36
37 import java.security.Provider.Service;
38
39 import javax.crypto.Cipher;
40 import javax.crypto.CipherSpi;
41 import javax.crypto.IllegalBlockSizeException;
42 import javax.crypto.BadPaddingException;
43 import javax.crypto.NoSuchPaddingException;
44
45 import sun.security.util.Debug;
46 import sun.security.jca.*;
47 import sun.security.jca.GetInstance.Instance;
48
49 /**
50 * The Signature class is used to provide applications the functionality
51 * of a digital signature algorithm. Digital signatures are used for
52 * authentication and integrity assurance of digital data.
53 *
54 * <p> The signature algorithm can be, among others, the NIST standard
55 * DSA, using DSA and SHA-1. The DSA algorithm using the
56 * SHA-1 message digest algorithm can be specified as <tt>SHA1withDSA</tt>.
57 * In the case of RSA, there are multiple choices for the message digest
58 * algorithm, so the signing algorithm could be specified as, for example,
59 * <tt>MD2withRSA</tt>, <tt>MD5withRSA</tt>, or <tt>SHA1withRSA</tt>.
60 * The algorithm name must be specified, as there is no default.
61 *
62 * <p> A Signature object can be used to generate and verify digital
63 * signatures.
64 *
65 * <p> There are three phases to the use of a Signature object for
66 * either signing data or verifying a signature:<ol>
67 *
68 * <li>Initialization, with either
69 *
70 * <ul>
71 *
72 * <li>a public key, which initializes the signature for
73 * verification (see {@link #initVerify(PublicKey) initVerify}), or
74 *
75 * <li>a private key (and optionally a Secure Random Number Generator),
76 * which initializes the signature for signing
77 * (see {@link #initSign(PrivateKey)}
78 * and {@link #initSign(PrivateKey, SecureRandom)}).
79 *
80 * </ul><p>
81 *
82 * <li>Updating<p>
83 *
84 * <p>Depending on the type of initialization, this will update the
85 * bytes to be signed or verified. See the
86 * {@link #update(byte) update} methods.<p>
87 *
88 * <li>Signing or Verifying a signature on all updated bytes. See the
89 * {@link #sign() sign} methods and the {@link #verify(byte[]) verify}
90 * method.
91 *
92 * </ol>
93 *
94 * <p>Note that this class is abstract and extends from
95 * <code>SignatureSpi</code> for historical reasons.
96 * Application developers should only take notice of the methods defined in
97 * this <code>Signature</code> class; all the methods in
98 * the superclass are intended for cryptographic service providers who wish to
99 * supply their own implementations of digital signature algorithms.
100 *
101 * <p> Every implementation of the Java platform is required to support the
102 * following standard <code>Signature</code> algorithms:
103 * <ul>
104 * <li><tt>SHA1withDSA</tt></li>
105 * <li><tt>SHA1withRSA</tt></li>
106 * <li><tt>SHA256withRSA</tt></li>
107 * </ul>
108 * These algorithms are described in the <a href=
109 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
110 * Signature section</a> of the
111 * Java Cryptography Architecture Standard Algorithm Name Documentation.
112 * Consult the release documentation for your implementation to see if any
113 * other algorithms are supported.
114 *
115 * @author Benjamin Renaud
116 *
117 */
118
119 public abstract class Signature extends SignatureSpi {
120
121 private static final Debug debug =
122 Debug.getInstance("jca", "Signature");
123
124 /*
125 * The algorithm for this signature object.
126 * This value is used to map an OID to the particular algorithm.
444 *
445 * @param publicKey the public key of the identity whose signature is
446 * going to be verified.
447 *
448 * @exception InvalidKeyException if the key is invalid.
449 */
450 public final void initVerify(PublicKey publicKey)
451 throws InvalidKeyException {
452 engineInitVerify(publicKey);
453 state = VERIFY;
454 }
455
456 /**
457 * Initializes this object for verification, using the public key from
458 * the given certificate.
