1 /* 2 * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.security.spec.AlgorithmParameterSpec; 29 import java.util.*; 30 import java.util.concurrent.ConcurrentHashMap; 31 import java.io.*; 32 import java.security.cert.Certificate; 33 import java.security.cert.X509Certificate; 34 35 import java.nio.ByteBuffer; 36 37 import java.security.Provider.Service; 38 39 import javax.crypto.Cipher; 40 import javax.crypto.CipherSpi; 41 import javax.crypto.IllegalBlockSizeException; 42 import javax.crypto.BadPaddingException; 43 import javax.crypto.NoSuchPaddingException; 44 45 import sun.security.util.Debug; 46 import sun.security.jca.*; 47 import sun.security.jca.GetInstance.Instance; 48 49 /** 50 * The Signature class is used to provide applications the functionality 51 * of a digital signature algorithm. Digital signatures are used for 52 * authentication and integrity assurance of digital data. 53 * 54 * <p> The signature algorithm can be, among others, the NIST standard 55 * DSA, using DSA and SHA-1. The DSA algorithm using the 56 * SHA-1 message digest algorithm can be specified as <tt>SHA1withDSA</tt>. 57 * In the case of RSA, there are multiple choices for the message digest 58 * algorithm, so the signing algorithm could be specified as, for example, 59 * <tt>MD2withRSA</tt>, <tt>MD5withRSA</tt>, or <tt>SHA1withRSA</tt>. 60 * The algorithm name must be specified, as there is no default. 61 * 62 * <p> A Signature object can be used to generate and verify digital 63 * signatures. 64 * 65 * <p> There are three phases to the use of a Signature object for 66 * either signing data or verifying a signature:<ol> 67 * 68 * <li>Initialization, with either 69 * 70 * <ul> 71 * 72 * <li>a public key, which initializes the signature for 73 * verification (see {@link #initVerify(PublicKey) initVerify}), or 74 * 75 * <li>a private key (and optionally a Secure Random Number Generator), 76 * which initializes the signature for signing 77 * (see {@link #initSign(PrivateKey)} 78 * and {@link #initSign(PrivateKey, SecureRandom)}). 79 * 80 * </ul><p> 81 * 82 * <li>Updating<p> 83 * 84 * <p>Depending on the type of initialization, this will update the 85 * bytes to be signed or verified. See the 86 * {@link #update(byte) update} methods.<p> 87 * 88 * <li>Signing or Verifying a signature on all updated bytes. See the 89 * {@link #sign() sign} methods and the {@link #verify(byte[]) verify} 90 * method. 91 * 92 * </ol> 93 * 94 * <p>Note that this class is abstract and extends from 95 * <code>SignatureSpi</code> for historical reasons. 96 * Application developers should only take notice of the methods defined in 97 * this <code>Signature</code> class; all the methods in 98 * the superclass are intended for cryptographic service providers who wish to 99 * supply their own implementations of digital signature algorithms. 100 * 101 * <p> Every implementation of the Java platform is required to support the 102 * following standard <code>Signature</code> algorithms: 103 * <ul> 104 * <li><tt>SHA1withDSA</tt></li> 105 * <li><tt>SHA1withRSA</tt></li> 106 * <li><tt>SHA256withRSA</tt></li> 107 * </ul> 108 * These algorithms are described in the <a href= 109 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature"> 110 * Signature section</a> of the 111 * Java Cryptography Architecture Standard Algorithm Name Documentation. 112 * Consult the release documentation for your implementation to see if any 113 * other algorithms are supported. 114 * 115 * @author Benjamin Renaud 116 * 117 */ 118 119 public abstract class Signature extends SignatureSpi { 120 121 private static final Debug debug = 122 Debug.getInstance("jca", "Signature"); 123 124 /* 125 * The algorithm for this signature object. 126 * This value is used to map an OID to the particular algorithm. 127 * The mapping is done in AlgorithmObject.algOID(String algorithm) 128 */ 129 private String algorithm; 130 131 // The provider 132 Provider provider; 133 134 /** 135 * Possible {@link #state} value, signifying that 136 * this signature object has not yet been initialized. 137 */ 138 protected final static int UNINITIALIZED = 0; 139 140 /** 141 * Possible {@link #state} value, signifying that 142 * this signature object has been initialized for signing. 143 */ 144 protected final static int SIGN = 2; 145 146 /** 147 * Possible {@link #state} value, signifying that 148 * this signature object has been initialized for verification. 149 */ 150 protected final static int VERIFY = 3; 151 152 /** 153 * Current state of this signature object. 154 */ 155 protected int state = UNINITIALIZED; 156 157 /** 158 * Creates a Signature object for the specified algorithm. 159 * 160 * @param algorithm the standard string name of the algorithm. 161 * See the Signature section in the <a href= 162 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature"> 163 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 164 * for information about standard algorithm names. 165 */ 166 protected Signature(String algorithm) { 167 this.algorithm = algorithm; 168 } 169 170 // name of the special signature alg 171 private final static String RSA_SIGNATURE = "NONEwithRSA"; 172 173 // name of the equivalent cipher alg 174 private final static String RSA_CIPHER = "RSA/ECB/PKCS1Padding"; 175 176 // all the services we need to lookup for compatibility with Cipher 177 private final static List<ServiceId> rsaIds = Arrays.asList( 178 new ServiceId[] { 179 new ServiceId("Signature", "NONEwithRSA"), 180 new ServiceId("Cipher", "RSA/ECB/PKCS1Padding"), 181 new ServiceId("Cipher", "RSA/ECB"), 182 new ServiceId("Cipher", "RSA//PKCS1Padding"), 183 new ServiceId("Cipher", "RSA"), 184 } 185 ); 186 187 /** 188 * Returns a Signature object that implements the specified signature 189 * algorithm. 