353 * @exception CRLException on encoding errors.
354 */
355 public synchronized void verify(PublicKey key, String sigProvider)
356 throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
357 NoSuchProviderException, SignatureException {
358
359 if (sigProvider == null) {
360 sigProvider = "";
361 }
362 if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
363 // this CRL has already been successfully verified using
364 // this public key. Make sure providers match, too.
365 if (sigProvider.equals(verifiedProvider)) {
366 return;
367 }
368 }
369 if (signedCRL == null) {
370 throw new CRLException("Uninitialized CRL");
371 }
372 Signature sigVerf = null;
373 if (sigProvider.length() == 0) {
374 sigVerf = Signature.getInstance(sigAlgId.getName());
375 } else {
376 sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
377 }
378
379 sigVerf.initVerify(key);
380
381 // set parameters after Signature.initSign/initVerify call,
382 // so the deferred provider selection happens when key is set
383 try {
384 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
385 } catch (ProviderException e) {
386 throw new CRLException(e.getMessage(), e.getCause());
387 } catch (InvalidAlgorithmParameterException e) {
388 throw new CRLException(e);
389 }
390
391 if (tbsCertList == null) {
392 throw new CRLException("Uninitialized CRL");
393 }
478 * Encodes an X.509 CRL, and signs it using the given key.
479 *
480 * @param key the private key used for signing.
481 * @param algorithm the name of the signature algorithm used.
482 * @param provider the name of the provider.
483 *
484 * @exception NoSuchAlgorithmException on unsupported signature
485 * algorithms.
486 * @exception InvalidKeyException on incorrect key.
487 * @exception NoSuchProviderException on incorrect provider.
488 * @exception SignatureException on signature errors.
489 * @exception CRLException if any mandatory data was omitted.
490 */
491 public void sign(PrivateKey key, String algorithm, String provider)
492 throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
493 NoSuchProviderException, SignatureException {
494 try {
495 if (readOnly)
496 throw new CRLException("cannot over-write existing CRL");
497 Signature sigEngine = null;
498 if ((provider == null) || (provider.length() == 0))
499 sigEngine = Signature.getInstance(algorithm);
500 else
501 sigEngine = Signature.getInstance(algorithm, provider);
502
503 sigEngine.initSign(key);
504
505 // in case the name is reset
506 sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
507 infoSigAlgId = sigAlgId;
508
509 DerOutputStream out = new DerOutputStream();
510 DerOutputStream tmp = new DerOutputStream();
511
512 // encode crl info
513 encodeInfo(tmp);
514
515 // encode algorithm identifier
516 sigAlgId.encode(tmp);
517
518 // Create and encode the signature itself.
|
353 * @exception CRLException on encoding errors.
354 */
355 public synchronized void verify(PublicKey key, String sigProvider)
356 throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
357 NoSuchProviderException, SignatureException {
358
359 if (sigProvider == null) {
360 sigProvider = "";
361 }
362 if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
363 // this CRL has already been successfully verified using
364 // this public key. Make sure providers match, too.
365 if (sigProvider.equals(verifiedProvider)) {
366 return;
367 }
368 }
369 if (signedCRL == null) {
370 throw new CRLException("Uninitialized CRL");
371 }
372 Signature sigVerf = null;
373 if (sigProvider.isEmpty()) {
374 sigVerf = Signature.getInstance(sigAlgId.getName());
375 } else {
376 sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
377 }
378
379 sigVerf.initVerify(key);
380
381 // set parameters after Signature.initSign/initVerify call,
382 // so the deferred provider selection happens when key is set
383 try {
384 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
385 } catch (ProviderException e) {
386 throw new CRLException(e.getMessage(), e.getCause());
387 } catch (InvalidAlgorithmParameterException e) {
388 throw new CRLException(e);
389 }
390
391 if (tbsCertList == null) {
392 throw new CRLException("Uninitialized CRL");
393 }
478 * Encodes an X.509 CRL, and signs it using the given key.
479 *
480 * @param key the private key used for signing.
481 * @param algorithm the name of the signature algorithm used.
482 * @param provider the name of the provider.
483 *
484 * @exception NoSuchAlgorithmException on unsupported signature
485 * algorithms.
486 * @exception InvalidKeyException on incorrect key.
487 * @exception NoSuchProviderException on incorrect provider.
488 * @exception SignatureException on signature errors.
489 * @exception CRLException if any mandatory data was omitted.
490 */
491 public void sign(PrivateKey key, String algorithm, String provider)
492 throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
493 NoSuchProviderException, SignatureException {
494 try {
495 if (readOnly)
496 throw new CRLException("cannot over-write existing CRL");
497 Signature sigEngine = null;
498 if (provider == null || provider.isEmpty())
499 sigEngine = Signature.getInstance(algorithm);
500 else
501 sigEngine = Signature.getInstance(algorithm, provider);
502
503 sigEngine.initSign(key);
504
505 // in case the name is reset
506 sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
507 infoSigAlgId = sigAlgId;
508
509 DerOutputStream out = new DerOutputStream();
510 DerOutputStream tmp = new DerOutputStream();
511
512 // encode crl info
513 encodeInfo(tmp);
514
515 // encode algorithm identifier
516 sigAlgId.encode(tmp);
517
518 // Create and encode the signature itself.
|