459 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
460 * extension field marked as critical, and the value of the <i>key usage</i>
461 * extension field implies that the public key in
462 * the certificate and its corresponding private key are not
463 * supposed to be used for digital signatures, an
464 * <code>InvalidKeyException</code> is thrown.
465 *
466 * @param certificate the certificate of the identity whose signature is
467 * going to be verified.
468 *
469 * @exception InvalidKeyException if the public key in the certificate
470 * is not encoded properly or does not include required parameter
471 * information or cannot be used for digital signature purposes.
472 * @since 1.3
473 */
474 public final void initVerify(Certificate certificate)
475 throws InvalidKeyException {
476 // If the certificate is of type X509Certificate,
477 // we should check whether it has a Key Usage
478 // extension marked as critical.
479 if (certificate instanceof java.security.cert.X509Certificate) {
480 // Check whether the cert has a key usage extension
481 // marked as a critical extension.
482 // The OID for KeyUsage extension is 2.5.29.15.
483 X509Certificate cert = (X509Certificate)certificate;
484 Set<String> critSet = cert.getCriticalExtensionOIDs();
521 * @param privateKey the private key of the identity whose signature
522 * is going to be generated.
523 *
524 * @param random the source of randomness for this signature.
525 *
526 * @exception InvalidKeyException if the key is invalid.
527 */
528 public final void initSign(PrivateKey privateKey, SecureRandom random)
529 throws InvalidKeyException {
530 engineInitSign(privateKey, random);
531 state = SIGN;
532 }
533
534 /**
535 * Returns the signature bytes of all the data updated.
536 * The format of the signature depends on the underlying
537 * signature scheme.
538 *
539 * <p>A call to this method resets this signature object to the state
540 * it was in when previously initialized for signing via a
541 * call to <code>initSign(PrivateKey)</code>. That is, the object is
542 * reset and available to generate another signature from the same
543 * signer, if desired, via new calls to <code>update</code> and
544 * <code>sign</code>.
545 *
546 * @return the signature bytes of the signing operation's result.
547 *
548 * @exception SignatureException if this signature object is not
549 * initialized properly or if this signature algorithm is unable to
550 * process the input data provided.
551 */
552 public final byte[] sign() throws SignatureException {
553 if (state == SIGN) {
554 return engineSign();
555 }
556 throw new SignatureException("object not initialized for " +
557 "signing");
558 }
559
560 /**
561 * Finishes the signature operation and stores the resulting signature
562 * bytes in the provided buffer <code>outbuf</code>, starting at
563 * <code>offset</code>.
564 * The format of the signature depends on the underlying
565 * signature scheme.
566 *
567 * <p>This signature object is reset to its initial state (the state it
568 * was in after a call to one of the <code>initSign</code> methods) and
569 * can be reused to generate further signatures with the same private key.
570 *
571 * @param outbuf buffer for the signature result.
572 *
573 * @param offset offset into <code>outbuf</code> where the signature is
574 * stored.
575 *
576 * @param len number of bytes within <code>outbuf</code> allotted for the
577 * signature.
578 *
579 * @return the number of bytes placed into <code>outbuf</code>.
580 *
581 * @exception SignatureException if this signature object is not
582 * initialized properly, if this signature algorithm is unable to
583 * process the input data provided, or if <code>len</code> is less
584 * than the actual signature length.
585 *
586 * @since 1.2
587 */
588 public final int sign(byte[] outbuf, int offset, int len)
589 throws SignatureException {
590 if (outbuf == null) {
591 throw new IllegalArgumentException("No output buffer given");
592 }
593 if (outbuf.length - offset < len) {
594 throw new IllegalArgumentException
595 ("Output buffer too small for specified offset and length");
596 }
597 if (state != SIGN) {
598 throw new SignatureException("object not initialized for " +
599 "signing");
600 }
601 return engineSign(outbuf, offset, len);
602 }
603
604 /**
605 * Verifies the passed-in signature.
606 *
607 * <p>A call to this method resets this signature object to the state
608 * it was in when previously initialized for verification via a
609 * call to <code>initVerify(PublicKey)</code>. That is, the object is
610 * reset and available to verify another signature from the identity
611 * whose public key was specified in the call to <code>initVerify</code>.