190 * 191 * <p> This method traverses the list of registered security Providers, 192 * starting with the most preferred Provider. 193 * A new Signature object encapsulating the 194 * SignatureSpi implementation from the first 195 * Provider that supports the specified algorithm is returned. 196 * 197 * <p> Note that the list of registered providers may be retrieved via 198 * the {@link Security#getProviders() Security.getProviders()} method. 199 * 200 * @param algorithm the standard name of the algorithm requested. 201 * See the Signature section in the <a href= 202 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature"> 203 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 204 * for information about standard algorithm names. 205 * 206 * @return the new Signature object. 207 * 208 * @exception NoSuchAlgorithmException if no Provider supports a 209 * Signature implementation for the 210 * specified algorithm. 211 * 212 * @see Provider 213 */ 214 public static Signature getInstance(String algorithm) 215 throws NoSuchAlgorithmException { 216 List<Service> list; 217 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) { 218 list = GetInstance.getServices(rsaIds); 219 } else { 220 list = GetInstance.getServices("Signature", algorithm); 221 } 222 Iterator<Service> t = list.iterator(); 223 if (t.hasNext() == false) { 224 throw new NoSuchAlgorithmException 225 (algorithm + " Signature not available"); 226 } 227 // try services until we find an Spi or a working Signature subclass 228 NoSuchAlgorithmException failure; 229 do { 230 Service s = t.next(); 231 if (isSpi(s)) { 232 return new Delegate(s, t, algorithm); 233 } else { 234 // must be a subclass of Signature, disable dynamic selection 235 try { 236 Instance instance = 237 GetInstance.getInstance(s, SignatureSpi.class); 238 return getInstance(instance, algorithm); 239 } catch (NoSuchAlgorithmException e) { 240 failure = e; 241 } 242 } 243 } while (t.hasNext()); 244 throw failure; 245 } 246 247 private static Signature getInstance(Instance instance, String algorithm) { 248 Signature sig; 249 if (instance.impl instanceof Signature) { 250 sig = (Signature)instance.impl; 251 } else { 252 SignatureSpi spi = (SignatureSpi)instance.impl; 253 sig = new Delegate(spi, algorithm); 254 } 255 sig.provider = instance.provider; 256 return sig; 257 } 258 259 private final static Map<String,Boolean> signatureInfo; 260 261 static { 262 signatureInfo = new ConcurrentHashMap<String,Boolean>(); 263 Boolean TRUE = Boolean.TRUE; 264 // pre-initialize with values for our SignatureSpi implementations 265 signatureInfo.put("sun.security.provider.DSA$RawDSA", TRUE); 266 signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", TRUE); 267 signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", TRUE); 268 signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", TRUE); 269 signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", TRUE); 270 signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE); 271 signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE); 272 signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE); 273 signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE); 274 signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE); 275 } 276 277 private static boolean isSpi(Service s) { 278 if (s.getType().equals("Cipher")) { 279 // must be a CipherSpi, which we can wrap with the CipherAdapter 280 return true; 281 } 282 String className = s.getClassName(); 283 Boolean result = signatureInfo.get(className); 284 if (result == null) { 285 try { 286 Object instance = s.newInstance(null); 287 // Signature extends SignatureSpi 288 // so it is a "real" Spi if it is an 289 // instance of SignatureSpi but not Signature 290 boolean r = (instance instanceof SignatureSpi) 291 && (instance instanceof Signature == false); 292 if ((debug != null) && (r == false)) { 293 debug.println("Not a SignatureSpi " + className); 294 debug.println("Delayed provider selection may not be " 295 + "available for algorithm " + s.getAlgorithm()); 296 } 297 result = Boolean.valueOf(r); 298 signatureInfo.put(className, result); 299 } catch (Exception e) { 300 // something is wrong, assume not an SPI 301 return false; 302 } 303 } 304 return result.booleanValue(); 305 } 306 307 /** 308 * Returns a Signature object that implements the specified signature 309 * algorithm. 310 * 311 * <p> A new Signature object encapsulating the 312 * SignatureSpi implementation from the specified provider 313 * is returned. The specified provider must be registered 314 * in the security provider list. 315 * 316 * <p> Note that the list of registered providers may be retrieved via 317 * the {@link Security#getProviders() Security.getProviders()} method. 318 * 319 * @param algorithm the name of the algorithm requested. 320 * See the Signature section in the <a href= 321 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature"> 322 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 323 * for information about standard algorithm names. 