< prev index next >
src/java.base/share/classes/sun/security/ssl/RSASignature.java
Print this page
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -21,14 +21,14 @@
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
-
package sun.security.ssl;
import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
/**
* Signature implementation for the SSL/TLS RSA Signature variant with both
* MD5 and SHA-1 MessageDigests. Used for explicit RSA server authentication
* (RSA signed server key exchange for RSA_EXPORT and DHE_RSA) and RSA client
@@ -43,39 +43,39 @@
* implementation allows the hashes to be explicitly set, which is required
* for RSA client authentication. It can be obtained via the
* getInternalInstance() method.
*
* This class is not thread safe.
- *
*/
public final class RSASignature extends SignatureSpi {
-
private final Signature rawRsa;
- private MessageDigest md5, sha;
-
- // flag indicating if the MessageDigests are in reset state
- private boolean isReset;
+ private final MessageDigest mdMD5;
+ private final MessageDigest mdSHA;
public RSASignature() throws NoSuchAlgorithmException {
super();
rawRsa = JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
- isReset = true;
+ this.mdMD5 = JsseJce.getMessageDigest("MD5");
+ this.mdSHA = JsseJce.getMessageDigest("SHA");
}
/**
- * Get an implementation for the RSA signature. Follows the standard
- * JCA getInstance() model, so it return the implementation from the
- * provider with the highest precedence, which may be this class.
+ * Get an implementation for the RSA signature.
+ *
+ * Follows the standard JCA getInstance() model, so it return the
+ * implementation from the provider with the highest precedence,
+ * which may be this class.
*/
static Signature getInstance() throws NoSuchAlgorithmException {
return JsseJce.getSignature(JsseJce.SIGNATURE_SSLRSA);
}
/**
- * Get an internal implementation for the RSA signature. Used for RSA
- * client authentication, which needs the ability to set the digests
- * to externally provided values via the setHashes() method.
+ * Get an internal implementation for the RSA signature.
+ *
+ * Used for RSA client authentication, which needs the ability to set
+ * the digests to externally provided values via the setHashes() method.
*/
static Signature getInternalInstance()
throws NoSuchAlgorithmException, NoSuchProviderException {
return Signature.getInstance(JsseJce.SIGNATURE_SSLRSA, "SunJSSE");
}
@@ -86,32 +86,18 @@
@SuppressWarnings("deprecation")
static void setHashes(Signature sig, MessageDigest md5, MessageDigest sha) {
sig.setParameter("hashes", new MessageDigest[] {md5, sha});
}
- /**
- * Reset the MessageDigests unless they are already reset.
- */
- private void reset() {
- if (isReset == false) {
- md5.reset();
- sha.reset();
- isReset = true;
- }
- }
-
- private static void checkNull(Key key) throws InvalidKeyException {
- if (key == null) {
- throw new InvalidKeyException("Key must not be null");
- }
- }
-
@Override
protected void engineInitVerify(PublicKey publicKey)
throws InvalidKeyException {
- checkNull(publicKey);
- reset();
+ if (publicKey == null) {
+ throw new InvalidKeyException("Public key must not be null");
+ }
+ mdMD5.reset();
+ mdSHA.reset();
rawRsa.initVerify(publicKey);
}
@Override
protected void engineInitSign(PrivateKey privateKey)
@@ -120,46 +106,35 @@
}
@Override
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
throws InvalidKeyException {
- checkNull(privateKey);
- reset();
- rawRsa.initSign(privateKey, random);
- }
-
- // lazily initialize the MessageDigests
- private void initDigests() {
- if (md5 == null) {
- md5 = JsseJce.getMD5();
- sha = JsseJce.getSHA();
+ if (privateKey == null) {
+ throw new InvalidKeyException("Private key must not be null");
}
+ mdMD5.reset();
+ mdSHA.reset();
+ rawRsa.initSign(privateKey, random);
}
@Override
protected void engineUpdate(byte b) {
- initDigests();
- isReset = false;
- md5.update(b);
- sha.update(b);
+ mdMD5.update(b);
+ mdSHA.update(b);
}
@Override
protected void engineUpdate(byte[] b, int off, int len) {
- initDigests();
- isReset = false;
- md5.update(b, off, len);
- sha.update(b, off, len);
+ mdMD5.update(b, off, len);
+ mdSHA.update(b, off, len);
}
private byte[] getDigest() throws SignatureException {
try {
- initDigests();
byte[] data = new byte[36];
- md5.digest(data, 0, 16);
- sha.digest(data, 16, 20);
- isReset = true;
+ mdMD5.digest(data, 0, 16);
+ mdSHA.digest(data, 16, 20);
return data;
} catch (DigestException e) {
// should never occur
throw new SignatureException(e);
}
@@ -183,28 +158,30 @@
return rawRsa.verify(sigBytes, offset, length);
}
@Override
@SuppressWarnings("deprecation")
- protected void engineSetParameter(String param, Object value)
- throws InvalidParameterException {
- if (param.equals("hashes") == false) {
- throw new InvalidParameterException
- ("Parameter not supported: " + param);
- }
- if (value instanceof MessageDigest[] == false) {
- throw new InvalidParameterException
- ("value must be MessageDigest[]");
- }
- MessageDigest[] digests = (MessageDigest[])value;
- md5 = digests[0];
- sha = digests[1];
+ protected void engineSetParameter(String param,
+ Object value) throws InvalidParameterException {
+ throw new InvalidParameterException("Parameters not supported");
+ }
+
+ @Override
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ if (params != null) {
+ throw new InvalidAlgorithmParameterException("No parameters accepted");
+ }
}
@Override
@SuppressWarnings("deprecation")
- protected Object engineGetParameter(String param)
- throws InvalidParameterException {
+ protected Object engineGetParameter(
+ String param) throws InvalidParameterException {
throw new InvalidParameterException("Parameters not supported");
}
+ @Override
+ protected AlgorithmParameters engineGetParameters() {
+ return null;
+ }
}
< prev index next >