612 *
613 * @param signature the signature bytes to be verified.
614 *
615 * @return true if the signature was verified, false if not.
616 *
617 * @exception SignatureException if this signature object is not
618 * initialized properly, the passed-in signature is improperly
619 * encoded or of the wrong type, if this signature algorithm is unable to
620 * process the input data provided, etc.
621 */
622 public final boolean verify(byte[] signature) throws SignatureException {
623 if (state == VERIFY) {
624 return engineVerify(signature);
625 }
626 throw new SignatureException("object not initialized for " +
627 "verification");
628 }
629
630 /**
631 * Verifies the passed-in signature in the specified array
632 * of bytes, starting at the specified offset.
633 *
634 * <p>A call to this method resets this signature object to the state
635 * it was in when previously initialized for verification via a
636 * call to <code>initVerify(PublicKey)</code>. That is, the object is
637 * reset and available to verify another signature from the identity
638 * whose public key was specified in the call to <code>initVerify</code>.
639 *
640 *
641 * @param signature the signature bytes to be verified.
642 * @param offset the offset to start from in the array of bytes.
643 * @param length the number of bytes to use, starting at offset.
644 *
645 * @return true if the signature was verified, false if not.
646 *
647 * @exception SignatureException if this signature object is not
648 * initialized properly, the passed-in signature is improperly
649 * encoded or of the wrong type, if this signature algorithm is unable to
650 * process the input data provided, etc.
651 * @exception IllegalArgumentException if the <code>signature</code>
652 * byte array is null, or the <code>offset</code> or <code>length</code>
653 * is less than 0, or the sum of the <code>offset</code> and
654 * <code>length</code> is greater than the length of the
655 * <code>signature</code> byte array.
656 * @since 1.4
657 */
658 public final boolean verify(byte[] signature, int offset, int length)
659 throws SignatureException {
660 if (state == VERIFY) {
661 if ((signature == null) || (offset < 0) || (length < 0) ||
662 (length > signature.length - offset)) {
663 throw new IllegalArgumentException("Bad arguments");
664 }
665
666 return engineVerify(signature, offset, length);
667 }
668 throw new SignatureException("object not initialized for " +
669 "verification");
670 }
671
672 /**
673 * Updates the data to be signed or verified by a byte.
674 *
675 * @param b the byte to use for the update.
705 *
706 * @param data the array of bytes.
707 * @param off the offset to start from in the array of bytes.
708 * @param len the number of bytes to use, starting at offset.
709 *
710 * @exception SignatureException if this signature object is not
711 * initialized properly.
712 */
713 public final void update(byte[] data, int off, int len)
714 throws SignatureException {
715 if (state == SIGN || state == VERIFY) {
716 engineUpdate(data, off, len);
717 } else {
718 throw new SignatureException("object not initialized for "
719 + "signature or verification");
720 }
721 }
722
723 /**
724 * Updates the data to be signed or verified using the specified
725 * ByteBuffer. Processes the <code>data.remaining()</code> bytes
726 * starting at at <code>data.position()</code>.
727 * Upon return, the buffer's position will be equal to its limit;
728 * its limit will not have changed.
729 *
730 * @param data the ByteBuffer
731 *
732 * @exception SignatureException if this signature object is not
733 * initialized properly.
734 * @since 1.5
735 */
736 public final void update(ByteBuffer data) throws SignatureException {
737 if ((state != SIGN) && (state != VERIFY)) {
738 throw new SignatureException("object not initialized for "
739 + "signature or verification");
740 }
741 if (data == null) {
742 throw new NullPointerException();
743 }
744 engineUpdate(data);
745 }
746
773 initState = "<initialized for signing>";
774 break;
775 }
776 return "Signature object: " + getAlgorithm() + initState;
777 }
778
779 /**
780 * Sets the specified algorithm parameter to the specified value.
781 * This method supplies a general-purpose mechanism through
782 * which it is possible to set the various parameters of this object.
