length() == 0)) {
352 throw new IllegalArgumentException("missing provider");
353 }
354 Provider p = Security.getProvider(provider);
355 if (p == null) {
356 throw new NoSuchProviderException
357 ("no such provider: " + provider);
358 }
359 return getInstanceRSA(p);
360 }
361 Instance instance = GetInstance.getInstance
362 ("Signature", SignatureSpi.class, algorithm, provider);
363 return getInstance(instance, algorithm);
364 }
365
366 /**
367 * Returns a Signature object that implements the specified
368 * signature algorithm.
369 *
370 * <p> A new Signature object encapsulating the
371 * SignatureSpi implementation from the specified Provider
372 * object is returned. Note that the specified Provider object
373 * does not have to be registered in the provider list.
374 *
375 * @param algorithm the name of the algorithm requested.
376 * See the Signature section in the <a href=
377 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
378 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
379 * for information about standard algorithm names.
380 *
381 * @param provider the provider.
382 *
383 * @return the new Signature object.
384 *
385 * @exception NoSuchAlgorithmException if a SignatureSpi
386 * implementation for the specified algorithm is not available
387 * from the specified Provider object.
388 *
389 * @exception IllegalArgumentException if the provider is null.
390 *
391 * @see Provider
392 *
393 * @since 1.4
394 */
395 public static Signature getInstance(String algorithm, Provider provider)
396 throws NoSuchAlgorithmException {
397 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
398 // exception compatibility with existing code
399 if (provider == null) {
400 throw new IllegalArgumentException("missing provider");
401 }
402 return getInstanceRSA(provider);
403 }
404 Instance instance = GetInstance.getInstance
405 ("Signature", SignatureSpi.class, algorithm, provider);
406 return getInstance(instance, algorithm);
407 }
408
409 // return an implementation for NONEwithRSA, which is a special case
410 // because of the Cipher.RSA/ECB/PKCS1Padding compatibility wrapper
411 private static Signature getInstanceRSA(Provider p)
412 throws NoSuchAlgorithmException {
413 // try Signature first
414 Service s = p.getService("Signature", RSA_SIGNATURE);
415 if (s != null) {
416 Instance instance = GetInstance.getInstance(s, SignatureSpi.class);
417 return getInstance(instance, RSA_SIGNATURE);
418 }
419 // check Cipher
420 try {
421 Cipher c = Cipher.getInstance(RSA_CIPHER, p);
422 return new Delegate(new CipherAdapter(c), RSA_SIGNATURE);
423 } catch (GeneralSecurityException e) {
424 // throw Signature style exception message to avoid confusion,
425 // but append Cipher exception as cause
426 throw new NoSuchAlgorithmException("no such algorithm: "
427 + RSA_SIGNATURE + " for provider " + p.getName(), e);
428 }
429 }
430
431 /**
432 * Returns the provider of this signature object.
433 *
434 * @return the provider of this signature object
435 */
436 public final Provider getProvider() {
437 chooseFirstProvider();
438 return this.provider;
439 }
440
441 void chooseFirstProvider() {
442 // empty, overridden in Delegate
443 }
444
445 /**
446 * Initializes this object for verification. If this method is called
447 * again with a different argument, it negates the effect
448 * of this call.
449 *
450 * @param publicKey the public key of the identity whose signature is
451 * going to be verified.
452 *
453 * @exception InvalidKeyException if the key is invalid.
454 */
455 public final void initVerify(PublicKey publicKey)
456 throws InvalidKeyException {
457 engineInitVerify(publicKey);
458 state = VERIFY;
459
460 if (!skipDebug && pdebug != null) {
461 pdebug.println("Signature." + algorithm +
462 " verification algorithm from: " + this.provider.getName());
463 }
464 }
465
466 /**
467 * Initializes this object for verification, using the public key from
468 * the given certificate.
469 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
470 * extension field marked as critical, and the value of the <i>key usage</i>
471 * extension field implies that the public key in
472 * the certificate and its corresponding private key are not
473 * supposed to be used for digital signatures, an
474 * {@code InvalidKeyException} is thrown.
