< prev index next >

src/java.base/share/classes/java/security/cert/X509CRL.java

Print this page 

        
@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this

@@ -23,26 +23,22 @@
  * questions.
  */
 
 package java.security.cert;
 
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.InvalidKeyException;
-import java.security.SignatureException;
-import java.security.Principal;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.Signature;
+import java.security.*;
+import java.security.spec.*;
+
 import javax.security.auth.x500.X500Principal;
 
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Set;
 import java.util.Arrays;
 
 import sun.security.x509.X509CRLImpl;
+import sun.security.util.SignatureUtil;
 
 /**
  * <p>
  * Abstract class for an X.509 Certificate Revocation List (CRL).
  * A CRL is a time-stamped list identifying revoked certificates.

@@ -244,12 +240,23 @@
         throws CRLException, NoSuchAlgorithmException,
         InvalidKeyException, SignatureException {
         Signature sig = (sigProvider == null)
             ? Signature.getInstance(getSigAlgName())
             : Signature.getInstance(getSigAlgName(), sigProvider);
+
         sig.initVerify(key);
 
+        // set parameters after Signature.initSign/initVerify call,
+        // so the deferred provider selections occur when key is set
+        try {
+            SignatureUtil.specialSetParameter(sig, getSigAlgParams());
+        } catch (ProviderException e) {
+            throw new CRLException(e.getMessage(), e.getCause());
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new CRLException(e);
+        }
+
         byte[] tbsCRL = getTBSCertList();
         sig.update(tbsCRL, 0, tbsCRL.length);
 
         if (sig.verify(getSignature()) == false) {
             throw new SignatureException("Signature does not match.");



< prev index next >