783 * A parameter may be any settable parameter for the algorithm, such as
784 * a parameter size, or a source of random bits for signature generation
785 * (if appropriate), or an indication of whether or not to perform
786 * a specific but optional computation. A uniform algorithm-specific
787 * naming scheme for each parameter is desirable but left unspecified
788 * at this time.
789 *
790 * @param param the string identifier of the parameter.
791 * @param value the parameter value.
792 *
793 * @exception InvalidParameterException if <code>param</code> is an
794 * invalid parameter for this signature algorithm engine,
795 * the parameter is already set
796 * and cannot be set again, a security exception occurs, and so on.
797 *
798 * @see #getParameter
799 *
800 * @deprecated Use
801 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
802 * setParameter}.
803 */
804 @Deprecated
805 public final void setParameter(String param, Object value)
806 throws InvalidParameterException {
807 engineSetParameter(param, value);
808 }
809
810 /**
811 * Initializes this signature engine with the specified parameter set.
812 *
813 * @param params the parameters
839 */
840 public final AlgorithmParameters getParameters() {
841 return engineGetParameters();
842 }
843
844 /**
845 * Gets the value of the specified algorithm parameter. This method
846 * supplies a general-purpose mechanism through which it is possible to
847 * get the various parameters of this object. A parameter may be any
848 * settable parameter for the algorithm, such as a parameter size, or
849 * a source of random bits for signature generation (if appropriate),
850 * or an indication of whether or not to perform a specific but optional
851 * computation. A uniform algorithm-specific naming scheme for each
852 * parameter is desirable but left unspecified at this time.
853 *
854 * @param param the string name of the parameter.
855 *
856 * @return the object that represents the parameter value, or null if
857 * there is none.
858 *
859 * @exception InvalidParameterException if <code>param</code> is an invalid
860 * parameter for this engine, or another exception occurs while
861 * trying to get this parameter.
862 *
863 * @see #setParameter(String, Object)
864 *
865 * @deprecated
866 */
867 @Deprecated
868 public final Object getParameter(String param)
869 throws InvalidParameterException {
870 return engineGetParameter(param);
871 }
872
873 /**
874 * Returns a clone if the implementation is cloneable.
875 *
876 * @return a clone if the implementation is cloneable.
877 *
878 * @exception CloneNotSupportedException if this is called
879 * on an implementation that does not support <code>Cloneable</code>.
880 */
881 public Object clone() throws CloneNotSupportedException {
882 if (this instanceof Cloneable) {
883 return super.clone();
884 } else {
885 throw new CloneNotSupportedException();
886 }
887 }
888
889 /*
890 * The following class allows providers to extend from SignatureSpi
891 * rather than from Signature. It represents a Signature with an
892 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
893 * If the provider implementation is an instance of SignatureSpi, the
894 * getInstance() methods above return an instance of this class, with
895 * the SPI object encapsulated.
896 *
897 * Note: All SPI methods from the original Signature class have been
898 * moved up the hierarchy into a new class (SignatureSpi), which has
899 * been interposed in the hierarchy between the API (Signature)
923 super(algorithm);
924 this.sigSpi = sigSpi;
925 this.lock = null; // no lock needed
926 }
927
928 // used with delayed provider selection
929 Delegate(Service service,
930 Iterator<Service> iterator, String algorithm) {
931 super(algorithm);
932 this.firstService = service;
933 this.serviceIterator = iterator;
934 this.lock = new Object();
935 }
936
937 /**
938 * Returns a clone if the delegate is cloneable.
939 *
940 * @return a clone if the delegate is cloneable.
941 *
942 * @exception CloneNotSupportedException if this is called on a
943 * delegate that does not support <code>Cloneable</code>.
944 */
945 public Object clone() throws CloneNotSupportedException {
946 chooseFirstProvider();
947 if (sigSpi instanceof Cloneable) {
948 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
949 // Because 'algorithm' and 'provider' are private
950 // members of our supertype, we must perform a cast to
951 // access them.