475 *
476 * @param certificate the certificate of the identity whose signature is
477 * going to be verified.
478 *
479 * @exception InvalidKeyException if the public key in the certificate
480 * is not encoded properly or does not include required parameter
481 * information or cannot be used for digital signature purposes.
482 * @since 1.3
483 */
484 public final void initVerify(Certificate certificate)
485 throws InvalidKeyException {
486 // If the certificate is of type X509Certificate,
487 // we should check whether it has a Key Usage
488 // extension marked as critical.
489 if (certificate instanceof java.security.cert.X509Certificate) {
490 // Check whether the cert has a key usage extension
491 // marked as a critical extension.
492 // The OID for KeyUsage extension is 2.5.29.15.
493 X509Certificate cert = (X509Certificate)certificate;
494 Set<String> critSet = cert.getCriticalExtensionOIDs();
495
496 if (critSet != null && !critSet.isEmpty()
497 && critSet.contains("2.5.29.15")) {
498 boolean[] keyUsageInfo = cert.getKeyUsage();
499 // keyUsageInfo[0] is for digitalSignature.
500 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
501 throw new InvalidKeyException("Wrong key usage");
502 }
503 }
504
505 PublicKey publicKey = certificate.getPublicKey();
506 engineInitVerify(publicKey);
507 state = VERIFY;
508
509 if (!skipDebug && pdebug != null) {
510 pdebug.println("Signature." + algorithm +
511 " verification algorithm from: " + this.provider.getName());
512 }
513 }
514
515 /**
516 * Initialize this object for signing. If this method is called
517 * again with a different argument, it negates the effect
518 * of this call.
519 *
520 * @param privateKey the private key of the identity whose signature
521 * is going to be generated.
522 *
523 * @exception InvalidKeyException if the key is invalid.
524 */
525 public final void initSign(PrivateKey privateKey)
526 throws InvalidKeyException {
527 engineInitSign(privateKey);
528 state = SIGN;
529
530 if (!skipDebug && pdebug != null) {
531 pdebug.println("Signature." + algorithm +
532 " signing algorithm from: " + this.provider.getName());
533 }
534 }
535
536 /**
537 * Initialize this object for signing. If this method is called
538 * again with a different argument, it negates the effect
539 * of this call.
540 *
541 * @param privateKey the private key of the identity whose signature
542 * is going to be generated.
543 *
544 * @param random the source of randomness for this signature.
545 *
546 * @exception InvalidKeyException if the key is invalid.
547 */
548 public final void initSign(PrivateKey privateKey, SecureRandom random)
549 throws InvalidKeyException {
550 engineInitSign(privateKey, random);
551 state = SIGN;
552
553 if (!skipDebug && pdebug != null) {
554 pdebug.println("Signature." + algorithm +
555 " signing algorithm from: " + this.provider.getName());
556 }
557 }
558
559 /**
560 * Returns the signature bytes of all the data updated.
561 * The format of the signature depends on the underlying
562 * signature scheme.
563 *
564 * <p>A call to this method resets this signature object to the state
565 * it was in when previously initialized for signing via a
566 * call to {@code initSign(PrivateKey)}. That is, the object is
567 * reset and available to generate another signature from the same
568 * signer, if desired, via new calls to {@code update} and
569 * {@code sign}.
570 *
571 * @return the signature bytes of the signing operation's result.
572 *
573 * @exception SignatureException if this signature object is not
574 * initialized properly or if this signature algorithm is unable to
575 * process the input data provided.
576 */
577 public final byte[] sign() throws SignatureException {
578 if (state == SIGN) {
579 return engineSign();
580 }
581 throw new SignatureException("object not initialized for " +
582 "signing");
583 }
584
585 /**
586 * Finishes the signature operation and stores the resulting signature
587 * bytes in the provided buffer {@code outbuf}, starting at
588 * {@code offset}.
589 * The format of the signature depends on the underlying
590 * signature scheme.
591 *
592 * <p>This signature object is reset to its initial state (the state it
593 * was in after a call to one of the {@code initSign} methods) and
594 * can be reused to generate further signatures with the same private key.
595 *
596 * @param outbuf buffer for the signature result.
