481 chooseFirstProvider();
482 return this.provider;
483 }
484
485 private String getProviderName() {
486 return (provider == null) ? "(no provider)" : provider.getName();
487 }
488
489 void chooseFirstProvider() {
490 // empty, overridden in Delegate
491 }
492
493 /**
494 * Initializes this object for verification. If this method is called
495 * again with a different argument, it negates the effect
496 * of this call.
497 *
498 * @param publicKey the public key of the identity whose signature is
499 * going to be verified.
500 *
501 * @exception InvalidKeyException if the key is invalid.
502 */
503 public final void initVerify(PublicKey publicKey)
504 throws InvalidKeyException {
505 engineInitVerify(publicKey);
506 state = VERIFY;
507
508 if (!skipDebug && pdebug != null) {
509 pdebug.println("Signature." + algorithm +
510 " verification algorithm from: " + getProviderName());
511 }
512 }
513
514 /**
515 * Initialize this object for verification. If this method is called
516 * again with different arguments, it negates the effect
517 * of this call.
518 *
519 * @param publicKey the public key of the identity whose signature is
520 * going to be verified.
521 * @param params the parameters used for verifying this signature.
522 *
523 * @exception InvalidKeyException if the key is invalid.
524 * @exception InvalidAlgorithmParameterException if the params is invalid.
525 */
526 final void initVerify(PublicKey publicKey, AlgorithmParameterSpec params)
527 throws InvalidKeyException, InvalidAlgorithmParameterException {
528 engineInitVerify(publicKey, params);
529 state = VERIFY;
530
531 if (!skipDebug && pdebug != null) {
532 pdebug.println("Signature." + algorithm +
533 " verification algorithm from: " + getProviderName());
534 }
535 }
536
537 private static PublicKey getPublicKeyFromCert(Certificate cert)
538 throws InvalidKeyException {
539 // If the certificate is of type X509Certificate,
540 // we should check whether it has a Key Usage
541 // extension marked as critical.
542 //if (cert instanceof java.security.cert.X509Certificate) {
543 if (cert instanceof X509Certificate) {
544 // Check whether the cert has a key usage extension
554 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
555 throw new InvalidKeyException("Wrong key usage");
556 }
557 }
558 return cert.getPublicKey();
559 }
560
561 /**
562 * Initializes this object for verification, using the public key from
563 * the given certificate.
564 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
565 * extension field marked as critical, and the value of the <i>key usage</i>
566 * extension field implies that the public key in
567 * the certificate and its corresponding private key are not
568 * supposed to be used for digital signatures, an
569 * {@code InvalidKeyException} is thrown.
570 *
571 * @param certificate the certificate of the identity whose signature is
572 * going to be verified.
573 *
574 * @exception InvalidKeyException if the public key in the certificate
575 * is not encoded properly or does not include required parameter
576 * information or cannot be used for digital signature purposes.
577 * @since 1.3
578 */
579 public final void initVerify(Certificate certificate)
580 throws InvalidKeyException {
581 engineInitVerify(getPublicKeyFromCert(certificate));
582 state = VERIFY;
583
584 if (!skipDebug && pdebug != null) {
585 pdebug.println("Signature." + algorithm +
586 " verification algorithm from: " + getProviderName());
587 }
588 }
589
590 /**
591 * Initializes this object for verification, using the public key from
592 * the given certificate.
593 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
594 * extension field marked as critical, and the value of the <i>key usage</i>
595 * extension field implies that the public key in
596 * the certificate and its corresponding private key are not
597 * supposed to be used for digital signatures, an
598 * {@code InvalidKeyException} is thrown.
599 *
600 * @param certificate the certificate of the identity whose signature is
601 * going to be verified.
602 * @param params the parameters used for verifying this signature.
603 *
604 * @exception InvalidKeyException if the public key in the certificate
605 * is not encoded properly or does not include required parameter
606 * information or cannot be used for digital signature purposes.
607 * @exception InvalidAlgorithmParameterException if the params is invalid.
608 *
609 * @since 13
610 */
611 final void initVerify(Certificate certificate,
612 AlgorithmParameterSpec params)
613 throws InvalidKeyException, InvalidAlgorithmParameterException {
614 engineInitVerify(getPublicKeyFromCert(certificate), params);
615 state = VERIFY;
616
617 if (!skipDebug && pdebug != null) {
618 pdebug.println("Signature." + algorithm +
619 " verification algorithm from: " + getProviderName());
620 }
621 }
622
623 /**
624 * Initialize this object for signing. If this method is called
625 * again with a different argument, it negates the effect
626 * of this call.