324 * 325 * @param provider the name of the provider. 326 * 327 * @return the new Signature object. 328 * 329 * @exception NoSuchAlgorithmException if a SignatureSpi 330 * implementation for the specified algorithm is not 331 * available from the specified provider. 332 * 333 * @exception NoSuchProviderException if the specified provider is not 334 * registered in the security provider list. 335 * 336 * @exception IllegalArgumentException if the provider name is null 337 * or empty. 338 * 339 * @see Provider 340 */ 341 public static Signature getInstance(String algorithm, String provider) 342 throws NoSuchAlgorithmException, NoSuchProviderException { 343 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) { 344 // exception compatibility with existing code 345 if ((provider == null) || (provider.length() == 0)) { 346 throw new IllegalArgumentException("missing provider"); 347 } 348 Provider p = Security.getProvider(provider); 349 if (p == null) { 350 throw new NoSuchProviderException 351 ("no such provider: " + provider); 352 } 353 return getInstanceRSA(p); 354 } 355 Instance instance = GetInstance.getInstance 356 ("Signature", SignatureSpi.class, algorithm, provider); 357 return getInstance(instance, algorithm); 358 } 359 360 /** 361 * Returns a Signature object that implements the specified 362 * signature algorithm. 363 * 364 * <p> A new Signature object encapsulating the 365 * SignatureSpi implementation from the specified Provider 366 * object is returned. Note that the specified Provider object 367 * does not have to be registered in the provider list. 368 * 369 * @param algorithm the name of the algorithm requested. 370 * See the Signature section in the <a href= 371 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature"> 372 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 373 * for information about standard algorithm names. 374 * 375 * @param provider the provider. 376 * 377 * @return the new Signature object. 378 * 379 * @exception NoSuchAlgorithmException if a SignatureSpi 380 * implementation for the specified algorithm is not available 381 * from the specified Provider object. 382 * 383 * @exception IllegalArgumentException if the provider is null. 384 * 385 * @see Provider 386 * 387 * @since 1.4 388 */ 389 public static Signature getInstance(String algorithm, Provider provider) 390 throws NoSuchAlgorithmException { 391 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) { 392 // exception compatibility with existing code 393 if (provider == null) { 394 throw new IllegalArgumentException("missing provider"); 395 } 396 return getInstanceRSA(provider); 397 } 398 Instance instance = GetInstance.getInstance 399 ("Signature", SignatureSpi.class, algorithm, provider); 400 return getInstance(instance, algorithm); 401 } 402 403 // return an implementation for NONEwithRSA, which is a special case 404 // because of the Cipher.RSA/ECB/PKCS1Padding compatibility wrapper 405 private static Signature getInstanceRSA(Provider p) 406 throws NoSuchAlgorithmException { 407 // try Signature first 408 Service s = p.getService("Signature", RSA_SIGNATURE); 409 if (s != null) { 410 Instance instance = GetInstance.getInstance(s, SignatureSpi.class); 411 return getInstance(instance, RSA_SIGNATURE); 412 } 413 // check Cipher 414 try { 415 Cipher c = Cipher.getInstance(RSA_CIPHER, p); 416 return new Delegate(new CipherAdapter(c), RSA_SIGNATURE); 417 } catch (GeneralSecurityException e) { 418 // throw Signature style exception message to avoid confusion, 419 // but append Cipher exception as cause 420 throw new NoSuchAlgorithmException("no such algorithm: " 421 + RSA_SIGNATURE + " for provider " + p.getName(), e); 422 } 423 } 424 425 /** 426 * Returns the provider of this signature object. 427 * 428 * @return the provider of this signature object 429 */ 430 public final Provider getProvider() { 431 chooseFirstProvider(); 432 return this.provider; 433 } 434 435 void chooseFirstProvider() { 436 // empty, overridden in Delegate 437 } 438 439 /** 440 * Initializes this object for verification. If this method is called 441 * again with a different argument, it negates the effect 442 * of this call. 443 * 444 * @param publicKey the public key of the identity whose signature is 445 * going to be verified. 446 * 447 * @exception InvalidKeyException if the key is invalid. 448 */ 449 public final void initVerify(PublicKey publicKey) 450 throws InvalidKeyException { 451 engineInitVerify(publicKey); 452 state = VERIFY; 453 } 454 455 /** 456 * Initializes this object for verification, using the public key from 457 * the given certificate. 458 * <p>If the certificate is of type X.509 and has a <i>key usage</i> 459 * extension field marked as critical, and the value of the <i>key usage</i> 460 * extension field implies that the public key in 461 * the certificate and its corresponding private key are not 462 * supposed to be used for digital signatures, an 463 * <code>InvalidKeyException</code> is thrown. 464 * 465 * @param certificate the certificate of the identity whose signature is 466 * going to be verified. 467 * 468 * @exception InvalidKeyException if the public key in the certificate 469 * is not encoded properly or does not include required parameter 470 * information or cannot be used for digital signature purposes. 