1 /*
2 * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
430 } catch (IOException ioe) {
431 throw new SignatureException("Failed to parse keyUsage "
432 + "extension");
433 }
434
435 boolean digSigAllowed = keyUsage.get(
436 KeyUsageExtension.DIGITAL_SIGNATURE).booleanValue();
437
438 boolean nonRepuAllowed = keyUsage.get(
439 KeyUsageExtension.NON_REPUDIATION).booleanValue();
440
441 if (!digSigAllowed && !nonRepuAllowed) {
442 throw new SignatureException("Key usage restricted: "
443 + "cannot be used for "
444 + "digital signatures");
445 }
446 }
447
448 Signature sig = Signature.getInstance(algname);
449
450 AlgorithmParameters ap =
451 digestEncryptionAlgorithmId.getParameters();
452 try {
453 SignatureUtil.initVerifyWithParam(sig, key,
454 SignatureUtil.getParamSpec(algname, ap));
455 } catch (ProviderException | InvalidAlgorithmParameterException |
456 InvalidKeyException e) {
457 throw new SignatureException(e.getMessage(), e);
458 }
459
460 sig.update(dataSigned);
461 if (sig.verify(encryptedDigest)) {
462 return this;
463 }
464 } catch (IOException e) {
465 throw new SignatureException("IO error verifying signature:\n" +
466 e.getMessage());
467 }
468 return null;
469 }
470
471 /* Verify the content of the pkcs7 block. */
472 SignerInfo verify(PKCS7 block)
473 throws NoSuchAlgorithmException, SignatureException {
474 return verify(block, null);
475 }
476
477 public BigInteger getVersion() {
478 return version;
479 }
480
481 public X500Name getIssuerName() {
482 return issuerName;
483 }
484
485 public BigInteger getCertificateSerialNumber() {
486 return certificateSerialNumber;
|
1 /*
2 * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
430 } catch (IOException ioe) {
431 throw new SignatureException("Failed to parse keyUsage "
432 + "extension");
433 }
434
435 boolean digSigAllowed = keyUsage.get(
436 KeyUsageExtension.DIGITAL_SIGNATURE).booleanValue();
437
438 boolean nonRepuAllowed = keyUsage.get(
439 KeyUsageExtension.NON_REPUDIATION).booleanValue();
440
441 if (!digSigAllowed && !nonRepuAllowed) {
442 throw new SignatureException("Key usage restricted: "
443 + "cannot be used for "
444 + "digital signatures");
445 }
446 }
447
448 Signature sig = Signature.getInstance(algname);
449
450 sig.initVerify(key);
451
452 // set parameters after Signature.initSign/initVerify call,
453 // so the deferred provider selections occur when key is set
454 AlgorithmParameters ap =
455 digestEncryptionAlgorithmId.getParameters();
456 try {
457 SignatureUtil.specialSetParameter(sig, ap);
458 } catch (ProviderException | InvalidAlgorithmParameterException e) {
459 throw new SignatureException(e.getMessage(), e);
460 }
461
462 sig.update(dataSigned);
463 if (sig.verify(encryptedDigest)) {
464 return this;
465 }
466 } catch (IOException e) {
467 throw new SignatureException("IO error verifying signature:\n" +
468 e.getMessage());
469 } catch (InvalidKeyException e) {
470 throw new SignatureException("InvalidKey: " + e.getMessage());
471 }
472 return null;
473 }
474
475 /* Verify the content of the pkcs7 block. */
476 SignerInfo verify(PKCS7 block)
477 throws NoSuchAlgorithmException, SignatureException {
478 return verify(block, null);
479 }
480
481 public BigInteger getVersion() {
482 return version;
483 }
484
485 public X500Name getIssuerName() {
486 return issuerName;
487 }
488
489 public BigInteger getCertificateSerialNumber() {
490 return certificateSerialNumber;
|