597 *
598 * @param offset offset into {@code outbuf} where the signature is
599 * stored.
600 *
601 * @param len number of bytes within {@code outbuf} allotted for the
602 * signature.
603 *
604 * @return the number of bytes placed into {@code outbuf}.
605 *
606 * @exception SignatureException if this signature object is not
607 * initialized properly, if this signature algorithm is unable to
608 * process the input data provided, or if {@code len} is less
609 * than the actual signature length.
610 * @exception IllegalArgumentException if {@code outbuf} is {@code null},
611 * or {@code offset} or {@code len} is less than 0, or the sum of
612 * {@code offset} and {@code len} is greater than the length of
613 * {@code outbuf}.
614 *
615 * @since 1.2
616 */
617 public final int sign(byte[] outbuf, int offset, int len)
618 throws SignatureException {
619 if (outbuf == null) {
620 throw new IllegalArgumentException("No output buffer given");
621 }
622 if (offset < 0 || len < 0) {
623 throw new IllegalArgumentException("offset or len is less than 0");
624 }
625 if (outbuf.length - offset < len) {
626 throw new IllegalArgumentException
627 ("Output buffer too small for specified offset and length");
628 }
629 if (state != SIGN) {
630 throw new SignatureException("object not initialized for " +
631 "signing");
632 }
633 return engineSign(outbuf, offset, len);
634 }
635
636 /**
637 * Verifies the passed-in signature.
638 *
639 * <p>A call to this method resets this signature object to the state
640 * it was in when previously initialized for verification via a
641 * call to {@code initVerify(PublicKey)}. That is, the object is
642 * reset and available to verify another signature from the identity
643 * whose public key was specified in the call to {@code initVerify}.
644 *
645 * @param signature the signature bytes to be verified.
646 *
647 * @return true if the signature was verified, false if not.
648 *
649 * @exception SignatureException if this signature object is not
650 * initialized properly, the passed-in signature is improperly
651 * encoded or of the wrong type, if this signature algorithm is unable to
652 * process the input data provided, etc.
653 */
654 public final boolean verify(byte[] signature) throws SignatureException {
655 if (state == VERIFY) {
656 return engineVerify(signature);
657 }
658 throw new SignatureException("object not initialized for " +
659 "verification");
660 }
661
662 /**
663 * Verifies the passed-in signature in the specified array
664 * of bytes, starting at the specified offset.
665 *
666 * <p>A call to this method resets this signature object to the state
667 * it was in when previously initialized for verification via a
668 * call to {@code initVerify(PublicKey)}. That is, the object is
669 * reset and available to verify another signature from the identity
670 * whose public key was specified in the call to {@code initVerify}.
671 *
672 *
673 * @param signature the signature bytes to be verified.
674 * @param offset the offset to start from in the array of bytes.
675 * @param length the number of bytes to use, starting at offset.
676 *
677 * @return true if the signature was verified, false if not.
678 *
679 * @exception SignatureException if this signature object is not
680 * initialized properly, the passed-in signature is improperly
681 * encoded or of the wrong type, if this signature algorithm is unable to
682 * process the input data provided, etc.
683 * @exception IllegalArgumentException if the {@code signature}
684 * byte array is null, or the {@code offset} or {@code length}
685 * is less than 0, or the sum of the {@code offset} and
686 * {@code length} is greater than the length of the
687 * {@code signature} byte array.
688 * @since 1.4
689 */
690 public final boolean verify(byte[] signature, int offset, int length)
691 throws SignatureException {
692 if (state == VERIFY) {
693 if (signature == null) {
694 throw new IllegalArgumentException("signature is null");
695 }
696 if (offset < 0 || length < 0) {
697 throw new IllegalArgumentException
698 ("offset or length is less than 0");
699 }
700 if (signature.length - offset < length) {
701 throw new IllegalArgumentException
702 ("signature too small for specified offset and length");
703 }
704
705 return engineVerify(signature, offset, length);
706 }
707 throw new SignatureException("object not initialized for " +
708 "verification");
709 }
710
711 /**
712 * Updates the data to be signed or verified by a byte.
713 *
714 * @param b the byte to use for the update.