471 * @since 1.3 472 */ 473 public final void initVerify(Certificate certificate) 474 throws InvalidKeyException { 475 // If the certificate is of type X509Certificate, 476 // we should check whether it has a Key Usage 477 // extension marked as critical. 478 if (certificate instanceof java.security.cert.X509Certificate) { 479 // Check whether the cert has a key usage extension 480 // marked as a critical extension. 481 // The OID for KeyUsage extension is 2.5.29.15. 482 X509Certificate cert = (X509Certificate)certificate; 483 Set<String> critSet = cert.getCriticalExtensionOIDs(); 484 485 if (critSet != null && !critSet.isEmpty() 486 && critSet.contains("2.5.29.15")) { 487 boolean[] keyUsageInfo = cert.getKeyUsage(); 488 // keyUsageInfo[0] is for digitalSignature. 489 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false)) 490 throw new InvalidKeyException("Wrong key usage"); 491 } 492 } 493 494 PublicKey publicKey = certificate.getPublicKey(); 495 engineInitVerify(publicKey); 496 state = VERIFY; 497 } 498 499 /** 500 * Initialize this object for signing. If this method is called 501 * again with a different argument, it negates the effect 502 * of this call. 503 * 504 * @param privateKey the private key of the identity whose signature 505 * is going to be generated. 506 * 507 * @exception InvalidKeyException if the key is invalid. 508 */ 509 public final void initSign(PrivateKey privateKey) 510 throws InvalidKeyException { 511 engineInitSign(privateKey); 512 state = SIGN; 513 } 514 515 /** 516 * Initialize this object for signing. If this method is called 517 * again with a different argument, it negates the effect 518 * of this call. 519 * 520 * @param privateKey the private key of the identity whose signature 521 * is going to be generated. 522 * 523 * @param random the source of randomness for this signature. 524 * 525 * @exception InvalidKeyException if the key is invalid. 526 */ 527 public final void initSign(PrivateKey privateKey, SecureRandom random) 528 throws InvalidKeyException { 529 engineInitSign(privateKey, random); 530 state = SIGN; 531 } 532 533 /** 534 * Returns the signature bytes of all the data updated. 535 * The format of the signature depends on the underlying 536 * signature scheme. 537 * 538 * <p>A call to this method resets this signature object to the state 539 * it was in when previously initialized for signing via a 540 * call to <code>initSign(PrivateKey)</code>. That is, the object is 541 * reset and available to generate another signature from the same 542 * signer, if desired, via new calls to <code>update</code> and 543 * <code>sign</code>. 544 * 545 * @return the signature bytes of the signing operation's result. 546 * 547 * @exception SignatureException if this signature object is not 548 * initialized properly or if this signature algorithm is unable to 549 * process the input data provided. 550 */ 551 public final byte[] sign() throws SignatureException { 552 if (state == SIGN) { 553 return engineSign(); 554 } 555 throw new SignatureException("object not initialized for " + 556 "signing"); 557 } 558 559 /** 560 * Finishes the signature operation and stores the resulting signature 561 * bytes in the provided buffer <code>outbuf</code>, starting at 562 * <code>offset</code>. 563 * The format of the signature depends on the underlying 564 * signature scheme. 565 * 566 * <p>This signature object is reset to its initial state (the state it 567 * was in after a call to one of the <code>initSign</code> methods) and 568 * can be reused to generate further signatures with the same private key. 569 * 570 * @param outbuf buffer for the signature result. 571 * 572 * @param offset offset into <code>outbuf</code> where the signature is 573 * stored. 574 * 575 * @param len number of bytes within <code>outbuf</code> allotted for the 576 * signature. 577 * 578 * @return the number of bytes placed into <code>outbuf</code>. 579 * 580 * @exception SignatureException if this signature object is not 581 * initialized properly, if this signature algorithm is unable to 582 * process the input data provided, or if <code>len</code> is less 583 * than the actual signature length. 584 * 585 * @since 1.2 586 */ 587 public final int sign(byte[] outbuf, int offset, int len) 588 throws SignatureException { 589 if (outbuf == null) { 590 throw new IllegalArgumentException("No output buffer given"); 591 } 592 if (outbuf.length - offset < len) { 593 throw new IllegalArgumentException 594 ("Output buffer too small for specified offset and length"); 595 } 596 if (state != SIGN) { 597 throw new SignatureException("object not initialized for " + 598 "signing"); 599 } 600 return engineSign(outbuf, offset, len); 601 } 602 603 /** 604 * Verifies the passed-in signature. 605 * 606 * <p>A call to this method resets this signature object to the state 607 * it was in when previously initialized for verification via a 608 * call to <code>initVerify(PublicKey)</code>. That is, the object is 609 * reset and available to verify another signature from the identity 610 * whose public key was specified in the call to <code>initVerify</code>. 611 * 612 * @param signature the signature bytes to be verified. 