627 *
628 * @param privateKey the private key of the identity whose signature
629 * is going to be generated.
630 *
631 * @exception InvalidKeyException if the key is invalid.
632 */
633 public final void initSign(PrivateKey privateKey)
634 throws InvalidKeyException {
635 engineInitSign(privateKey);
636 state = SIGN;
637
638 if (!skipDebug && pdebug != null) {
639 pdebug.println("Signature." + algorithm +
640 " signing algorithm from: " + getProviderName());
641 }
642 }
643
644 /**
645 * Initialize this object for signing. If this method is called
646 * again with a different argument, it negates the effect
647 * of this call.
648 *
649 * @param privateKey the private key of the identity whose signature
650 * is going to be generated.
651 *
652 * @param random the source of randomness for this signature.
653 *
654 * @exception InvalidKeyException if the key is invalid.
655 */
656 public final void initSign(PrivateKey privateKey, SecureRandom random)
657 throws InvalidKeyException {
658 engineInitSign(privateKey, random);
659 state = SIGN;
660
661 if (!skipDebug && pdebug != null) {
662 pdebug.println("Signature." + algorithm +
663 " signing algorithm from: " + getProviderName());
664 }
665 }
666
667 /**
668 * Initialize this object for signing. If this method is called
669 * again with different arguments, it negates the effect
670 * of this call.
671 *
672 * @param privateKey the private key of the identity whose signature
673 * is going to be generated.
674 * @param params the parameters used for generating signature.
675 * @param random the source of randomness for this signature.
676 *
677 * @exception InvalidKeyException if the key is invalid.
678 * @exception InvalidAlgorithmParameterException if the params is invalid
679 */
680 final void initSign(PrivateKey privateKey,
681 AlgorithmParameterSpec params, SecureRandom random)
682 throws InvalidKeyException, InvalidAlgorithmParameterException {
683 engineInitSign(privateKey, params, random);
684 state = SIGN;
685
686 if (!skipDebug && pdebug != null) {
687 pdebug.println("Signature." + algorithm +
688 " signing algorithm from: " + getProviderName());
689 }
690 }
691
692 /**
693 * Returns the signature bytes of all the data updated.
694 * The format of the signature depends on the underlying
695 * signature scheme.
696 *
697 * <p>A call to this method resets this signature object to the state
698 * it was in when previously initialized for signing via a
699 * call to {@code initSign(PrivateKey)}. That is, the object is
700 * reset and available to generate another signature from the same
701 * signer, if desired, via new calls to {@code update} and
702 * {@code sign}.
703 *
704 * @return the signature bytes of the signing operation's result.
705 *
706 * @exception SignatureException if this signature object is not
707 * initialized properly or if this signature algorithm is unable to
708 * process the input data provided.
709 */
710 public final byte[] sign() throws SignatureException {
711 if (state == SIGN) {
712 return engineSign();
713 }
714 throw new SignatureException("object not initialized for " +
715 "signing");
716 }
717
718 /**
719 * Finishes the signature operation and stores the resulting signature
720 * bytes in the provided buffer {@code outbuf}, starting at
721 * {@code offset}.
722 * The format of the signature depends on the underlying
723 * signature scheme.
724 *
725 * <p>This signature object is reset to its initial state (the state it
726 * was in after a call to one of the {@code initSign} methods) and
727 * can be reused to generate further signatures with the same private key.
728 *
729 * @param outbuf buffer for the signature result.
730 *
731 * @param offset offset into {@code outbuf} where the signature is
732 * stored.
733 *
734 * @param len number of bytes within {@code outbuf} allotted for the
735 * signature.
736 *
737 * @return the number of bytes placed into {@code outbuf}.
738 *
739 * @exception SignatureException if this signature object is not
740 * initialized properly, if this signature algorithm is unable to
741 * process the input data provided, or if {@code len} is less
742 * than the actual signature length.
743 * @exception IllegalArgumentException if {@code outbuf} is {@code null},
744 * or {@code offset} or {@code len} is less than 0, or the sum of
745 * {@code offset} and {@code len} is greater than the length of
746 * {@code outbuf}.