715 *
716 * @exception SignatureException if this signature object is not
717 * initialized properly.
718 */
719 public final void update(byte b) throws SignatureException {
720 if (state == VERIFY || state == SIGN) {
721 engineUpdate(b);
722 } else {
723 throw new SignatureException("object not initialized for "
724 + "signature or verification");
725 }
726 }
727
728 /**
729 * Updates the data to be signed or verified, using the specified
730 * array of bytes.
731 *
732 * @param data the byte array to use for the update.
733 *
734 * @exception SignatureException if this signature object is not
735 * initialized properly.
736 */
737 public final void update(byte[] data) throws SignatureException {
738 update(data, 0, data.length);
739 }
740
741 /**
742 * Updates the data to be signed or verified, using the specified
743 * array of bytes, starting at the specified offset.
744 *
745 * @param data the array of bytes.
746 * @param off the offset to start from in the array of bytes.
747 * @param len the number of bytes to use, starting at offset.
748 *
749 * @exception SignatureException if this signature object is not
750 * initialized properly.
751 * @exception IllegalArgumentException if {@code data} is {@code null},
752 * or {@code off} or {@code len} is less than 0, or the sum of
753 * {@code off} and {@code len} is greater than the length of
754 * {@code data}.
755 */
756 public final void update(byte[] data, int off, int len)
757 throws SignatureException {
758 if (state == SIGN || state == VERIFY) {
759 if (data == null) {
760 throw new IllegalArgumentException("data is null");
761 }
762 if (off < 0 || len < 0) {
763 throw new IllegalArgumentException("off or len is less than 0");
764 }
765 if (data.length - off < len) {
766 throw new IllegalArgumentException
767 ("data too small for specified offset and length");
768 }
769 engineUpdate(data, off, len);
770 } else {
771 throw new SignatureException("object not initialized for "
772 + "signature or verification");
773 }
774 }
775
776 /**
777 * Updates the data to be signed or verified using the specified
778 * ByteBuffer. Processes the {@code data.remaining()} bytes
779 * starting at {@code data.position()}.
780 * Upon return, the buffer's position will be equal to its limit;
781 * its limit will not have changed.
782 *
783 * @param data the ByteBuffer
784 *
785 * @exception SignatureException if this signature object is not
786 * initialized properly.
787 * @since 1.5
788 */
789 public final void update(ByteBuffer data) throws SignatureException {
790 if ((state != SIGN) && (state != VERIFY)) {
791 throw new SignatureException("object not initialized for "
792 + "signature or verification");
793 }
794 if (data == null) {
795 throw new NullPointerException();
796 }
797 engineUpdate(data);
798 }
799
800 /**
801 * Returns the name of the algorithm for this signature object.
802 *
803 * @return the name of the algorithm for this signature object.
804 */
805 public final String getAlgorithm() {
806 return this.algorithm;
807 }
808
809 /**
810 * Returns a string representation of this signature object,
811 * providing information that includes the state of the object
812 * and the name of the algorithm used.
813 *
814 * @return a string representation of this signature object.
815 */
816 public String toString() {
817 String initState = "";
818 switch (state) {
819 case UNINITIALIZED:
820 initState = "<not initialized>";
821 break;
822 case VERIFY:
823 initState = "<initialized for verifying>";
824 break;
825 case SIGN:
826 initState = "<initialized for signing>";
827 break;
828 }
829 return "Signature object: " + getAlgorithm() + initState;
830 }
831
832 /**
833 * Sets the specified algorithm parameter to the specified value.
834 * This method supplies a general-purpose mechanism through
835 * which it is possible to set the various parameters of this object.
836 * A parameter may be any settable parameter for the algorithm, such as
837 * a parameter size, or a source of random bits for signature generation
838 * (if appropriate), or an indication of whether or not to perform
839 * a specific but optional computation. A uniform algorithm-specific
840 * naming scheme for each parameter is desirable but left unspecified
841 * at this time.
842 *
843 * @param param the string identifier of the parameter.
844 * @param value the parameter value.