613 * 614 * @return true if the signature was verified, false if not. 615 * 616 * @exception SignatureException if this signature object is not 617 * initialized properly, the passed-in signature is improperly 618 * encoded or of the wrong type, if this signature algorithm is unable to 619 * process the input data provided, etc. 620 */ 621 public final boolean verify(byte[] signature) throws SignatureException { 622 if (state == VERIFY) { 623 return engineVerify(signature); 624 } 625 throw new SignatureException("object not initialized for " + 626 "verification"); 627 } 628 629 /** 630 * Verifies the passed-in signature in the specified array 631 * of bytes, starting at the specified offset. 632 * 633 * <p>A call to this method resets this signature object to the state 634 * it was in when previously initialized for verification via a 635 * call to <code>initVerify(PublicKey)</code>. That is, the object is 636 * reset and available to verify another signature from the identity 637 * whose public key was specified in the call to <code>initVerify</code>. 638 * 639 * 640 * @param signature the signature bytes to be verified. 641 * @param offset the offset to start from in the array of bytes. 642 * @param length the number of bytes to use, starting at offset. 643 * 644 * @return true if the signature was verified, false if not. 645 * 646 * @exception SignatureException if this signature object is not 647 * initialized properly, the passed-in signature is improperly 648 * encoded or of the wrong type, if this signature algorithm is unable to 649 * process the input data provided, etc. 650 * @exception IllegalArgumentException if the <code>signature</code> 651 * byte array is null, or the <code>offset</code> or <code>length</code> 652 * is less than 0, or the sum of the <code>offset</code> and 653 * <code>length</code> is greater than the length of the 654 * <code>signature</code> byte array. 655 * @since 1.4 656 */ 657 public final boolean verify(byte[] signature, int offset, int length) 658 throws SignatureException { 659 if (state == VERIFY) { 660 if ((signature == null) || (offset < 0) || (length < 0) || 661 (offset + length > signature.length)) { 662 throw new IllegalArgumentException("Bad arguments"); 663 } 664 665 return engineVerify(signature, offset, length); 666 } 667 throw new SignatureException("object not initialized for " + 668 "verification"); 669 } 670 671 /** 672 * Updates the data to be signed or verified by a byte. 673 * 674 * @param b the byte to use for the update. 675 * 676 * @exception SignatureException if this signature object is not 677 * initialized properly. 678 */ 679 public final void update(byte b) throws SignatureException { 680 if (state == VERIFY || state == SIGN) { 681 engineUpdate(b); 682 } else { 683 throw new SignatureException("object not initialized for " 684 + "signature or verification"); 685 } 686 } 687 688 /** 689 * Updates the data to be signed or verified, using the specified 690 * array of bytes. 691 * 692 * @param data the byte array to use for the update. 693 * 694 * @exception SignatureException if this signature object is not 695 * initialized properly. 696 */ 697 public final void update(byte[] data) throws SignatureException { 698 update(data, 0, data.length); 699 } 700 701 /** 702 * Updates the data to be signed or verified, using the specified 703 * array of bytes, starting at the specified offset. 704 * 705 * @param data the array of bytes. 706 * @param off the offset to start from in the array of bytes. 707 * @param len the number of bytes to use, starting at offset. 708 * 709 * @exception SignatureException if this signature object is not 710 * initialized properly. 711 */ 712 public final void update(byte[] data, int off, int len) 713 throws SignatureException { 714 if (state == SIGN || state == VERIFY) { 715 engineUpdate(data, off, len); 716 } else { 717 throw new SignatureException("object not initialized for " 718 + "signature or verification"); 719 } 720 } 721 722 /** 723 * Updates the data to be signed or verified using the specified 724 * ByteBuffer. Processes the <code>data.remaining()</code> bytes 725 * starting at at <code>data.position()</code>. 726 * Upon return, the buffer's position will be equal to its limit; 727 * its limit will not have changed. 728 * 729 * @param data the ByteBuffer 730 * 731 * @exception SignatureException if this signature object is not 732 * initialized properly. 733 * @since 1.5 734 */ 735 public final void update(ByteBuffer data) throws SignatureException { 736 if ((state != SIGN) && (state != VERIFY)) { 737 throw new SignatureException("object not initialized for " 738 + "signature or verification"); 739 } 740 if (data == null) { 741 throw new NullPointerException(); 742 } 743 engineUpdate(data); 744 } 745 746 /** 747 * Returns the name of the algorithm for this signature object. 748 * 749 * @return the name of the algorithm for this signature object. 750 */ 751 public final String getAlgorithm() { 752 return this.algorithm; 753 } 754 755 /** 756 * Returns a string representation of this signature object, 757 * providing information that includes the state of the object 758 * and the name of the algorithm used. 759 * 760 * @return a string representation of this signature object. 761 */ 762 public String toString() { 763 String initState = ""; 764 switch (state) { 765 case UNINITIALIZED: 766 initState = "<not initialized>"; 767 break; 768 case VERIFY: 769 initState = "<initialized for verifying>"; 770 break; 771 case SIGN: 772 initState = "<initialized for signing>"; 773 break; 774 } 775 return "Signature object: " + getAlgorithm() + initState; 776 } 777 778 /** 779 * Sets the specified algorithm parameter to the specified value. 