747 *
748 * @since 1.2
749 */
750 public final int sign(byte[] outbuf, int offset, int len)
751 throws SignatureException {
752 if (outbuf == null) {
753 throw new IllegalArgumentException("No output buffer given");
754 }
755 if (offset < 0 || len < 0) {
756 throw new IllegalArgumentException("offset or len is less than 0");
757 }
758 if (outbuf.length - offset < len) {
759 throw new IllegalArgumentException
760 ("Output buffer too small for specified offset and length");
761 }
762 if (state != SIGN) {
763 throw new SignatureException("object not initialized for " +
764 "signing");
765 }
766 return engineSign(outbuf, offset, len);
767 }
768
769 /**
770 * Verifies the passed-in signature.
771 *
772 * <p>A call to this method resets this signature object to the state
773 * it was in when previously initialized for verification via a
774 * call to {@code initVerify(PublicKey)}. That is, the object is
775 * reset and available to verify another signature from the identity
776 * whose public key was specified in the call to {@code initVerify}.
777 *
778 * @param signature the signature bytes to be verified.
779 *
780 * @return true if the signature was verified, false if not.
781 *
782 * @exception SignatureException if this signature object is not
783 * initialized properly, the passed-in signature is improperly
784 * encoded or of the wrong type, if this signature algorithm is unable to
785 * process the input data provided, etc.
786 */
787 public final boolean verify(byte[] signature) throws SignatureException {
788 if (state == VERIFY) {
789 return engineVerify(signature);
790 }
791 throw new SignatureException("object not initialized for " +
792 "verification");
793 }
794
795 /**
796 * Verifies the passed-in signature in the specified array
797 * of bytes, starting at the specified offset.
798 *
799 * <p>A call to this method resets this signature object to the state
800 * it was in when previously initialized for verification via a
801 * call to {@code initVerify(PublicKey)}. That is, the object is
802 * reset and available to verify another signature from the identity
803 * whose public key was specified in the call to {@code initVerify}.
804 *
805 *
806 * @param signature the signature bytes to be verified.
807 * @param offset the offset to start from in the array of bytes.
808 * @param length the number of bytes to use, starting at offset.
809 *
810 * @return true if the signature was verified, false if not.
811 *
812 * @exception SignatureException if this signature object is not
813 * initialized properly, the passed-in signature is improperly
814 * encoded or of the wrong type, if this signature algorithm is unable to
815 * process the input data provided, etc.
816 * @exception IllegalArgumentException if the {@code signature}
817 * byte array is {@code null}, or the {@code offset} or {@code length}
818 * is less than 0, or the sum of the {@code offset} and
819 * {@code length} is greater than the length of the
820 * {@code signature} byte array.
821 * @since 1.4
822 */
823 public final boolean verify(byte[] signature, int offset, int length)
824 throws SignatureException {
825 if (state == VERIFY) {
826 if (signature == null) {
827 throw new IllegalArgumentException("signature is null");
828 }
829 if (offset < 0 || length < 0) {
830 throw new IllegalArgumentException
831 ("offset or length is less than 0");
832 }
833 if (signature.length - offset < length) {
834 throw new IllegalArgumentException
835 ("signature too small for specified offset and length");
836 }
837
838 return engineVerify(signature, offset, length);
839 }
840 throw new SignatureException("object not initialized for " +
841 "verification");
842 }
843
844 /**
845 * Updates the data to be signed or verified by a byte.
846 *
847 * @param b the byte to use for the update.
848 *
849 * @exception SignatureException if this signature object is not
850 * initialized properly.
851 */
852 public final void update(byte b) throws SignatureException {
853 if (state == VERIFY || state == SIGN) {
854 engineUpdate(b);
855 } else {
856 throw new SignatureException("object not initialized for "
857 + "signature or verification");
858 }
859 }
860
861 /**
862 * Updates the data to be signed or verified, using the specified
863 * array of bytes.
864 *
865 * @param data the byte array to use for the update.
866 *
867 * @exception SignatureException if this signature object is not
868 * initialized properly.
869 */
870 public final void update(byte[] data) throws SignatureException {
871 update(data, 0, data.length);
872 }
873
874 /**
875 * Updates the data to be signed or verified, using the specified
876 * array of bytes, starting at the specified offset.
877 *
878 * @param data the array of bytes.
