1 /*
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security.cert;
27
28 import java.math.BigInteger;
29 import java.security.*;
30 import java.util.Collection;
31 import java.util.Date;
32 import java.util.List;
33 import javax.security.auth.x500.X500Principal;
34
35 import sun.security.x509.X509CertImpl;
36
37 /**
38 * <p>
39 * Abstract class for X.509 certificates. This provides a standard
40 * way to access all the attributes of an X.509 certificate.
41 * <p>
42 * In June of 1996, the basic X.509 v3 format was completed by
43 * ISO/IEC and ANSI X9, which is described below in ASN.1:
44 * <pre>
45 * Certificate ::= SEQUENCE {
46 * tbsCertificate TBSCertificate,
47 * signatureAlgorithm AlgorithmIdentifier,
48 * signature BIT STRING }
49 * </pre>
50 * <p>
51 * These certificates are widely used to support authentication and
52 * other functionality in Internet security systems. Common applications
53 * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL),
54 * code signing for trusted software distribution, and Secure Electronic
55 * Transactions (SET).
660 * service providers, this method is not {@code abstract}
661 * and it provides a default implementation.
662 *
663 * @param key the PublicKey used to carry out the verification.
664 * @param sigProvider the signature provider.
665 *
666 * @exception NoSuchAlgorithmException on unsupported signature
667 * algorithms.
668 * @exception InvalidKeyException on incorrect key.
669 * @exception SignatureException on signature errors.
670 * @exception CertificateException on encoding errors.
671 * @exception UnsupportedOperationException if the method is not supported
672 * @since 1.8
673 */
674 public void verify(PublicKey key, Provider sigProvider)
675 throws CertificateException, NoSuchAlgorithmException,
676 InvalidKeyException, SignatureException {
677 Signature sig = (sigProvider == null)
678 ? Signature.getInstance(getSigAlgName())
679 : Signature.getInstance(getSigAlgName(), sigProvider);
680 sig.initVerify(key);
681
682 byte[] tbsCert = getTBSCertificate();
683 sig.update(tbsCert, 0, tbsCert.length);
684
685 if (sig.verify(getSignature()) == false) {
686 throw new SignatureException("Signature does not match.");
687 }
688 }
689 }
|
1 /*
2 * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security.cert;
27
28 import java.math.BigInteger;
29 import java.security.*;
30 import java.security.spec.*;
31 import java.util.Collection;
32 import java.util.Date;
33 import java.util.List;
34 import javax.security.auth.x500.X500Principal;
35
36 import sun.security.x509.X509CertImpl;
37 import sun.security.util.SignatureUtil;
38
39 /**
40 * <p>
41 * Abstract class for X.509 certificates. This provides a standard
42 * way to access all the attributes of an X.509 certificate.
43 * <p>
44 * In June of 1996, the basic X.509 v3 format was completed by
45 * ISO/IEC and ANSI X9, which is described below in ASN.1:
46 * <pre>
47 * Certificate ::= SEQUENCE {
48 * tbsCertificate TBSCertificate,
49 * signatureAlgorithm AlgorithmIdentifier,
50 * signature BIT STRING }
51 * </pre>
52 * <p>
53 * These certificates are widely used to support authentication and
54 * other functionality in Internet security systems. Common applications
55 * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL),
56 * code signing for trusted software distribution, and Secure Electronic
57 * Transactions (SET).
662 * service providers, this method is not {@code abstract}
663 * and it provides a default implementation.
664 *
665 * @param key the PublicKey used to carry out the verification.
666 * @param sigProvider the signature provider.
667 *
668 * @exception NoSuchAlgorithmException on unsupported signature
669 * algorithms.
670 * @exception InvalidKeyException on incorrect key.
671 * @exception SignatureException on signature errors.
672 * @exception CertificateException on encoding errors.
673 * @exception UnsupportedOperationException if the method is not supported
674 * @since 1.8
675 */
676 public void verify(PublicKey key, Provider sigProvider)
677 throws CertificateException, NoSuchAlgorithmException,
678 InvalidKeyException, SignatureException {
679 Signature sig = (sigProvider == null)
680 ? Signature.getInstance(getSigAlgName())
681 : Signature.getInstance(getSigAlgName(), sigProvider);
682
683 sig.initVerify(key);
684
685 // set parameters after Signature.initSign/initVerify call,
686 // so the deferred provider selections occur when key is set
687 try {
688 SignatureUtil.specialSetParameter(sig, getSigAlgParams());
689 } catch (ProviderException e) {
690 throw new CertificateException(e.getMessage(), e.getCause());
691 } catch (InvalidAlgorithmParameterException e) {
692 throw new CertificateException(e);
693 }
694
695 byte[] tbsCert = getTBSCertificate();
696 sig.update(tbsCert, 0, tbsCert.length);
697
698 if (sig.verify(getSignature()) == false) {
699 throw new SignatureException("Signature does not match.");
700 }
701 }
702 }
|