845 *
846 * @exception InvalidParameterException if {@code param} is an
847 * invalid parameter for this signature algorithm engine,
848 * the parameter is already set
849 * and cannot be set again, a security exception occurs, and so on.
850 *
851 * @see #getParameter
852 *
853 * @deprecated Use
854 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
855 * setParameter}.
856 */
857 @Deprecated
858 public final void setParameter(String param, Object value)
859 throws InvalidParameterException {
860 engineSetParameter(param, value);
861 }
862
863 /**
864 * Initializes this signature engine with the specified parameter set.
865 *
866 * @param params the parameters
867 *
868 * @exception InvalidAlgorithmParameterException if the given parameters
869 * are inappropriate for this signature engine
870 *
871 * @see #getParameters
872 */
873 public final void setParameter(AlgorithmParameterSpec params)
874 throws InvalidAlgorithmParameterException {
875 engineSetParameter(params);
876 }
877
878 /**
879 * Returns the parameters used with this signature object.
880 *
881 * <p>The returned parameters may be the same that were used to initialize
882 * this signature, or may contain a combination of default and randomly
883 * generated parameter values used by the underlying signature
884 * implementation if this signature requires algorithm parameters but
885 * was not initialized with any.
886 *
887 * @return the parameters used with this signature, or null if this
888 * signature does not use any parameters.
889 *
890 * @see #setParameter(AlgorithmParameterSpec)
891 * @since 1.4
892 */
893 public final AlgorithmParameters getParameters() {
894 return engineGetParameters();
895 }
896
897 /**
898 * Gets the value of the specified algorithm parameter. This method
899 * supplies a general-purpose mechanism through which it is possible to
900 * get the various parameters of this object. A parameter may be any
901 * settable parameter for the algorithm, such as a parameter size, or
902 * a source of random bits for signature generation (if appropriate),
903 * or an indication of whether or not to perform a specific but optional
904 * computation. A uniform algorithm-specific naming scheme for each
905 * parameter is desirable but left unspecified at this time.
906 *
907 * @param param the string name of the parameter.
908 *
909 * @return the object that represents the parameter value, or null if
910 * there is none.
911 *
912 * @exception InvalidParameterException if {@code param} is an invalid
913 * parameter for this engine, or another exception occurs while
914 * trying to get this parameter.
915 *
916 * @see #setParameter(String, Object)
917 *
918 * @deprecated
919 */
920 @Deprecated
921 public final Object getParameter(String param)
922 throws InvalidParameterException {
923 return engineGetParameter(param);
924 }
925
926 /**
927 * Returns a clone if the implementation is cloneable.
928 *
929 * @return a clone if the implementation is cloneable.
930 *
931 * @exception CloneNotSupportedException if this is called
932 * on an implementation that does not support {@code Cloneable}.
933 */
934 public Object clone() throws CloneNotSupportedException {
935 if (this instanceof Cloneable) {
936 return super.clone();
937 } else {
938 throw new CloneNotSupportedException();
939 }
940 }
941
942 /*
943 * The following class allows providers to extend from SignatureSpi
944 * rather than from Signature. It represents a Signature with an
945 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
946 * If the provider implementation is an instance of SignatureSpi, the
947 * getInstance() methods above return an instance of this class, with
948 * the SPI object encapsulated.
949 *
950 * Note: All SPI methods from the original Signature class have been
951 * moved up the hierarchy into a new class (SignatureSpi), which has
952 * been interposed in the hierarchy between the API (Signature)
953 * and its original parent (Object).
954 */
955
956 @SuppressWarnings("deprecation")
957 private static class Delegate extends Signature {
958
959 // The provider implementation (delegate)
960 // filled in once the provider is selected
961 private SignatureSpi sigSpi;
962
963 // lock for mutex during provider selection
964 private final Object lock;
965
966 // next service to try in provider selection
967 // null once provider is selected
968 private Service firstService;
969
970 // remaining services to try in provider selection
971 // null once provider is selected
972 private Iterator<Service> serviceIterator;
973
974 // constructor
975 Delegate(SignatureSpi sigSpi, String algorithm) {
976 super(algorithm);
977 this.sigSpi = sigSpi;
978 this.lock = null; // no lock needed
979 }
980
981 // used with delayed provider selection
982 Delegate(Service service,
983 Iterator<Service> iterator, String algorithm) {
984 super(algorithm);
985 this.firstService = service;
986 this.serviceIterator = iterator;
987 this.lock = new Object();
988 }
989
990 /**
991 * Returns a clone if the delegate is cloneable.