879 * @param off the offset to start from in the array of bytes.
880 * @param len the number of bytes to use, starting at offset.
881 *
882 * @exception SignatureException if this signature object is not
883 * initialized properly.
884 * @exception IllegalArgumentException if {@code data} is {@code null},
885 * or {@code off} or {@code len} is less than 0, or the sum of
886 * {@code off} and {@code len} is greater than the length of
887 * {@code data}.
888 */
889 public final void update(byte[] data, int off, int len)
890 throws SignatureException {
891 if (state == SIGN || state == VERIFY) {
892 if (data == null) {
893 throw new IllegalArgumentException("data is null");
894 }
895 if (off < 0 || len < 0) {
896 throw new IllegalArgumentException("off or len is less than 0");
897 }
898 if (data.length - off < len) {
899 throw new IllegalArgumentException
900 ("data too small for specified offset and length");
901 }
902 engineUpdate(data, off, len);
903 } else {
904 throw new SignatureException("object not initialized for "
905 + "signature or verification");
906 }
907 }
908
909 /**
910 * Updates the data to be signed or verified using the specified
911 * ByteBuffer. Processes the {@code data.remaining()} bytes
912 * starting at {@code data.position()}.
913 * Upon return, the buffer's position will be equal to its limit;
914 * its limit will not have changed.
915 *
916 * @param data the ByteBuffer
917 *
918 * @exception SignatureException if this signature object is not
919 * initialized properly.
920 * @since 1.5
921 */
922 public final void update(ByteBuffer data) throws SignatureException {
923 if ((state != SIGN) && (state != VERIFY)) {
924 throw new SignatureException("object not initialized for "
925 + "signature or verification");
926 }
927 if (data == null) {
928 throw new NullPointerException();
929 }
930 engineUpdate(data);
931 }
932
933 /**
934 * Returns the name of the algorithm for this signature object.
935 *
936 * @return the name of the algorithm for this signature object.
937 */
938 public final String getAlgorithm() {
959 initState = "<initialized for signing>";
960 break;
961 }
962 return "Signature object: " + getAlgorithm() + initState;
963 }
964
965 /**
966 * Sets the specified algorithm parameter to the specified value.
967 * This method supplies a general-purpose mechanism through
968 * which it is possible to set the various parameters of this object.
969 * A parameter may be any settable parameter for the algorithm, such as
970 * a parameter size, or a source of random bits for signature generation
971 * (if appropriate), or an indication of whether or not to perform
972 * a specific but optional computation. A uniform algorithm-specific
973 * naming scheme for each parameter is desirable but left unspecified
974 * at this time.
975 *
976 * @param param the string identifier of the parameter.
977 * @param value the parameter value.
978 *
979 * @exception InvalidParameterException if {@code param} is an
980 * invalid parameter for this signature algorithm engine,
981 * the parameter is already set
982 * and cannot be set again, a security exception occurs, and so on.
983 *
984 * @see #getParameter
985 *
986 * @deprecated Use
987 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
988 * setParameter}.
989 */
990 @Deprecated
991 public final void setParameter(String param, Object value)
992 throws InvalidParameterException {
993 engineSetParameter(param, value);
994 }
995
996 /**
997 * Initializes this signature engine with the specified parameter set.
998 *
999 * @param params the parameters
1000 *
1001 * @exception InvalidAlgorithmParameterException if the given parameters
1002 * are inappropriate for this signature engine
1003 *
1004 * @see #getParameters
1005 */
1006 public final void setParameter(AlgorithmParameterSpec params)
1007 throws InvalidAlgorithmParameterException {
1008 engineSetParameter(params);
1009 }
1010
1011 /**
1012 * Returns the parameters used with this signature object.
1013 *
1014 * <p> If this signature has been previously initialized with parameters
1015 * (by calling the {@code setParameter} method), this method returns
1016 * the same parameters. If this signature has not been initialized with
1017 * parameters, this method may return a combination of default and
1018 * randomly generated parameter values if the underlying
1019 * signature implementation supports it and can successfully generate
1020 * them. Otherwise, {@code null} is returned.