952 Signature that =
953 new Delegate(sigSpiClone, ((Signature)this).algorithm);
954 that.provider = ((Signature)this).provider;
955 return that;
956 } else {
957 throw new CloneNotSupportedException();
958 }
959 }
960
961 private static SignatureSpi newInstance(Service s)
962 throws NoSuchAlgorithmException {
963 if (s.getType().equals("Cipher")) {
|
36
37 import java.security.Provider.Service;
38
39 import javax.crypto.Cipher;
40 import javax.crypto.CipherSpi;
41 import javax.crypto.IllegalBlockSizeException;
42 import javax.crypto.BadPaddingException;
43 import javax.crypto.NoSuchPaddingException;
44
45 import sun.security.util.Debug;
46 import sun.security.jca.*;
47 import sun.security.jca.GetInstance.Instance;
48
49 /**
50 * The Signature class is used to provide applications the functionality
51 * of a digital signature algorithm. Digital signatures are used for
52 * authentication and integrity assurance of digital data.
53 *
54 * <p> The signature algorithm can be, among others, the NIST standard
55 * DSA, using DSA and SHA-1. The DSA algorithm using the
56 * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}.
57 * In the case of RSA, there are multiple choices for the message digest
58 * algorithm, so the signing algorithm could be specified as, for example,
59 * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}.
60 * The algorithm name must be specified, as there is no default.
61 *
62 * <p> A Signature object can be used to generate and verify digital
63 * signatures.
64 *
65 * <p> There are three phases to the use of a Signature object for
66 * either signing data or verifying a signature:<ol>
67 *
68 * <li>Initialization, with either
69 *
70 * <ul>
71 *
72 * <li>a public key, which initializes the signature for
73 * verification (see {@link #initVerify(PublicKey) initVerify}), or
74 *
75 * <li>a private key (and optionally a Secure Random Number Generator),
76 * which initializes the signature for signing
77 * (see {@link #initSign(PrivateKey)}
78 * and {@link #initSign(PrivateKey, SecureRandom)}).
79 *
80 * </ul><p>
81 *
82 * <li>Updating<p>
83 *
84 * <p>Depending on the type of initialization, this will update the
85 * bytes to be signed or verified. See the
86 * {@link #update(byte) update} methods.<p>
87 *
88 * <li>Signing or Verifying a signature on all updated bytes. See the
89 * {@link #sign() sign} methods and the {@link #verify(byte[]) verify}
90 * method.
91 *
92 * </ol>
93 *
94 * <p>Note that this class is abstract and extends from
95 * {@code SignatureSpi} for historical reasons.
96 * Application developers should only take notice of the methods defined in
97 * this {@code Signature} class; all the methods in
98 * the superclass are intended for cryptographic service providers who wish to
99 * supply their own implementations of digital signature algorithms.
100 *
101 * <p> Every implementation of the Java platform is required to support the
102 * following standard {@code Signature} algorithms:
103 * <ul>
104 * <li>{@code SHA1withDSA}</li>
105 * <li>{@code SHA1withRSA}</li>
106 * <li>{@code SHA256withRSA}</li>
107 * </ul>
108 * These algorithms are described in the <a href=
109 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
110 * Signature section</a> of the
111 * Java Cryptography Architecture Standard Algorithm Name Documentation.
112 * Consult the release documentation for your implementation to see if any
113 * other algorithms are supported.
114 *
115 * @author Benjamin Renaud
116 *
117 */
118
119 public abstract class Signature extends SignatureSpi {
120
121 private static final Debug debug =
122 Debug.getInstance("jca", "Signature");
123
124 /*
125 * The algorithm for this signature object.
126 * This value is used to map an OID to the particular algorithm.
444 *
445 * @param publicKey the public key of the identity whose signature is
446 * going to be verified.
447 *
448 * @exception InvalidKeyException if the key is invalid.
449 */
450 public final void initVerify(PublicKey publicKey)
451 throws InvalidKeyException {
452 engineInitVerify(publicKey);
453 state = VERIFY;
454 }
455
456 /**
457 * Initializes this object for verification, using the public key from
458 * the given certificate.
459 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
460 * extension field marked as critical, and the value of the <i>key usage</i>
461 * extension field implies that the public key in
462 * the certificate and its corresponding private key are not
463 * supposed to be used for digital signatures, an
464 * {@code InvalidKeyException} is thrown.
