150 151 subject = new X500Name(seq[0].data); 152 subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); 153 154 // Cope with a somewhat common illegal PKCS #10 format 155 if (seq[0].data.available() != 0) 156 attributeSet = new PKCS10Attributes(seq[0].data); 157 else 158 attributeSet = new PKCS10Attributes(); 159 160 if (seq[0].data.available() != 0) 161 throw new IllegalArgumentException("illegal PKCS #10 data"); 162 163 // 164 // OK, we parsed it all ... validate the signature using the 165 // key and signature algorithm we found. 166 // 167 try { 168 sigAlg = id.getName(); 169 sig = Signature.getInstance(sigAlg); 170 SignatureUtil.initVerifyWithParam(sig, subjectPublicKeyInfo, 171 SignatureUtil.getParamSpec(sigAlg, id.getParameters())); 172 173 sig.update(data); 174 if (!sig.verify(sigData)) { 175 throw new SignatureException("Invalid PKCS #10 signature"); 176 } 177 } catch (InvalidKeyException e) { 178 throw new SignatureException("Invalid key"); 179 } catch (InvalidAlgorithmParameterException e) { 180 throw new SignatureException("Invalid signature parameters", e); 181 } catch (ProviderException e) { 182 throw new SignatureException("Error parsing signature parameters", 183 e.getCause()); 184 } 185 } 186 187 /** 188 * Create the signed certificate request. This will later be 189 * retrieved in either string or binary format. 190 * 191 * @param subject identifies the signer (by X.500 name). | 150 151 subject = new X500Name(seq[0].data); 152 subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); 153 154 // Cope with a somewhat common illegal PKCS #10 format 155 if (seq[0].data.available() != 0) 156 attributeSet = new PKCS10Attributes(seq[0].data); 157 else 158 attributeSet = new PKCS10Attributes(); 159 160 if (seq[0].data.available() != 0) 161 throw new IllegalArgumentException("illegal PKCS #10 data"); 162 163 // 164 // OK, we parsed it all ... validate the signature using the 165 // key and signature algorithm we found. 166 // 167 try { 168 sigAlg = id.getName(); 169 sig = Signature.getInstance(sigAlg); 170 171 sig.initVerify(subjectPublicKeyInfo); 172 173 // set parameters after Signature.initSign/initVerify call, 174 // so the deferred provider selections occur when key is set 175 SignatureUtil.specialSetParameter(sig, id.getParameters()); 176 177 sig.update(data); 178 if (!sig.verify(sigData)) { 179 throw new SignatureException("Invalid PKCS #10 signature"); 180 } 181 } catch (InvalidKeyException e) { 182 throw new SignatureException("Invalid key"); 183 } catch (InvalidAlgorithmParameterException e) { 184 throw new SignatureException("Invalid signature parameters", e); 185 } catch (ProviderException e) { 186 throw new SignatureException("Error parsing signature parameters", 187 e.getCause()); 188 } 189 } 190 191 /** 192 * Create the signed certificate request. This will later be 193 * retrieved in either string or binary format. 194 * 195 * @param subject identifies the signer (by X.500 name). |