1021 *
1026 */
1027 public final AlgorithmParameters getParameters() {
1028 return engineGetParameters();
1029 }
1030
1031 /**
1032 * Gets the value of the specified algorithm parameter. This method
1033 * supplies a general-purpose mechanism through which it is possible to
1034 * get the various parameters of this object. A parameter may be any
1035 * settable parameter for the algorithm, such as a parameter size, or
1036 * a source of random bits for signature generation (if appropriate),
1037 * or an indication of whether or not to perform a specific but optional
1038 * computation. A uniform algorithm-specific naming scheme for each
1039 * parameter is desirable but left unspecified at this time.
1040 *
1041 * @param param the string name of the parameter.
1042 *
1043 * @return the object that represents the parameter value, or {@code null} if
1044 * there is none.
1045 *
1046 * @exception InvalidParameterException if {@code param} is an invalid
1047 * parameter for this engine, or another exception occurs while
1048 * trying to get this parameter.
1049 *
1050 * @see #setParameter(String, Object)
1051 *
1052 * @deprecated
1053 */
1054 @Deprecated
1055 public final Object getParameter(String param)
1056 throws InvalidParameterException {
1057 return engineGetParameter(param);
1058 }
1059
1060 /**
1061 * Returns a clone if the implementation is cloneable.
1062 *
1063 * @return a clone if the implementation is cloneable.
1064 *
1065 * @exception CloneNotSupportedException if this is called
1066 * on an implementation that does not support {@code Cloneable}.
1067 */
1068 public Object clone() throws CloneNotSupportedException {
1069 if (this instanceof Cloneable) {
1070 return super.clone();
1071 } else {
1072 throw new CloneNotSupportedException();
1073 }
1074 }
1075
1076 /*
1077 * The following class allows providers to extend from SignatureSpi
1078 * rather than from Signature. It represents a Signature with an
1079 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
1080 * If the provider implementation is an instance of SignatureSpi, the
1081 * getInstance() methods above return an instance of this class, with
1082 * the SPI object encapsulated.
1083 *
1084 * Note: All SPI methods from the original Signature class have been
1085 * moved up the hierarchy into a new class (SignatureSpi), which has
1109 Delegate(SignatureSpi sigSpi, String algorithm) {
1110 super(algorithm);
1111 this.sigSpi = sigSpi;
1112 this.lock = null; // no lock needed
1113 }
1114
1115 // used with delayed provider selection
1116 Delegate(Service service,
1117 Iterator<Service> iterator, String algorithm) {
1118 super(algorithm);
1119 this.firstService = service;
1120 this.serviceIterator = iterator;
1121 this.lock = new Object();
1122 }
1123
1124 /**
1125 * Returns a clone if the delegate is cloneable.
1126 *
1127 * @return a clone if the delegate is cloneable.
1128 *
1129 * @exception CloneNotSupportedException if this is called on a
1130 * delegate that does not support {@code Cloneable}.
1131 */
1132 public Object clone() throws CloneNotSupportedException {
1133 chooseFirstProvider();
1134 if (sigSpi instanceof Cloneable) {
1135 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
1136 // Because 'algorithm' and 'provider' are private
1137 // members of our supertype, we must perform a cast to
1138 // access them.
1139 Signature that =
1140 new Delegate(sigSpiClone, ((Signature)this).algorithm);
1141 that.provider = ((Signature)this).provider;
1142 return that;
1143 } else {
1144 throw new CloneNotSupportedException();
1145 }
1146 }
1147
1148 private static SignatureSpi newInstance(Service s)
1149 throws NoSuchAlgorithmException {
|
481 chooseFirstProvider();
482 return this.provider;
483 }
484
485 private String getProviderName() {
486 return (provider == null) ? "(no provider)" : provider.getName();
487 }
488
489 void chooseFirstProvider() {
490 // empty, overridden in Delegate
491 }
492
493 /**
494 * Initializes this object for verification. If this method is called
495 * again with a different argument, it negates the effect
496 * of this call.
497 *
498 * @param publicKey the public key of the identity whose signature is
499 * going to be verified.
500 *
501 * @throws InvalidKeyException if the key is invalid.
502 */
503 public final void initVerify(PublicKey publicKey)
504 throws InvalidKeyException {
505 engineInitVerify(publicKey);
506 state = VERIFY;
507
508 if (!skipDebug && pdebug != null) {
509 pdebug.println("Signature." + algorithm +
510 " verification algorithm from: " + getProviderName());
511 }
512 }
513
514 /**
515 * Initialize this object for verification. If this method is called
516 * again with different arguments, it negates the effect
517 * of this call.