465 *
466 * @param certificate the certificate of the identity whose signature is
467 * going to be verified.
468 *
469 * @exception InvalidKeyException if the public key in the certificate
470 * is not encoded properly or does not include required parameter
471 * information or cannot be used for digital signature purposes.
472 * @since 1.3
473 */
474 public final void initVerify(Certificate certificate)
475 throws InvalidKeyException {
476 // If the certificate is of type X509Certificate,
477 // we should check whether it has a Key Usage
478 // extension marked as critical.
479 if (certificate instanceof java.security.cert.X509Certificate) {
480 // Check whether the cert has a key usage extension
481 // marked as a critical extension.
482 // The OID for KeyUsage extension is 2.5.29.15.
483 X509Certificate cert = (X509Certificate)certificate;
484 Set<String> critSet = cert.getCriticalExtensionOIDs();
521 * @param privateKey the private key of the identity whose signature
522 * is going to be generated.
523 *
524 * @param random the source of randomness for this signature.
525 *
526 * @exception InvalidKeyException if the key is invalid.
527 */
528 public final void initSign(PrivateKey privateKey, SecureRandom random)
529 throws InvalidKeyException {
530 engineInitSign(privateKey, random);
531 state = SIGN;
532 }
533
534 /**
535 * Returns the signature bytes of all the data updated.
536 * The format of the signature depends on the underlying
537 * signature scheme.
538 *
539 * <p>A call to this method resets this signature object to the state
540 * it was in when previously initialized for signing via a
541 * call to {@code initSign(PrivateKey)}. That is, the object is
542 * reset and available to generate another signature from the same
543 * signer, if desired, via new calls to {@code update} and
544 * {@code sign}.
545 *
546 * @return the signature bytes of the signing operation's result.
547 *
548 * @exception SignatureException if this signature object is not
549 * initialized properly or if this signature algorithm is unable to
550 * process the input data provided.
551 */
552 public final byte[] sign() throws SignatureException {
553 if (state == SIGN) {
554 return engineSign();
555 }
556 throw new SignatureException("object not initialized for " +
557 "signing");
558 }
559
560 /**
561 * Finishes the signature operation and stores the resulting signature
562 * bytes in the provided buffer {@code outbuf}, starting at
563 * {@code offset}.
564 * The format of the signature depends on the underlying
565 * signature scheme.
566 *
567 * <p>This signature object is reset to its initial state (the state it
568 * was in after a call to one of the {@code initSign} methods) and
569 * can be reused to generate further signatures with the same private key.
570 *
571 * @param outbuf buffer for the signature result.
572 *
573 * @param offset offset into {@code outbuf} where the signature is
574 * stored.
575 *
576 * @param len number of bytes within {@code outbuf} allotted for the
577 * signature.
578 *
579 * @return the number of bytes placed into {@code outbuf}.
580 *
581 * @exception SignatureException if this signature object is not
582 * initialized properly, if this signature algorithm is unable to
583 * process the input data provided, or if {@code len} is less
584 * than the actual signature length.
585 *
586 * @since 1.2
587 */
588 public final int sign(byte[] outbuf, int offset, int len)
589 throws SignatureException {
590 if (outbuf == null) {
591 throw new IllegalArgumentException("No output buffer given");
592 }
593 if (outbuf.length - offset < len) {
594 throw new IllegalArgumentException
595 ("Output buffer too small for specified offset and length");
596 }
597 if (state != SIGN) {
598 throw new SignatureException("object not initialized for " +
599 "signing");
600 }
601 return engineSign(outbuf, offset, len);
602 }
603
604 /**
605 * Verifies the passed-in signature.
606 *
607 * <p>A call to this method resets this signature object to the state
608 * it was in when previously initialized for verification via a
609 * call to {@code initVerify(PublicKey)}. That is, the object is
610 * reset and available to verify another signature from the identity
611 * whose public key was specified in the call to {@code initVerify}.
612 *
613 * @param signature the signature bytes to be verified.