992 *
993 * @return a clone if the delegate is cloneable.
994 *
995 * @exception CloneNotSupportedException if this is called on a
996 * delegate that does not support {@code Cloneable}.
997 */
998 public Object clone() throws CloneNotSupportedException {
999 chooseFirstProvider();
1000 if (sigSpi instanceof Cloneable) {
1001 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
1002 // Because 'algorithm' and 'provider' are private
1003 // members of our supertype, we must perform a cast to
1004 // access them.
1005 Signature that =
1006 new Delegate(sigSpiClone, ((Signature)this).algorithm);
1007 that.provider = ((Signature)this).provider;
1008 return that;
1009 } else {
1010 throw new CloneNotSupportedException();
1011 }
1012 }
1013
1014 private static SignatureSpi newInstance(Service s)
1015 throws NoSuchAlgorithmException {
1016 if (s.getType().equals("Cipher")) {
1017 // must be NONEwithRSA
1018 try {
1019 Cipher c = Cipher.getInstance(RSA_CIPHER, s.getProvider());
1020 return new CipherAdapter(c);
1021 } catch (NoSuchPaddingException e) {
1022 throw new NoSuchAlgorithmException(e);
1023 }
1024 } else {
1025 Object o = s.newInstance(null);
1026 if (o instanceof SignatureSpi == false) {
1027 throw new NoSuchAlgorithmException
1028 ("Not a SignatureSpi: " + o.getClass().getName());
1029 }
1030 return (SignatureSpi)o;
1031 }
1032 }
1033
1034 // max number of debug warnings to print from chooseFirstProvider()
1035 private static int warnCount = 10;
1036
1037 /**
1038 * Choose the Spi from the first provider available. Used if
1039 * delayed provider selection is not possible because initSign()/
1040 * initVerify() is not the first method called.
1041 */
1042 void chooseFirstProvider() {
1043 if (sigSpi != null) {
1044 return;
1045 }
1046 synchronized (lock) {
1047 if (sigSpi != null) {
1048 return;
1049 }
1050 if (debug != null) {
1051 int w = --warnCount;
1052 if (w >= 0) {
1053 debug.println("Signature.init() not first method "
1054 + "called, disabling delayed provider selection");
1055 if (w == 0) {
1056 debug.println("Further warnings of this type will "
1057 + "be suppressed");
1058 }
1059 new Exception("Call trace").printStackTrace();
1060 }
1061 }
1062 Exception lastException = null;
1063 while ((firstService != null) || serviceIterator.hasNext()) {
1064 Service s;
1065 if (firstService != null) {
1066 s = firstService;
1067 firstService = null;
1068 } else {
1069 s = serviceIterator.next();
1070 }
1071 if (isSpi(s) == false) {
1072 continue;
1073 }
1074 try {
1075 sigSpi = newInstance(s);
1076 provider = s.getProvider();
1077 // not needed any more
1078 firstService = null;
1079 serviceIterator = null;
1080 return;
1081 } catch (NoSuchAlgorithmException e) {
1082 lastException = e;
1083 }
1084 }
1085 ProviderException e = new ProviderException
1086 ("Could not construct SignatureSpi instance");
1087 if (lastException != null) {
1088 e.initCause(lastException);
1089 }
1090 throw e;
1091 }
1092 }
1093
1094 private void chooseProvider(int type, Key key, SecureRandom random)
1095 throws InvalidKeyException {
1096 synchronized (lock) {
1097 if (sigSpi != null) {
1098 init(sigSpi, type, key, random);
1099 return;
1100 }
1101 Exception lastException = null;
1102 while ((firstService != null) || serviceIterator.hasNext()) {
1103 Service s;
1104 if (firstService != null) {
1105 s = firstService;
1106 firstService = null;
1107 } else {
1108 s = serviceIterator.next();
1109 }
1110 // if provider says it does not support this key, ignore it