518 *
519 * @param publicKey the public key of the identity whose signature is
520 * going to be verified.
521 * @param params the parameters used for verifying this signature.
522 *
523 * @throws InvalidKeyException if the key is invalid.
524 * @throws InvalidAlgorithmParameterException if the params is invalid.
525 */
526 final void initVerify(PublicKey publicKey, AlgorithmParameterSpec params)
527 throws InvalidKeyException, InvalidAlgorithmParameterException {
528 engineInitVerify(publicKey, params);
529 state = VERIFY;
530
531 if (!skipDebug && pdebug != null) {
532 pdebug.println("Signature." + algorithm +
533 " verification algorithm from: " + getProviderName());
534 }
535 }
536
537 private static PublicKey getPublicKeyFromCert(Certificate cert)
538 throws InvalidKeyException {
539 // If the certificate is of type X509Certificate,
540 // we should check whether it has a Key Usage
541 // extension marked as critical.
542 //if (cert instanceof java.security.cert.X509Certificate) {
543 if (cert instanceof X509Certificate) {
544 // Check whether the cert has a key usage extension
554 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
555 throw new InvalidKeyException("Wrong key usage");
556 }
557 }
558 return cert.getPublicKey();
559 }
560
561 /**
562 * Initializes this object for verification, using the public key from
563 * the given certificate.
564 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
565 * extension field marked as critical, and the value of the <i>key usage</i>
566 * extension field implies that the public key in
567 * the certificate and its corresponding private key are not
568 * supposed to be used for digital signatures, an
569 * {@code InvalidKeyException} is thrown.
570 *
571 * @param certificate the certificate of the identity whose signature is
572 * going to be verified.
573 *
574 * @throws InvalidKeyException if the public key in the certificate
575 * is not encoded properly or does not include required parameter
576 * information or cannot be used for digital signature purposes.
577 * @since 1.3
578 */
579 public final void initVerify(Certificate certificate)
580 throws InvalidKeyException {
581 engineInitVerify(getPublicKeyFromCert(certificate));
582 state = VERIFY;
583
584 if (!skipDebug && pdebug != null) {
585 pdebug.println("Signature." + algorithm +
586 " verification algorithm from: " + getProviderName());
587 }
588 }
589
590 /**
591 * Initializes this object for verification, using the public key from
592 * the given certificate.
593 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
594 * extension field marked as critical, and the value of the <i>key usage</i>
595 * extension field implies that the public key in
596 * the certificate and its corresponding private key are not
597 * supposed to be used for digital signatures, an
598 * {@code InvalidKeyException} is thrown.
599 *
600 * @param certificate the certificate of the identity whose signature is
601 * going to be verified.
602 * @param params the parameters used for verifying this signature.
603 *
604 * @throws InvalidKeyException if the public key in the certificate
605 * is not encoded properly or does not include required parameter
606 * information or cannot be used for digital signature purposes.
607 * @throws InvalidAlgorithmParameterException if the params is invalid.
608 *
609 * @since 13
610 */
611 final void initVerify(Certificate certificate,
612 AlgorithmParameterSpec params)
613 throws InvalidKeyException, InvalidAlgorithmParameterException {
614 engineInitVerify(getPublicKeyFromCert(certificate), params);
615 state = VERIFY;
616
617 if (!skipDebug && pdebug != null) {
618 pdebug.println("Signature." + algorithm +
619 " verification algorithm from: " + getProviderName());
620 }
621 }
622
623 /**
624 * Initialize this object for signing. If this method is called
625 * again with a different argument, it negates the effect
626 * of this call.
627 *
628 * @param privateKey the private key of the identity whose signature
629 * is going to be generated.
630 *
631 * @throws InvalidKeyException if the key is invalid.
632 */
633 public final void initSign(PrivateKey privateKey)
634 throws InvalidKeyException {
635 engineInitSign(privateKey);
636 state = SIGN;
637
638 if (!skipDebug && pdebug != null) {
639 pdebug.println("Signature." + algorithm +
640 " signing algorithm from: " + getProviderName());
641 }
642 }
643
644 /**
645 * Initialize this object for signing. If this method is called
646 * again with a different argument, it negates the effect
647 * of this call.
648 *
649 * @param privateKey the private key of the identity whose signature
650 * is going to be generated.
651 *
652 * @param random the source of randomness for this signature.