614 *
615 * @return true if the signature was verified, false if not.
616 *
617 * @exception SignatureException if this signature object is not
618 * initialized properly, the passed-in signature is improperly
619 * encoded or of the wrong type, if this signature algorithm is unable to
620 * process the input data provided, etc.
621 */
622 public final boolean verify(byte[] signature) throws SignatureException {
623 if (state == VERIFY) {
624 return engineVerify(signature);
625 }
626 throw new SignatureException("object not initialized for " +
627 "verification");
628 }
629
630 /**
631 * Verifies the passed-in signature in the specified array
632 * of bytes, starting at the specified offset.
633 *
634 * <p>A call to this method resets this signature object to the state
635 * it was in when previously initialized for verification via a
636 * call to {@code initVerify(PublicKey)}. That is, the object is
637 * reset and available to verify another signature from the identity
638 * whose public key was specified in the call to {@code initVerify}.
639 *
640 *
641 * @param signature the signature bytes to be verified.
642 * @param offset the offset to start from in the array of bytes.
643 * @param length the number of bytes to use, starting at offset.
644 *
645 * @return true if the signature was verified, false if not.
646 *
647 * @exception SignatureException if this signature object is not
648 * initialized properly, the passed-in signature is improperly
649 * encoded or of the wrong type, if this signature algorithm is unable to
650 * process the input data provided, etc.
651 * @exception IllegalArgumentException if the {@code signature}
652 * byte array is null, or the {@code offset} or {@code length}
653 * is less than 0, or the sum of the {@code offset} and
654 * {@code length} is greater than the length of the
655 * {@code signature} byte array.
656 * @since 1.4
657 */
658 public final boolean verify(byte[] signature, int offset, int length)
659 throws SignatureException {
660 if (state == VERIFY) {
661 if ((signature == null) || (offset < 0) || (length < 0) ||
662 (length > signature.length - offset)) {
663 throw new IllegalArgumentException("Bad arguments");
664 }
665
666 return engineVerify(signature, offset, length);
667 }
668 throw new SignatureException("object not initialized for " +
669 "verification");
670 }
671
672 /**
673 * Updates the data to be signed or verified by a byte.
674 *
675 * @param b the byte to use for the update.
705 *
706 * @param data the array of bytes.
707 * @param off the offset to start from in the array of bytes.
708 * @param len the number of bytes to use, starting at offset.
709 *
710 * @exception SignatureException if this signature object is not
711 * initialized properly.
712 */
713 public final void update(byte[] data, int off, int len)
714 throws SignatureException {
715 if (state == SIGN || state == VERIFY) {
716 engineUpdate(data, off, len);
717 } else {
718 throw new SignatureException("object not initialized for "
719 + "signature or verification");
720 }
721 }
722
723 /**
724 * Updates the data to be signed or verified using the specified
725 * ByteBuffer. Processes the {@code data.remaining()} bytes
726 * starting at at {@code data.position()}.
727 * Upon return, the buffer's position will be equal to its limit;
728 * its limit will not have changed.
729 *
730 * @param data the ByteBuffer
731 *
732 * @exception SignatureException if this signature object is not
733 * initialized properly.
734 * @since 1.5
735 */
736 public final void update(ByteBuffer data) throws SignatureException {
737 if ((state != SIGN) && (state != VERIFY)) {
738 throw new SignatureException("object not initialized for "
739 + "signature or verification");
740 }
741 if (data == null) {
742 throw new NullPointerException();
743 }
744 engineUpdate(data);
745 }
746
773 initState = "<initialized for signing>";
774 break;
775 }
776 return "Signature object: " + getAlgorithm() + initState;
777 }
778
779 /**
780 * Sets the specified algorithm parameter to the specified value.
781 * This method supplies a general-purpose mechanism through
782 * which it is possible to set the various parameters of this object.
783 * A parameter may be any settable parameter for the algorithm, such as
784 * a parameter size, or a source of random bits for signature generation
785 * (if appropriate), or an indication of whether or not to perform
786 * a specific but optional computation. A uniform algorithm-specific
787 * naming scheme for each parameter is desirable but left unspecified
788 * at this time.