780 * This method supplies a general-purpose mechanism through 781 * which it is possible to set the various parameters of this object. 782 * A parameter may be any settable parameter for the algorithm, such as 783 * a parameter size, or a source of random bits for signature generation 784 * (if appropriate), or an indication of whether or not to perform 785 * a specific but optional computation. A uniform algorithm-specific 786 * naming scheme for each parameter is desirable but left unspecified 787 * at this time. 788 * 789 * @param param the string identifier of the parameter. 790 * @param value the parameter value. 791 * 792 * @exception InvalidParameterException if <code>param</code> is an 793 * invalid parameter for this signature algorithm engine, 794 * the parameter is already set 795 * and cannot be set again, a security exception occurs, and so on. 796 * 797 * @see #getParameter 798 * 799 * @deprecated Use 800 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec) 801 * setParameter}. 802 */ 803 @Deprecated 804 public final void setParameter(String param, Object value) 805 throws InvalidParameterException { 806 engineSetParameter(param, value); 807 } 808 809 /** 810 * Initializes this signature engine with the specified parameter set. 811 * 812 * @param params the parameters 813 * 814 * @exception InvalidAlgorithmParameterException if the given parameters 815 * are inappropriate for this signature engine 816 * 817 * @see #getParameters 818 */ 819 public final void setParameter(AlgorithmParameterSpec params) 820 throws InvalidAlgorithmParameterException { 821 engineSetParameter(params); 822 } 823 824 /** 825 * Returns the parameters used with this signature object. 826 * 827 * <p>The returned parameters may be the same that were used to initialize 828 * this signature, or may contain a combination of default and randomly 829 * generated parameter values used by the underlying signature 830 * implementation if this signature requires algorithm parameters but 831 * was not initialized with any. 832 * 833 * @return the parameters used with this signature, or null if this 834 * signature does not use any parameters. 835 * 836 * @see #setParameter(AlgorithmParameterSpec) 837 * @since 1.4 838 */ 839 public final AlgorithmParameters getParameters() { 840 return engineGetParameters(); 841 } 842 843 /** 844 * Gets the value of the specified algorithm parameter. This method 845 * supplies a general-purpose mechanism through which it is possible to 846 * get the various parameters of this object. A parameter may be any 847 * settable parameter for the algorithm, such as a parameter size, or 848 * a source of random bits for signature generation (if appropriate), 849 * or an indication of whether or not to perform a specific but optional 850 * computation. A uniform algorithm-specific naming scheme for each 851 * parameter is desirable but left unspecified at this time. 852 * 853 * @param param the string name of the parameter. 854 * 855 * @return the object that represents the parameter value, or null if 856 * there is none. 857 * 858 * @exception InvalidParameterException if <code>param</code> is an invalid 859 * parameter for this engine, or another exception occurs while 860 * trying to get this parameter. 861 * 862 * @see #setParameter(String, Object) 863 * 864 * @deprecated 865 */ 866 @Deprecated 867 public final Object getParameter(String param) 868 throws InvalidParameterException { 869 return engineGetParameter(param); 870 } 871 872 /** 873 * Returns a clone if the implementation is cloneable. 874 * 875 * @return a clone if the implementation is cloneable. 876 * 877 * @exception CloneNotSupportedException if this is called 878 * on an implementation that does not support <code>Cloneable</code>. 879 */ 880 public Object clone() throws CloneNotSupportedException { 881 if (this instanceof Cloneable) { 882 return super.clone(); 883 } else { 884 throw new CloneNotSupportedException(); 885 } 886 } 887 888 /* 889 * The following class allows providers to extend from SignatureSpi 890 * rather than from Signature. It represents a Signature with an 891 * encapsulated, provider-supplied SPI object (of type SignatureSpi). 892 * If the provider implementation is an instance of SignatureSpi, the 893 * getInstance() methods above return an instance of this class, with 894 * the SPI object encapsulated. 895 * 896 * Note: All SPI methods from the original Signature class have been 897 * moved up the hierarchy into a new class (SignatureSpi), which has 898 * been interposed in the hierarchy between the API (Signature) 899 * and its original parent (Object). 900 */ 901 902 private static class Delegate extends Signature { 903 904 // The provider implementation (delegate) 905 // filled in once the provider is selected 906 private SignatureSpi sigSpi; 907 908 // lock for mutex during provider selection 909 private final Object lock; 910 911 // next service to try in provider selection 912 // null once provider is selected 913 private Service firstService; 914 915 // remaining services to try in provider selection 916 // null once provider is selected 917 private Iterator<Service> serviceIterator; 918 919 // constructor 920 Delegate(SignatureSpi sigSpi, String algorithm) { 921 super(algorithm); 922 this.sigSpi = sigSpi; 923 this.lock = null; // no lock needed 924 } 925 926 // used with delayed provider selection 927 Delegate(Service service, 928 Iterator<Service> iterator, String algorithm) { 929 super(algorithm); 930 this.firstService = service; 931 this.serviceIterator = iterator; 932 this.lock = new Object(); 933 } 934 935 /** 936 * Returns a clone if the delegate is cloneable. 