653 *
654 * @throws InvalidKeyException if the key is invalid.
655 */
656 public final void initSign(PrivateKey privateKey, SecureRandom random)
657 throws InvalidKeyException {
658 engineInitSign(privateKey, random);
659 state = SIGN;
660
661 if (!skipDebug && pdebug != null) {
662 pdebug.println("Signature." + algorithm +
663 " signing algorithm from: " + getProviderName());
664 }
665 }
666
667 /**
668 * Initialize this object for signing. If this method is called
669 * again with different arguments, it negates the effect
670 * of this call.
671 *
672 * @param privateKey the private key of the identity whose signature
673 * is going to be generated.
674 * @param params the parameters used for generating signature.
675 * @param random the source of randomness for this signature.
676 *
677 * @throws InvalidKeyException if the key is invalid.
678 * @throws InvalidAlgorithmParameterException if the params is invalid
679 */
680 final void initSign(PrivateKey privateKey,
681 AlgorithmParameterSpec params, SecureRandom random)
682 throws InvalidKeyException, InvalidAlgorithmParameterException {
683 engineInitSign(privateKey, params, random);
684 state = SIGN;
685
686 if (!skipDebug && pdebug != null) {
687 pdebug.println("Signature." + algorithm +
688 " signing algorithm from: " + getProviderName());
689 }
690 }
691
692 /**
693 * Returns the signature bytes of all the data updated.
694 * The format of the signature depends on the underlying
695 * signature scheme.
696 *
697 * <p>A call to this method resets this signature object to the state
698 * it was in when previously initialized for signing via a
699 * call to {@code initSign(PrivateKey)}. That is, the object is
700 * reset and available to generate another signature from the same
701 * signer, if desired, via new calls to {@code update} and
702 * {@code sign}.
703 *
704 * @return the signature bytes of the signing operation's result.
705 *
706 * @throws SignatureException if this signature object is not
707 * initialized properly or if this signature algorithm is unable to
708 * process the input data provided.
709 */
710 public final byte[] sign() throws SignatureException {
711 if (state == SIGN) {
712 return engineSign();
713 }
714 throw new SignatureException("object not initialized for " +
715 "signing");
716 }
717
718 /**
719 * Finishes the signature operation and stores the resulting signature
720 * bytes in the provided buffer {@code outbuf}, starting at
721 * {@code offset}.
722 * The format of the signature depends on the underlying
723 * signature scheme.
724 *
725 * <p>This signature object is reset to its initial state (the state it
726 * was in after a call to one of the {@code initSign} methods) and
727 * can be reused to generate further signatures with the same private key.
728 *
729 * @param outbuf buffer for the signature result.
730 *
731 * @param offset offset into {@code outbuf} where the signature is
732 * stored.
733 *
734 * @param len number of bytes within {@code outbuf} allotted for the
735 * signature.
736 *
737 * @return the number of bytes placed into {@code outbuf}.
738 *
739 * @throws SignatureException if this signature object is not
740 * initialized properly, if this signature algorithm is unable to
741 * process the input data provided, or if {@code len} is less
742 * than the actual signature length.
743 * @throws IllegalArgumentException if {@code outbuf} is {@code null},
744 * or {@code offset} or {@code len} is less than 0, or the sum of
745 * {@code offset} and {@code len} is greater than the length of
746 * {@code outbuf}.
747 *
748 * @since 1.2
749 */
750 public final int sign(byte[] outbuf, int offset, int len)
751 throws SignatureException {
752 if (outbuf == null) {
753 throw new IllegalArgumentException("No output buffer given");
754 }
755 if (offset < 0 || len < 0) {
756 throw new IllegalArgumentException("offset or len is less than 0");
757 }
758 if (outbuf.length - offset < len) {
759 throw new IllegalArgumentException
760 ("Output buffer too small for specified offset and length");
761 }
762 if (state != SIGN) {
763 throw new SignatureException("object not initialized for " +
764 "signing");
765 }
766 return engineSign(outbuf, offset, len);
767 }
768
769 /**
770 * Verifies the passed-in signature.
771 *
772 * <p>A call to this method resets this signature object to the state
773 * it was in when previously initialized for verification via a
774 * call to {@code initVerify(PublicKey)}. That is, the object is
775 * reset and available to verify another signature from the identity
776 * whose public key was specified in the call to {@code initVerify}.
