< prev index next >
src/java.base/share/classes/java/security/cert/X509CRL.java
Print this page
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -23,26 +23,22 @@
* questions.
*/
package java.security.cert;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.InvalidKeyException;
-import java.security.SignatureException;
-import java.security.Principal;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.Signature;
+import java.security.*;
+import java.security.spec.*;
+
import javax.security.auth.x500.X500Principal;
import java.math.BigInteger;
import java.util.Date;
import java.util.Set;
import java.util.Arrays;
import sun.security.x509.X509CRLImpl;
+import sun.security.util.SignatureUtil;
/**
* <p>
* Abstract class for an X.509 Certificate Revocation List (CRL).
* A CRL is a time-stamped list identifying revoked certificates.
@@ -244,12 +240,23 @@
throws CRLException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
Signature sig = (sigProvider == null)
? Signature.getInstance(getSigAlgName())
: Signature.getInstance(getSigAlgName(), sigProvider);
+
sig.initVerify(key);
+ // set parameters after Signature.initSign/initVerify call,
+ // so the deferred provider selections occur when key is set
+ try {
+ SignatureUtil.specialSetParameter(sig, getSigAlgParams());
+ } catch (ProviderException e) {
+ throw new CRLException(e.getMessage(), e.getCause());
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new CRLException(e);
+ }
+
byte[] tbsCRL = getTBSCertList();
sig.update(tbsCRL, 0, tbsCRL.length);
if (sig.verify(getSignature()) == false) {
throw new SignatureException("Signature does not match.");
< prev index next >