405 InvalidKeyException, NoSuchProviderException, SignatureException { 406 if (sigProvider == null) { 407 sigProvider = ""; 408 } 409 if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) { 410 // this certificate has already been verified using 411 // this public key. Make sure providers match, too. 412 if (sigProvider.equals(verifiedProvider)) { 413 if (verificationResult) { 414 return; 415 } else { 416 throw new SignatureException("Signature does not match."); 417 } 418 } 419 } 420 if (signedCert == null) { 421 throw new CertificateEncodingException("Uninitialized certificate"); 422 } 423 // Verify the signature ... 424 Signature sigVerf = null; 425 String sigName = algId.getName(); 426 if (sigProvider.isEmpty()) { 427 sigVerf = Signature.getInstance(sigName); 428 } else { 429 sigVerf = Signature.getInstance(sigName, sigProvider); 430 } 431 432 try { 433 SignatureUtil.initVerifyWithParam(sigVerf, key, 434 SignatureUtil.getParamSpec(sigName, getSigAlgParams())); 435 } catch (ProviderException e) { 436 throw new CertificateException(e.getMessage(), e.getCause()); 437 } catch (InvalidAlgorithmParameterException e) { 438 throw new CertificateException(e); 439 } 440 441 byte[] rawCert = info.getEncodedInfo(); 442 sigVerf.update(rawCert, 0, rawCert.length); 443 444 // verify may throw SignatureException for invalid encodings, etc. 445 verificationResult = sigVerf.verify(signature); 446 verifiedPublicKey = key; 447 verifiedProvider = sigProvider; 448 449 if (verificationResult == false) { 450 throw new SignatureException("Signature does not match."); 451 } 452 } 453 454 /** 459 * Successfully verifying a certificate does <em>not</em> indicate that one 460 * should trust the entity which it represents. 461 * 462 * @param key the public key used for verification. 463 * @param sigProvider the provider. 464 * 465 * @exception NoSuchAlgorithmException on unsupported signature 466 * algorithms. 467 * @exception InvalidKeyException on incorrect key. 468 * @exception SignatureException on signature errors. 469 * @exception CertificateException on encoding errors. 470 */ 471 public synchronized void verify(PublicKey key, Provider sigProvider) 472 throws CertificateException, NoSuchAlgorithmException, 473 InvalidKeyException, SignatureException { 474 if (signedCert == null) { 475 throw new CertificateEncodingException("Uninitialized certificate"); 476 } 477 // Verify the signature ... 478 Signature sigVerf = null; 479 String sigName = algId.getName(); 480 if (sigProvider == null) { 481 sigVerf = Signature.getInstance(sigName); 482 } else { 483 sigVerf = Signature.getInstance(sigName, sigProvider); 484 } 485 486 try { 487 SignatureUtil.initVerifyWithParam(sigVerf, key, 488 SignatureUtil.getParamSpec(sigName, getSigAlgParams())); 489 } catch (ProviderException e) { 490 throw new CertificateException(e.getMessage(), e.getCause()); 491 } catch (InvalidAlgorithmParameterException e) { 492 throw new CertificateException(e); 493 } 494 495 byte[] rawCert = info.getEncodedInfo(); 496 sigVerf.update(rawCert, 0, rawCert.length); 497 498 // verify may throw SignatureException for invalid encodings, etc. 499 verificationResult = sigVerf.verify(signature); 500 verifiedPublicKey = key; 501 502 if (verificationResult == false) { 503 throw new SignatureException("Signature does not match."); 504 } 505 } 506 507 /** 508 * Creates an X.509 certificate, and signs it using the given key 566 * @param key the private key used for signing 567 * @param signingParams the parameters used for signing 568 * @param algorithm the name of the signature algorithm used 569 * @param provider the name of the provider, may be null 570 * 571 * @exception NoSuchAlgorithmException on unsupported signature 572 * algorithms 573 * @exception InvalidKeyException on incorrect key 574 * @exception InvalidAlgorithmParameterException on invalid signature 575 * parameters 576 * @exception NoSuchProviderException on incorrect provider 577 * @exception SignatureException on signature errors 578 * @exception CertificateException on encoding errors 579 */ 580 public void sign(PrivateKey key, AlgorithmParameterSpec signingParams, 581 String algorithm, String provider) 582 throws CertificateException, NoSuchAlgorithmException, 583 InvalidKeyException, InvalidAlgorithmParameterException, 584 NoSuchProviderException, SignatureException { 585 try { 586 if (readOnly) { 587 throw new CertificateEncodingException( 588 "cannot over-write existing certificate"); 589 } 590 Signature sigEngine = null; 591 if (provider == null || provider.isEmpty()) { 592 sigEngine = Signature.getInstance(algorithm); 593 } else { 594 sigEngine = Signature.getInstance(algorithm, provider); 595 } 596 597 SignatureUtil.initSignWithParam(sigEngine, key, signingParams, 598 null); 599 600 // in case the name is reset 601 if (signingParams != null) { 602 algId = AlgorithmId.get(sigEngine.getParameters()); 603 } else { 604 algId = AlgorithmId.get(algorithm); 605 } 606 DerOutputStream out = new DerOutputStream(); 607 DerOutputStream tmp = new DerOutputStream(); 608 609 // encode certificate info 610 info.encode(tmp); 611 byte[] rawCert = tmp.toByteArray(); 612 613 // encode algorithm identifier 614 algId.encode(tmp); 615 616 // Create and encode the signature itself. 