789 *
790 * @param param the string identifier of the parameter.
791 * @param value the parameter value.
792 *
793 * @exception InvalidParameterException if {@code param} is an
794 * invalid parameter for this signature algorithm engine,
795 * the parameter is already set
796 * and cannot be set again, a security exception occurs, and so on.
797 *
798 * @see #getParameter
799 *
800 * @deprecated Use
801 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
802 * setParameter}.
803 */
804 @Deprecated
805 public final void setParameter(String param, Object value)
806 throws InvalidParameterException {
807 engineSetParameter(param, value);
808 }
809
810 /**
811 * Initializes this signature engine with the specified parameter set.
812 *
813 * @param params the parameters
839 */
840 public final AlgorithmParameters getParameters() {
841 return engineGetParameters();
842 }
843
844 /**
845 * Gets the value of the specified algorithm parameter. This method
846 * supplies a general-purpose mechanism through which it is possible to
847 * get the various parameters of this object. A parameter may be any
848 * settable parameter for the algorithm, such as a parameter size, or
849 * a source of random bits for signature generation (if appropriate),
850 * or an indication of whether or not to perform a specific but optional
851 * computation. A uniform algorithm-specific naming scheme for each
852 * parameter is desirable but left unspecified at this time.
853 *
854 * @param param the string name of the parameter.
855 *
856 * @return the object that represents the parameter value, or null if
857 * there is none.
858 *
859 * @exception InvalidParameterException if {@code param} is an invalid
860 * parameter for this engine, or another exception occurs while
861 * trying to get this parameter.
862 *
863 * @see #setParameter(String, Object)
864 *
865 * @deprecated
866 */
867 @Deprecated
868 public final Object getParameter(String param)
869 throws InvalidParameterException {
870 return engineGetParameter(param);
871 }
872
873 /**
874 * Returns a clone if the implementation is cloneable.
875 *
876 * @return a clone if the implementation is cloneable.
877 *
878 * @exception CloneNotSupportedException if this is called
879 * on an implementation that does not support {@code Cloneable}.
880 */
881 public Object clone() throws CloneNotSupportedException {
882 if (this instanceof Cloneable) {
883 return super.clone();
884 } else {
885 throw new CloneNotSupportedException();
886 }
887 }
888
889 /*
890 * The following class allows providers to extend from SignatureSpi
891 * rather than from Signature. It represents a Signature with an
892 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
893 * If the provider implementation is an instance of SignatureSpi, the
894 * getInstance() methods above return an instance of this class, with
895 * the SPI object encapsulated.
896 *
897 * Note: All SPI methods from the original Signature class have been
898 * moved up the hierarchy into a new class (SignatureSpi), which has
899 * been interposed in the hierarchy between the API (Signature)
923 super(algorithm);
924 this.sigSpi = sigSpi;
925 this.lock = null; // no lock needed
926 }
927
928 // used with delayed provider selection
929 Delegate(Service service,
930 Iterator<Service> iterator, String algorithm) {
931 super(algorithm);
932 this.firstService = service;
933 this.serviceIterator = iterator;
934 this.lock = new Object();
935 }
936
937 /**
938 * Returns a clone if the delegate is cloneable.
939 *
940 * @return a clone if the delegate is cloneable.
941 *
942 * @exception CloneNotSupportedException if this is called on a
943 * delegate that does not support {@code Cloneable}.
944 */
945 public Object clone() throws CloneNotSupportedException {
946 chooseFirstProvider();
947 if (sigSpi instanceof Cloneable) {
948 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
949 // Because 'algorithm' and 'provider' are private
950 // members of our supertype, we must perform a cast to
951 // access them.
952 Signature that =
953 new Delegate(sigSpiClone, ((Signature)this).algorithm);
954 that.provider = ((Signature)this).provider;
955 return that;
956 } else {
957 throw new CloneNotSupportedException();
958 }
959 }
960
961 private static SignatureSpi newInstance(Service s)
962 throws NoSuchAlgorithmException {
963 if (s.getType().equals("Cipher")) {
|