405 InvalidKeyException, NoSuchProviderException, SignatureException {
406 if (sigProvider == null) {
407 sigProvider = "";
408 }
409 if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
410 // this certificate has already been verified using
411 // this public key. Make sure providers match, too.
412 if (sigProvider.equals(verifiedProvider)) {
413 if (verificationResult) {
414 return;
415 } else {
416 throw new SignatureException("Signature does not match.");
417 }
418 }
419 }
420 if (signedCert == null) {
421 throw new CertificateEncodingException("Uninitialized certificate");
422 }
423 // Verify the signature ...
424 Signature sigVerf = null;
425 String sigName = algId.getName();
426 if (sigProvider.isEmpty()) {
427 sigVerf = Signature.getInstance(sigName);
428 } else {
429 sigVerf = Signature.getInstance(sigName, sigProvider);
430 }
431
432 try {
433 SignatureUtil.initVerifyWithParam(sigVerf, key,
434 SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
435 } catch (ProviderException e) {
436 throw new CertificateException(e.getMessage(), e.getCause());
437 } catch (InvalidAlgorithmParameterException e) {
438 throw new CertificateException(e);
439 }
440
441 byte[] rawCert = info.getEncodedInfo();
442 sigVerf.update(rawCert, 0, rawCert.length);
443
444 // verify may throw SignatureException for invalid encodings, etc.
445 verificationResult = sigVerf.verify(signature);
446 verifiedPublicKey = key;
447 verifiedProvider = sigProvider;
448
449 if (verificationResult == false) {
450 throw new SignatureException("Signature does not match.");
451 }
452 }
453
454 /**
459 * Successfully verifying a certificate does <em>not</em> indicate that one
460 * should trust the entity which it represents.
461 *
462 * @param key the public key used for verification.
463 * @param sigProvider the provider.
464 *
465 * @exception NoSuchAlgorithmException on unsupported signature
466 * algorithms.
467 * @exception InvalidKeyException on incorrect key.
468 * @exception SignatureException on signature errors.
469 * @exception CertificateException on encoding errors.
470 */
471 public synchronized void verify(PublicKey key, Provider sigProvider)
472 throws CertificateException, NoSuchAlgorithmException,
473 InvalidKeyException, SignatureException {
474 if (signedCert == null) {
475 throw new CertificateEncodingException("Uninitialized certificate");
476 }
477 // Verify the signature ...
478 Signature sigVerf = null;
479 String sigName = algId.getName();
480 if (sigProvider == null) {
481 sigVerf = Signature.getInstance(sigName);
482 } else {
483 sigVerf = Signature.getInstance(sigName, sigProvider);
484 }
485
486 try {
487 SignatureUtil.initVerifyWithParam(sigVerf, key,
488 SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
489 } catch (ProviderException e) {
490 throw new CertificateException(e.getMessage(), e.getCause());
491 } catch (InvalidAlgorithmParameterException e) {
492 throw new CertificateException(e);
493 }
494
495 byte[] rawCert = info.getEncodedInfo();
496 sigVerf.update(rawCert, 0, rawCert.length);
497
498 // verify may throw SignatureException for invalid encodings, etc.
499 verificationResult = sigVerf.verify(signature);
500 verifiedPublicKey = key;
501
502 if (verificationResult == false) {
503 throw new SignatureException("Signature does not match.");
504 }
505 }
506
507 /**
508 * Creates an X.509 certificate, and signs it using the given key
566 * @param key the private key used for signing
567 * @param signingParams the parameters used for signing
568 * @param algorithm the name of the signature algorithm used
569 * @param provider the name of the provider, may be null
570 *
571 * @exception NoSuchAlgorithmException on unsupported signature
572 * algorithms
573 * @exception InvalidKeyException on incorrect key
574 * @exception InvalidAlgorithmParameterException on invalid signature
575 * parameters
576 * @exception NoSuchProviderException on incorrect provider
577 * @exception SignatureException on signature errors
578 * @exception CertificateException on encoding errors
579 */
580 public void sign(PrivateKey key, AlgorithmParameterSpec signingParams,
581 String algorithm, String provider)
582 throws CertificateException, NoSuchAlgorithmException,
583 InvalidKeyException, InvalidAlgorithmParameterException,
584 NoSuchProviderException, SignatureException {
585 try {
586 if (readOnly) {
587 throw new CertificateEncodingException(
588 "cannot over-write existing certificate");
589 }
590 Signature sigEngine = null;
591 if (provider == null || provider.isEmpty()) {
592 sigEngine = Signature.getInstance(algorithm);
593 } else {
594 sigEngine = Signature.getInstance(algorithm, provider);
595 }
596
597 SignatureUtil.initSignWithParam(sigEngine, key, signingParams,
598 null);
599
600 // in case the name is reset
601 if (signingParams != null) {
602 algId = AlgorithmId.get(sigEngine.getParameters());
603 } else {
604 algId = AlgorithmId.get(algorithm);
605 }
606 DerOutputStream out = new DerOutputStream();
607 DerOutputStream tmp = new DerOutputStream();
608
609 // encode certificate info
610 info.encode(tmp);
611 byte[] rawCert = tmp.toByteArray();
612
613 // encode algorithm identifier
614 algId.encode(tmp);
615
616 // Create and encode the signature itself.
617 sigEngine.update(rawCert, 0, rawCert.length);
618 signature = sigEngine.sign();
|
405 InvalidKeyException, NoSuchProviderException, SignatureException {
406 if (sigProvider == null) {
407 sigProvider = "";
408 }
409 if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
410 // this certificate has already been verified using
411 // this public key. Make sure providers match, too.