937 * 938 * @return a clone if the delegate is cloneable. 939 * 940 * @exception CloneNotSupportedException if this is called on a 941 * delegate that does not support <code>Cloneable</code>. 942 */ 943 public Object clone() throws CloneNotSupportedException { 944 chooseFirstProvider(); 945 if (sigSpi instanceof Cloneable) { 946 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone(); 947 // Because 'algorithm' and 'provider' are private 948 // members of our supertype, we must perform a cast to 949 // access them. 950 Signature that = 951 new Delegate(sigSpiClone, ((Signature)this).algorithm); 952 that.provider = ((Signature)this).provider; 953 return that; 954 } else { 955 throw new CloneNotSupportedException(); 956 } 957 } 958 959 private static SignatureSpi newInstance(Service s) 960 throws NoSuchAlgorithmException { 961 if (s.getType().equals("Cipher")) { 962 // must be NONEwithRSA 963 try { 964 Cipher c = Cipher.getInstance(RSA_CIPHER, s.getProvider()); 965 return new CipherAdapter(c); 966 } catch (NoSuchPaddingException e) { 967 throw new NoSuchAlgorithmException(e); 968 } 969 } else { 970 Object o = s.newInstance(null); 971 if (o instanceof SignatureSpi == false) { 972 throw new NoSuchAlgorithmException 973 ("Not a SignatureSpi: " + o.getClass().getName()); 974 } 975 return (SignatureSpi)o; 976 } 977 } 978 979 // max number of debug warnings to print from chooseFirstProvider() 980 private static int warnCount = 10; 981 982 /** 983 * Choose the Spi from the first provider available. Used if 984 * delayed provider selection is not possible because initSign()/ 985 * initVerify() is not the first method called. 986 */ 987 void chooseFirstProvider() { 988 if (sigSpi != null) { 989 return; 990 } 991 synchronized (lock) { 992 if (sigSpi != null) { 993 return; 994 } 995 if (debug != null) { 996 int w = --warnCount; 997 if (w >= 0) { 998 debug.println("Signature.init() not first method " 999 + "called, disabling delayed provider selection"); 1000 if (w == 0) { 1001 debug.println("Further warnings of this type will " 1002 + "be suppressed"); 1003 } 1004 new Exception("Call trace").printStackTrace(); 1005 } 1006 } 1007 Exception lastException = null; 1008 while ((firstService != null) || serviceIterator.hasNext()) { 1009 Service s; 1010 if (firstService != null) { 1011 s = firstService; 1012 firstService = null; 1013 } else { 1014 s = serviceIterator.next(); 1015 } 1016 if (isSpi(s) == false) { 1017 continue; 1018 } 1019 try { 1020 sigSpi = newInstance(s); 1021 provider = s.getProvider(); 1022 // not needed any more 1023 firstService = null; 1024 serviceIterator = null; 1025 return; 1026 } catch (NoSuchAlgorithmException e) { 1027 lastException = e; 1028 } 1029 } 1030 ProviderException e = new ProviderException 1031 ("Could not construct SignatureSpi instance"); 1032 if (lastException != null) { 1033 e.initCause(lastException); 1034 } 1035 throw e; 1036 } 1037 } 1038 1039 private void chooseProvider(int type, Key key, SecureRandom random) 1040 throws InvalidKeyException { 1041 synchronized (lock) { 1042 if (sigSpi != null) { 1043 init(sigSpi, type, key, random); 1044 return; 1045 } 1046 Exception lastException = null; 1047 while ((firstService != null) || serviceIterator.hasNext()) { 1048 Service s; 1049 if (firstService != null) { 1050 s = firstService; 1051 firstService = null; 1052 } else { 1053 s = serviceIterator.next(); 1054 } 1055 // if provider says it does not support this key, ignore it 1056 if (s.supportsParameter(key) == false) { 1057 continue; 1058 } 1059 // if instance is not a SignatureSpi, ignore it 1060 if (isSpi(s) == false) { 1061 continue; 1062 } 1063 try { 1064 SignatureSpi spi = newInstance(s); 1065 init(spi, type, key, random); 1066 provider = s.getProvider(); 1067 sigSpi = spi; 1068 firstService = null; 1069 serviceIterator = null; 1070 return; 1071 } catch (Exception e) { 1072 // NoSuchAlgorithmException from newInstance() 1073 // InvalidKeyException from init() 1074 // RuntimeException (ProviderException) from init() 1075 if (lastException == null) { 1076 lastException = e; 1077 } 1078 } 1079 } 1080 // no working provider found, fail 1081 if (lastException instanceof InvalidKeyException) { 1082 throw (InvalidKeyException)lastException; 1083 } 1084 if (lastException instanceof RuntimeException) { 1085 throw (RuntimeException)lastException; 1086 } 1087 String k = (key != null) ? key.getClass().getName() : "(null)"; 1088 throw new InvalidKeyException 1089 ("No installed provider supports this key: " 1090 + k, lastException); 1091 } 1092 } 1093 1094 private final static int I_PUB = 1; 1095 private final static int I_PRIV = 2; 1096 private final static int I_PRIV_SR = 3; 1097 1098 private void init(SignatureSpi spi, int type, Key key, 1099 SecureRandom random) throws InvalidKeyException { 1100 switch (type) { 1101 case I_PUB: 1102 spi.engineInitVerify((PublicKey)key); 1103 break; 1104 case I_PRIV: 1105 spi.engineInitSign((PrivateKey)key); 1106 break; 1107 