1111 if (s.supportsParameter(key) == false) {
1112 continue;
1113 }
1114 // if instance is not a SignatureSpi, ignore it
1115 if (isSpi(s) == false) {
1116 continue;
1117 }
1118 try {
1119 SignatureSpi spi = newInstance(s);
1120 init(spi, type, key, random);
1121 provider = s.getProvider();
1122 sigSpi = spi;
1123 firstService = null;
1124 serviceIterator = null;
1125 return;
1126 } catch (Exception e) {
1127 // NoSuchAlgorithmException from newInstance()
1128 // InvalidKeyException from init()
1129 // RuntimeException (ProviderException) from init()
1130 if (lastException == null) {
1131 lastException = e;
1132 }
1133 }
1134 }
1135 // no working provider found, fail
1136 if (lastException instanceof InvalidKeyException) {
1137 throw (InvalidKeyException)lastException;
1138 }
1139 if (lastException instanceof RuntimeException) {
1140 throw (RuntimeException)lastException;
1141 }
1142 String k = (key != null) ? key.getClass().getName() : "(null)";
1143 throw new InvalidKeyException
1144 ("No installed provider supports this key: "
1145 + k, lastException);
1146 }
1147 }
1148
1149 private final static int I_PUB = 1;
1150 private final static int I_PRIV = 2;
1151 private final static int I_PRIV_SR = 3;
1152
1153 private void init(SignatureSpi spi, int type, Key key,
1154 SecureRandom random) throws InvalidKeyException {
1155 switch (type) {
1156 case I_PUB:
1157 spi.engineInitVerify((PublicKey)key);
1158 break;
1159 case I_PRIV:
1160 spi.engineInitSign((PrivateKey)key);
1161 break;
1162 case I_PRIV_SR:
1163 spi.engineInitSign((PrivateKey)key, random);
1164 break;
1165 default:
1166 throw new AssertionError("Internal error: " + type);
1167 }
1168 }
1169
1170 protected void engineInitVerify(PublicKey publicKey)
1171 throws InvalidKeyException {
1172 if (sigSpi != null) {
1173 sigSpi.engineInitVerify(publicKey);
1174 } else {
1175 chooseProvider(I_PUB, publicKey, null);
1176 }
1177 }
1178
1179 protected void engineInitSign(PrivateKey privateKey)
1180 throws InvalidKeyException {
1181 if (sigSpi != null) {
1182 sigSpi.engineInitSign(privateKey);
1183 } else {
1184 chooseProvider(I_PRIV, privateKey, null);
1185 }
1186 }
1187
1188 protected void engineInitSign(PrivateKey privateKey, SecureRandom sr)
1189 throws InvalidKeyException {
1190 if (sigSpi != null) {
1191 sigSpi.engineInitSign(privateKey, sr);
1192 } else {
1193 chooseProvider(I_PRIV_SR, privateKey, sr);
1194 }
1195 }
1196
1197 protected void engineUpdate(byte b) throws SignatureException {
1198 chooseFirstProvider();
1199 sigSpi.engineUpdate(b);
1200 }
1201
1202 protected void engineUpdate(byte[] b, int off, int len)
1203 throws SignatureException {
1204 chooseFirstProvider();
1205 sigSpi.engineUpdate(b, off, len);
1206 }
1207
1208 protected void engineUpdate(ByteBuffer data) {
1209 chooseFirstProvider();
1210 sigSpi.engineUpdate(data);
1211 }
1212
1213 protected byte[] engineSign() throws SignatureException {
1214 chooseFirstProvider();
1215 return sigSpi.engineSign();
1216 }
1217
1218 protected int engineSign(byte[] outbuf, int offset, int len)
1219 throws SignatureException {
1220 chooseFirstProvider();
1221 return sigSpi.engineSign(outbuf, offset, len);
1222 }
1223
1224 protected boolean engineVerify(byte[] sigBytes)
1225 throws SignatureException {
1226 chooseFirstProvider();
1227 return sigSpi.engineVerify(sigBytes);
1228 }
1229
1230 protected boolean engineVerify(byte[] sigBytes, int offset, int length)
1231 throws SignatureException {
