1 /*
2 * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
222 * does not have to be registered in the provider list.
223 *
224 * This method was added to version 1.8 of the Java Platform Standard
225 * Edition. In order to maintain backwards compatibility with existing
226 * service providers, this method is not {@code abstract}
227 * and it provides a default implementation.
228 *
229 * @param key the PublicKey used to carry out the verification.
230 * @param sigProvider the signature provider.
231 *
232 * @exception NoSuchAlgorithmException on unsupported signature
233 * algorithms.
234 * @exception InvalidKeyException on incorrect key.
235 * @exception SignatureException on signature errors.
236 * @exception CRLException on encoding errors.
237 * @since 1.8
238 */
239 public void verify(PublicKey key, Provider sigProvider)
240 throws CRLException, NoSuchAlgorithmException,
241 InvalidKeyException, SignatureException {
242 String sigAlgName = getSigAlgName();
243 Signature sig = (sigProvider == null)
244 ? Signature.getInstance(sigAlgName)
245 : Signature.getInstance(sigAlgName, sigProvider);
246
247 try {
248 byte[] paramBytes = getSigAlgParams();
249 SignatureUtil.initVerifyWithParam(sig, key,
250 SignatureUtil.getParamSpec(sigAlgName, paramBytes));
251 } catch (ProviderException e) {
252 throw new CRLException(e.getMessage(), e.getCause());
253 } catch (InvalidAlgorithmParameterException e) {
254 throw new CRLException(e);
255 }
256
257 byte[] tbsCRL = getTBSCertList();
258 sig.update(tbsCRL, 0, tbsCRL.length);
259
260 if (sig.verify(getSignature()) == false) {
261 throw new SignatureException("Signature does not match.");
262 }
263 }
264
265 /**
266 * Gets the {@code version} (version number) value from the CRL.
267 * The ASN.1 definition for this is:
268 * <pre>
269 * version Version OPTIONAL,
270 * -- if present, must be v2
|
1 /*
2 * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
222 * does not have to be registered in the provider list.
223 *
224 * This method was added to version 1.8 of the Java Platform Standard
225 * Edition. In order to maintain backwards compatibility with existing
226 * service providers, this method is not {@code abstract}
227 * and it provides a default implementation.
228 *
229 * @param key the PublicKey used to carry out the verification.
230 * @param sigProvider the signature provider.
231 *
232 * @exception NoSuchAlgorithmException on unsupported signature
233 * algorithms.
234 * @exception InvalidKeyException on incorrect key.
235 * @exception SignatureException on signature errors.
236 * @exception CRLException on encoding errors.
237 * @since 1.8
238 */
239 public void verify(PublicKey key, Provider sigProvider)
240 throws CRLException, NoSuchAlgorithmException,
241 InvalidKeyException, SignatureException {
242 Signature sig = (sigProvider == null)
243 ? Signature.getInstance(getSigAlgName())
244 : Signature.getInstance(getSigAlgName(), sigProvider);
245
246 sig.initVerify(key);
247
248 // set parameters after Signature.initSign/initVerify call,
249 // so the deferred provider selections occur when key is set
250 try {
251 SignatureUtil.specialSetParameter(sig, getSigAlgParams());
252 } catch (ProviderException e) {
253 throw new CRLException(e.getMessage(), e.getCause());
254 } catch (InvalidAlgorithmParameterException e) {
255 throw new CRLException(e);
256 }
257
258 byte[] tbsCRL = getTBSCertList();
259 sig.update(tbsCRL, 0, tbsCRL.length);
260
261 if (sig.verify(getSignature()) == false) {
262 throw new SignatureException("Signature does not match.");
263 }
264 }
265
266 /**
267 * Gets the {@code version} (version number) value from the CRL.
268 * The ASN.1 definition for this is:
269 * <pre>
270 * version Version OPTIONAL,
271 * -- if present, must be v2
|