case I_PRIV_SR: 1108 spi.engineInitSign((PrivateKey)key, random); 1109 break; 1110 default: 1111 throw new AssertionError("Internal error: " + type); 1112 } 1113 } 1114 1115 protected void engineInitVerify(PublicKey publicKey) 1116 throws InvalidKeyException { 1117 if (sigSpi != null) { 1118 sigSpi.engineInitVerify(publicKey); 1119 } else { 1120 chooseProvider(I_PUB, publicKey, null); 1121 } 1122 } 1123 1124 protected void engineInitSign(PrivateKey privateKey) 1125 throws InvalidKeyException { 1126 if (sigSpi != null) { 1127 sigSpi.engineInitSign(privateKey); 1128 } else { 1129 chooseProvider(I_PRIV, privateKey, null); 1130 } 1131 } 1132 1133 protected void engineInitSign(PrivateKey privateKey, SecureRandom sr) 1134 throws InvalidKeyException { 1135 if (sigSpi != null) { 1136 sigSpi.engineInitSign(privateKey, sr); 1137 } else { 1138 chooseProvider(I_PRIV_SR, privateKey, sr); 1139 } 1140 } 1141 1142 protected void engineUpdate(byte b) throws SignatureException { 1143 chooseFirstProvider(); 1144 sigSpi.engineUpdate(b); 1145 } 1146 1147 protected void engineUpdate(byte[] b, int off, int len) 1148 throws SignatureException { 1149 chooseFirstProvider(); 1150 sigSpi.engineUpdate(b, off, len); 1151 } 1152 1153 protected void engineUpdate(ByteBuffer data) { 1154 chooseFirstProvider(); 1155 sigSpi.engineUpdate(data); 1156 } 1157 1158 protected byte[] engineSign() throws SignatureException { 1159 chooseFirstProvider(); 1160 return sigSpi.engineSign(); 1161 } 1162 1163 protected int engineSign(byte[] outbuf, int offset, int len) 1164 throws SignatureException { 1165 chooseFirstProvider(); 1166 return sigSpi.engineSign(outbuf, offset, len); 1167 } 1168 1169 protected boolean engineVerify(byte[] sigBytes) 1170 throws SignatureException { 1171 chooseFirstProvider(); 1172 return sigSpi.engineVerify(sigBytes); 1173 } 1174 1175 protected boolean engineVerify(byte[] sigBytes, int offset, int length) 1176 throws SignatureException { 1177 chooseFirstProvider(); 1178 return sigSpi.engineVerify(sigBytes, offset, length); 1179 } 1180 1181 protected void engineSetParameter(String param, Object value) 1182 throws InvalidParameterException { 1183 chooseFirstProvider(); 1184 sigSpi.engineSetParameter(param, value); 1185 } 1186 1187 protected void engineSetParameter(AlgorithmParameterSpec params) 1188 throws InvalidAlgorithmParameterException { 1189 chooseFirstProvider(); 1190 sigSpi.engineSetParameter(params); 1191 } 1192 1193 protected Object engineGetParameter(String param) 1194 throws InvalidParameterException { 1195 chooseFirstProvider(); 1196 return sigSpi.engineGetParameter(param); 1197 } 1198 1199 protected AlgorithmParameters engineGetParameters() { 1200 chooseFirstProvider(); 1201 return sigSpi.engineGetParameters(); 1202 } 1203 } 1204 1205 // adapter for RSA/ECB/PKCS1Padding ciphers 1206 private static class CipherAdapter extends SignatureSpi { 1207 1208 private final Cipher cipher; 1209 1210 private ByteArrayOutputStream data; 1211 1212 CipherAdapter(Cipher cipher) { 1213 this.cipher = cipher; 1214 } 1215 1216 protected void engineInitVerify(PublicKey publicKey) 1217 throws InvalidKeyException { 1218 cipher.init(Cipher.DECRYPT_MODE, publicKey); 1219 if (data == null) { 1220 data = new ByteArrayOutputStream(128); 1221 } else { 1222 data.reset(); 1223 } 1224 } 1225 1226 protected void engineInitSign(PrivateKey privateKey) 1227 throws InvalidKeyException { 1228 cipher.init(Cipher.ENCRYPT_MODE, privateKey); 1229 data = null; 1230 } 1231 1232 protected void engineInitSign(PrivateKey privateKey, 1233 SecureRandom random) throws InvalidKeyException { 1234 cipher.init(Cipher.ENCRYPT_MODE, privateKey, random); 1235 data = null; 1236 } 1237 1238 protected void engineUpdate(byte b) throws SignatureException { 1239 engineUpdate(new byte[] {b}, 0, 1); 1240 } 1241 1242 protected void engineUpdate(byte[] b, int off, int len) 1243 throws SignatureException { 1244 if (data != null) { 1245 data.write(b, off, len); 1246 return; 1247 } 1248 byte[] out = cipher.update(b, off, len); 1249 if ((out != null) && (out.length != 0)) { 1250 throw new SignatureException 1251 ("Cipher unexpectedly returned data"); 1252 } 1253 } 1254 1255 protected byte[] engineSign() throws SignatureException { 1256 try { 1257 return cipher.doFinal(); 1258 } catch (IllegalBlockSizeException e) { 1259 throw new SignatureException("doFinal() failed", e); 1260 } catch (BadPaddingException e) { 1261 throw new SignatureException("doFinal() failed", e); 1262 } 1263 } 1264 1265 protected boolean engineVerify(byte[] sigBytes) 1266 throws SignatureException { 1267 try { 1268 byte[] out = cipher.doFinal(sigBytes); 1269 byte[] dataBytes = data.toByteArray(); 1270 data.reset(); 1271 return Arrays.equals(out, dataBytes); 1272 } catch (BadPaddingException e) { 1273 // e.g. wrong public key used 1274 // return false rather than throwing exception 1275 return false; 1276 } catch (IllegalBlockSizeException e) { 1277 throw new SignatureException("doFinal() failed", e); 1278 } 1279 } 1280 1281 protected void engineSetParameter(String param, Object value) 1282 throws InvalidParameterException { 1283 throw new InvalidParameterException("Parameters not supported"); 1284 } 1285 1286 protected Object engineGetParameter(String param) 1287 throws InvalidParameterException { 1288 throw new InvalidParameterException("Parameters not supported"); 1289 } 1290 1291 } 1292 1293 }