617 sigEngine.update(rawCert, 0, rawCert.length); 618 signature = sigEngine.sign(); | 405 InvalidKeyException, NoSuchProviderException, SignatureException { 406 if (sigProvider == null) { 407 sigProvider = ""; 408 } 409 if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) { 410 // this certificate has already been verified using 411 // this public key. Make sure providers match, too. 412 if (sigProvider.equals(verifiedProvider)) { 413 if (verificationResult) { 414 return; 415 } else { 416 throw new SignatureException("Signature does not match."); 417 } 418 } 419 } 420 if (signedCert == null) { 421 throw new CertificateEncodingException("Uninitialized certificate"); 422 } 423 // Verify the signature ... 424 Signature sigVerf = null; 425 if (sigProvider.isEmpty()) { 426 sigVerf = Signature.getInstance(algId.getName()); 427 } else { 428 sigVerf = Signature.getInstance(algId.getName(), sigProvider); 429 } 430 431 sigVerf.initVerify(key); 432 433 // set parameters after Signature.initSign/initVerify call, 434 // so the deferred provider selection happens when key is set 435 try { 436 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams()); 437 } catch (ProviderException e) { 438 throw new CertificateException(e.getMessage(), e.getCause()); 439 } catch (InvalidAlgorithmParameterException e) { 440 throw new CertificateException(e); 441 } 442 443 byte[] rawCert = info.getEncodedInfo(); 444 sigVerf.update(rawCert, 0, rawCert.length); 445 446 // verify may throw SignatureException for invalid encodings, etc. 447 verificationResult = sigVerf.verify(signature); 448 verifiedPublicKey = key; 449 verifiedProvider = sigProvider; 450 451 if (verificationResult == false) { 452 throw new SignatureException("Signature does not match."); 453 } 454 } 455 456 /** 461 * Successfully verifying a certificate does <em>not</em> indicate that one 462 * should trust the entity which it represents. 463 * 464 * @param key the public key used for verification. 465 * @param sigProvider the provider. 466 * 467 * @exception NoSuchAlgorithmException on unsupported signature 468 * algorithms. 469 * @exception InvalidKeyException on incorrect key. 470 * @exception SignatureException on signature errors. 471 * @exception CertificateException on encoding errors. 472 */ 473 public synchronized void verify(PublicKey key, Provider sigProvider) 474 throws CertificateException, NoSuchAlgorithmException, 475 InvalidKeyException, SignatureException { 476 if (signedCert == null) { 477 throw new CertificateEncodingException("Uninitialized certificate"); 478 } 479 // Verify the signature ... 480 Signature sigVerf = null; 481 if (sigProvider == null) { 482 sigVerf = Signature.getInstance(algId.getName()); 483 } else { 484 sigVerf = Signature.getInstance(algId.getName(), sigProvider); 485 } 486 487 sigVerf.initVerify(key); 488 489 // set parameters after Signature.initSign/initVerify call, 490 // so the deferred provider selection happens when key is set 491 try { 492 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams()); 493 } catch (ProviderException e) { 494 throw new CertificateException(e.getMessage(), e.getCause()); 495 } catch (InvalidAlgorithmParameterException e) { 496 throw new CertificateException(e); 497 } 498 499 byte[] rawCert = info.getEncodedInfo(); 500 sigVerf.update(rawCert, 0, rawCert.length); 501 502 // verify may throw SignatureException for invalid encodings, etc. 503 verificationResult = sigVerf.verify(signature); 504 verifiedPublicKey = key; 505 506 if (verificationResult == false) { 507 throw new SignatureException("Signature does not match."); 508 } 509 } 510 511 /** 512 * Creates an X.509 certificate, and signs it using the given key 570 * @param key the private key used for signing 571 * @param signingParams the parameters used for signing 572 * @param algorithm the name of the signature algorithm used 573 * @param provider the name of the provider, may be null 574 * 575 * @exception NoSuchAlgorithmException on unsupported signature 576 * algorithms 577 * @exception InvalidKeyException on incorrect key 578 * @exception InvalidAlgorithmParameterException on invalid signature 579 * parameters 580 * @exception NoSuchProviderException on incorrect provider 581 * @exception SignatureException on signature errors 582 * @exception CertificateException on encoding errors 583 */ 584 public void sign(PrivateKey key, AlgorithmParameterSpec signingParams, 585 String algorithm, String provider) 586 throws CertificateException, NoSuchAlgorithmException, 587 InvalidKeyException, InvalidAlgorithmParameterException, 588 NoSuchProviderException, SignatureException { 589 try { 590 if (readOnly) 591 throw new CertificateEncodingException( 592 "cannot over-write existing certificate"); 593 Signature sigEngine = null; 594 if (provider == null || provider.isEmpty()) 595 sigEngine = Signature.getInstance(algorithm); 596 else 597 sigEngine = Signature.getInstance(algorithm, provider); 598 599 sigEngine.initSign(key); 600 601 if (signingParams != null) { 602 // set parameters after Signature.initSign/initVerify call, so 603 // the deferred provider selection happens when the key is set 604 sigEngine.setParameter(signingParams); 605 } 606 607 // in case the name is reset 608 if (signingParams != null) { 609 algId = AlgorithmId.get(sigEngine.getParameters()); 610 } else { 611 algId = AlgorithmId.get(algorithm); 612 } 613 DerOutputStream out = new DerOutputStream(); 614 DerOutputStream tmp = new DerOutputStream(); 615 616 // encode certificate info 617 info.encode(tmp); 618 byte[] rawCert = tmp.toByteArray(); 619 620 // encode algorithm identifier 621 algId.encode(tmp); 622 623 // Create and encode the signature itself. 624 sigEngine.update(rawCert, 0, rawCert.length); 625 signature = sigEngine.sign(); |