412 if (sigProvider.equals(verifiedProvider)) {
413 if (verificationResult) {
414 return;
415 } else {
416 throw new SignatureException("Signature does not match.");
417 }
418 }
419 }
420 if (signedCert == null) {
421 throw new CertificateEncodingException("Uninitialized certificate");
422 }
423 // Verify the signature ...
424 Signature sigVerf = null;
425 if (sigProvider.isEmpty()) {
426 sigVerf = Signature.getInstance(algId.getName());
427 } else {
428 sigVerf = Signature.getInstance(algId.getName(), sigProvider);
429 }
430
431 sigVerf.initVerify(key);
432
433 // set parameters after Signature.initSign/initVerify call,
434 // so the deferred provider selection happens when key is set
435 try {
436 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
437 } catch (ProviderException e) {
438 throw new CertificateException(e.getMessage(), e.getCause());
439 } catch (InvalidAlgorithmParameterException e) {
440 throw new CertificateException(e);
441 }
442
443 byte[] rawCert = info.getEncodedInfo();
444 sigVerf.update(rawCert, 0, rawCert.length);
445
446 // verify may throw SignatureException for invalid encodings, etc.
447 verificationResult = sigVerf.verify(signature);
448 verifiedPublicKey = key;
449 verifiedProvider = sigProvider;
450
451 if (verificationResult == false) {
452 throw new SignatureException("Signature does not match.");
453 }
454 }
455
456 /**
461 * Successfully verifying a certificate does <em>not</em> indicate that one
462 * should trust the entity which it represents.
463 *
464 * @param key the public key used for verification.
465 * @param sigProvider the provider.
466 *
467 * @exception NoSuchAlgorithmException on unsupported signature
468 * algorithms.
469 * @exception InvalidKeyException on incorrect key.
470 * @exception SignatureException on signature errors.
471 * @exception CertificateException on encoding errors.
472 */
473 public synchronized void verify(PublicKey key, Provider sigProvider)
474 throws CertificateException, NoSuchAlgorithmException,
475 InvalidKeyException, SignatureException {
476 if (signedCert == null) {
477 throw new CertificateEncodingException("Uninitialized certificate");
478 }
479 // Verify the signature ...
480 Signature sigVerf = null;
481 if (sigProvider == null) {
482 sigVerf = Signature.getInstance(algId.getName());
483 } else {
484 sigVerf = Signature.getInstance(algId.getName(), sigProvider);
485 }
486
487 sigVerf.initVerify(key);
488
489 // set parameters after Signature.initSign/initVerify call,
490 // so the deferred provider selection happens when key is set
491 try {
492 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
493 } catch (ProviderException e) {
494 throw new CertificateException(e.getMessage(), e.getCause());
495 } catch (InvalidAlgorithmParameterException e) {
496 throw new CertificateException(e);
497 }
498
499 byte[] rawCert = info.getEncodedInfo();
500 sigVerf.update(rawCert, 0, rawCert.length);
501
502 // verify may throw SignatureException for invalid encodings, etc.
503 verificationResult = sigVerf.verify(signature);
504 verifiedPublicKey = key;
505
506 if (verificationResult == false) {
507 throw new SignatureException("Signature does not match.");
508 }
509 }
510
511 /**
512 * Creates an X.509 certificate, and signs it using the given key
570 * @param key the private key used for signing
571 * @param signingParams the parameters used for signing
572 * @param algorithm the name of the signature algorithm used
573 * @param provider the name of the provider, may be null
574 *
575 * @exception NoSuchAlgorithmException on unsupported signature
576 * algorithms
577 * @exception InvalidKeyException on incorrect key
578 * @exception InvalidAlgorithmParameterException on invalid signature
579 * parameters
580 * @exception NoSuchProviderException on incorrect provider
581 * @exception SignatureException on signature errors
582 * @exception CertificateException on encoding errors
583 */
584 public void sign(PrivateKey key, AlgorithmParameterSpec signingParams,
585 String algorithm, String provider)
586 throws CertificateException, NoSuchAlgorithmException,
587 InvalidKeyException, InvalidAlgorithmParameterException,
588 NoSuchProviderException, SignatureException {
589 try {
590 if (readOnly)
591 throw new CertificateEncodingException(
592 "cannot over-write existing certificate");
593 Signature sigEngine = null;
594 if (provider == null || provider.isEmpty())
595 sigEngine = Signature.getInstance(algorithm);
596 else
597 sigEngine = Signature.getInstance(algorithm, provider);
598
599 sigEngine.initSign(key);
600
601 if (signingParams != null) {
602 // set parameters after Signature.initSign/initVerify call, so
603 // the deferred provider selection happens when the key is set
604 sigEngine.setParameter(signingParams);
605 }
606
607 // in case the name is reset
608 if (signingParams != null) {
609 algId = AlgorithmId.get(sigEngine.getParameters());
610 } else {
611 algId = AlgorithmId.get(algorithm);
612 }
613 DerOutputStream out = new DerOutputStream();
614 DerOutputStream tmp = new DerOutputStream();
615
616 // encode certificate info
617 info.encode(tmp);
618 byte[] rawCert = tmp.toByteArray();
619
620 // encode algorithm identifier
621 algId.encode(tmp);
622
623 // Create and encode the signature itself.
624 sigEngine.update(rawCert, 0, rawCert.length);
625 signature = sigEngine.sign();
|