< prev index next >
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
Print this page
*** 32,49 ****
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.x500.X500Principal;
- import sun.security.util.HexDumpEncoder;
import java.util.Base64;
import sun.security.util.*;
import sun.security.provider.X509Factory;
/**
--- 32,49 ----
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.*;
+ import java.security.spec.AlgorithmParameterSpec;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.x500.X500Principal;
import java.util.Base64;
import sun.security.util.*;
import sun.security.provider.X509Factory;
/**
*** 386,396 ****
* @exception CertificateException on encoding errors.
*/
public void verify(PublicKey key)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException {
-
verify(key, "");
}
/**
* Throws an exception if the certificate was not signed using the
--- 386,395 ----
*** 433,444 ****
--- 432,454 ----
if (sigProvider.length() == 0) {
sigVerf = Signature.getInstance(algId.getName());
} else {
sigVerf = Signature.getInstance(algId.getName(), sigProvider);
}
+
sigVerf.initVerify(key);
+ // set parameters after Signature.initSign/initVerify call,
+ // so the deferred provider selection happens when key is set
+ try {
+ SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
+ } catch (ProviderException e) {
+ throw new CertificateException(e.getMessage(), e.getCause());
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new CertificateException(e);
+ }
+
byte[] rawCert = info.getEncodedInfo();
sigVerf.update(rawCert, 0, rawCert.length);
// verify may throw SignatureException for invalid encodings, etc.
verificationResult = sigVerf.verify(signature);
*** 478,489 ****
--- 488,510 ----
if (sigProvider == null) {
sigVerf = Signature.getInstance(algId.getName());
} else {
sigVerf = Signature.getInstance(algId.getName(), sigProvider);
}
+
sigVerf.initVerify(key);
+ // set parameters after Signature.initSign/initVerify call,
+ // so the deferred provider selection happens when key is set
+ try {
+ SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
+ } catch (ProviderException e) {
+ throw new CertificateException(e.getMessage(), e.getCause());
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new CertificateException(e);
+ }
+
byte[] rawCert = info.getEncodedInfo();
sigVerf.update(rawCert, 0, rawCert.length);
// verify may throw SignatureException for invalid encodings, etc.
verificationResult = sigVerf.verify(signature);
*** 535,544 ****
--- 556,601 ----
*/
public void sign(PrivateKey key, String algorithm, String provider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException {
try {
+ sign(key, null, algorithm, provider);
+ } catch (InvalidAlgorithmParameterException e) {
+ // should not happen; re-throw just in case
+ throw new SignatureException(e);
+ }
+ }
+
+ /**
+ * Creates an X.509 certificate, and signs it using the given key
+ * (associating a signature algorithm and an X.500 name), signature
+ * parameters, and security provider. If the given provider name
+ * is null or empty, the implementation look up will be based on
+ * provider configurations.
+ * This operation is used to implement the certificate generation
+ * functionality of a certificate authority.
+ *
+ * @param key the private key used for signing
+ * @param signingParams the parameters used for signing
+ * @param algorithm the name of the signature algorithm used
+ * @param provider the name of the provider, may be null
+ *
+ * @exception NoSuchAlgorithmException on unsupported signature
+ * algorithms
+ * @exception InvalidKeyException on incorrect key
+ * @exception InvalidAlgorithmParameterException on invalid signature
+ * parameters
+ * @exception NoSuchProviderException on incorrect provider
+ * @exception SignatureException on signature errors
+ * @exception CertificateException on encoding errors
+ */
+ public void sign(PrivateKey key, AlgorithmParameterSpec signingParams,
+ String algorithm, String provider)
+ throws CertificateException, NoSuchAlgorithmException,
+ InvalidKeyException, InvalidAlgorithmParameterException,
+ NoSuchProviderException, SignatureException {
+ try {
if (readOnly)
throw new CertificateEncodingException(
"cannot over-write existing certificate");
Signature sigEngine = null;
if ((provider == null) || (provider.length() == 0))
*** 546,558 ****
else
sigEngine = Signature.getInstance(algorithm, provider);
sigEngine.initSign(key);
! // in case the name is reset
! algId = AlgorithmId.get(sigEngine.getAlgorithm());
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
// encode certificate info
info.encode(tmp);
--- 603,628 ----
else
sigEngine = Signature.getInstance(algorithm, provider);
sigEngine.initSign(key);
! // set parameters after Signature.initSign/initVerify call, so
! // the deferred provider selection happens when the key is set
! try {
! sigEngine.setParameter(signingParams);
! } catch (UnsupportedOperationException e) {
! // for backward compatibility, only re-throw when
! // parameters is not null
! if (signingParams != null) throw e;
! }
+ // in case the name is reset
+ if (signingParams != null) {
+ algId = AlgorithmId.get(sigEngine.getParameters());
+ } else {
+ algId = AlgorithmId.get(algorithm);
+ }
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
// encode certificate info
info.encode(tmp);
< prev index next >