1232 chooseFirstProvider();
1233 return sigSpi.engineVerify(sigBytes, offset, length);
1234 }
1235
1236 protected void engineSetParameter(String param, Object value)
1237 throws InvalidParameterException {
1238 chooseFirstProvider();
1239 sigSpi.engineSetParameter(param, value);
1240 }
1241
1242 protected void engineSetParameter(AlgorithmParameterSpec params)
1243 throws InvalidAlgorithmParameterException {
1244 chooseFirstProvider();
1245 sigSpi.engineSetParameter(params);
1246 }
1247
1248 protected Object engineGetParameter(String param)
1249 throws InvalidParameterException {
1250 chooseFirstProvider();
1251 return sigSpi.engineGetParameter(param);
1252 }
1253
1254 protected AlgorithmParameters engineGetParameters() {
1255 chooseFirstProvider();
1256 return sigSpi.engineGetParameters();
1257 }
1258 }
1259
1260 // adapter for RSA/ECB/PKCS1Padding ciphers
1261 @SuppressWarnings("deprecation")
1262 private static class CipherAdapter extends SignatureSpi {
1263
1264 private final Cipher cipher;
1265
1266 private ByteArrayOutputStream data;
1267
1268 CipherAdapter(Cipher cipher) {
1269 this.cipher = cipher;
1270 }
1271
1272 protected void engineInitVerify(PublicKey publicKey)
1273 throws InvalidKeyException {
1274 cipher.init(Cipher.DECRYPT_MODE, publicKey);
1275 if (data == null) {
1276 data = new ByteArrayOutputStream(128);
1277 } else {
1278 data.reset();
1279 }
1280 }
1281
1282 protected void engineInitSign(PrivateKey privateKey)
1283 throws InvalidKeyException {
1284 cipher.init(Cipher.ENCRYPT_MODE, privateKey);
1285 data = null;
1286 }
1287
1288 protected void engineInitSign(PrivateKey privateKey,
1289 SecureRandom random) throws InvalidKeyException {
1290 cipher.init(Cipher.ENCRYPT_MODE, privateKey, random);
1291 data = null;
1292 }
1293
1294 protected void engineUpdate(byte b) throws SignatureException {
1295 engineUpdate(new byte[] {b}, 0, 1);
1296 }
1297
1298 protected void engineUpdate(byte[] b, int off, int len)
1299 throws SignatureException {
1300 if (data != null) {
1301 data.write(b, off, len);
1302 return;
1303 }
1304 byte[] out = cipher.update(b, off, len);
1305 if ((out != null) && (out.length != 0)) {
1306 throw new SignatureException
1307 ("Cipher unexpectedly returned data");
1308 }
1309 }
1310
1311 protected byte[] engineSign() throws SignatureException {
1312 try {
1313 return cipher.doFinal();
1314 } catch (IllegalBlockSizeException e) {
1315 throw new SignatureException("doFinal() failed", e);
1316 } catch (BadPaddingException e) {
1317 throw new SignatureException("doFinal() failed", e);
1318 }
1319 }
1320
1321 protected boolean engineVerify(byte[] sigBytes)
1322 throws SignatureException {
1323 try {
1324 byte[] out = cipher.doFinal(sigBytes);
1325 byte[] dataBytes = data.toByteArray();
1326 data.reset();
1327 return Arrays.equals(out, dataBytes);
1328 } catch (BadPaddingException e) {
1329 // e.g. wrong public key used
1330 // return false rather than throwing exception
1331 return false;
1332 } catch (IllegalBlockSizeException e) {
1333 throw new SignatureException("doFinal() failed", e);
1334 }
1335 }
1336
1337 protected void engineSetParameter(String param, Object value)
1338 throws InvalidParameterException {
1339 throw new InvalidParameterException("Parameters not supported");
1340 }
1341
1342 protected Object engineGetParameter(String param)
1343 throws InvalidParameterException {
1344 throw new InvalidParameterException("Parameters not supported");
1345 }
1346
1347 }
1348
1349 }