777 *
778 * @param signature the signature bytes to be verified.
779 *
780 * @return true if the signature was verified, false if not.
781 *
782 * @throws SignatureException if this signature object is not
783 * initialized properly, the passed-in signature is improperly
784 * encoded or of the wrong type, if this signature algorithm is unable to
785 * process the input data provided, etc.
786 */
787 public final boolean verify(byte[] signature) throws SignatureException {
788 if (state == VERIFY) {
789 return engineVerify(signature);
790 }
791 throw new SignatureException("object not initialized for " +
792 "verification");
793 }
794
795 /**
796 * Verifies the passed-in signature in the specified array
797 * of bytes, starting at the specified offset.
798 *
799 * <p>A call to this method resets this signature object to the state
800 * it was in when previously initialized for verification via a
801 * call to {@code initVerify(PublicKey)}. That is, the object is
802 * reset and available to verify another signature from the identity
803 * whose public key was specified in the call to {@code initVerify}.
804 *
805 *
806 * @param signature the signature bytes to be verified.
807 * @param offset the offset to start from in the array of bytes.
808 * @param length the number of bytes to use, starting at offset.
809 *
810 * @return true if the signature was verified, false if not.
811 *
812 * @throws SignatureException if this signature object is not
813 * initialized properly, the passed-in signature is improperly
814 * encoded or of the wrong type, if this signature algorithm is unable to
815 * process the input data provided, etc.
816 * @throws IllegalArgumentException if the {@code signature}
817 * byte array is {@code null}, or the {@code offset} or {@code length}
818 * is less than 0, or the sum of the {@code offset} and
819 * {@code length} is greater than the length of the
820 * {@code signature} byte array.
821 * @since 1.4
822 */
823 public final boolean verify(byte[] signature, int offset, int length)
824 throws SignatureException {
825 if (state == VERIFY) {
826 if (signature == null) {
827 throw new IllegalArgumentException("signature is null");
828 }
829 if (offset < 0 || length < 0) {
830 throw new IllegalArgumentException
831 ("offset or length is less than 0");
832 }
833 if (signature.length - offset < length) {
834 throw new IllegalArgumentException
835 ("signature too small for specified offset and length");
836 }
837
838 return engineVerify(signature, offset, length);
839 }
840 throw new SignatureException("object not initialized for " +
841 "verification");
842 }
843
844 /**
845 * Updates the data to be signed or verified by a byte.
846 *
847 * @param b the byte to use for the update.
848 *
849 * @throws SignatureException if this signature object is not
850 * initialized properly.
851 */
852 public final void update(byte b) throws SignatureException {
853 if (state == VERIFY || state == SIGN) {
854 engineUpdate(b);
855 } else {
856 throw new SignatureException("object not initialized for "
857 + "signature or verification");
858 }
859 }
860
861 /**
862 * Updates the data to be signed or verified, using the specified
863 * array of bytes.
864 *
865 * @param data the byte array to use for the update.
866 *
867 * @throws SignatureException if this signature object is not
868 * initialized properly.
869 */
870 public final void update(byte[] data) throws SignatureException {
871 update(data, 0, data.length);
872 }
873
874 /**
875 * Updates the data to be signed or verified, using the specified
876 * array of bytes, starting at the specified offset.
877 *
878 * @param data the array of bytes.
879 * @param off the offset to start from in the array of bytes.
880 * @param len the number of bytes to use, starting at offset.
881 *
882 * @throws SignatureException if this signature object is not
883 * initialized properly.
884 * @throws IllegalArgumentException if {@code data} is {@code null},
885 * or {@code off} or {@code len} is less than 0, or the sum of
886 * {@code off} and {@code len} is greater than the length of
887 * {@code data}.
888 */
889 public final void update(byte[] data, int off, int len)
890 throws SignatureException {
891 if (state == SIGN || state == VERIFY) {
892 if (data == null) {
893 throw new IllegalArgumentException("data is null");
894 }
895 if (off < 0 || len < 0) {
896 throw new IllegalArgumentException("off or len is less than 0");
897 }
898 if (data.length - off < len) {
899 throw new IllegalArgumentException
900 ("data too small for specified offset and length");
901 }
902 engineUpdate(data, off, len);
903 } else {
904 throw new SignatureException("object not initialized for "
905 + "signature or verification");
906 }
907 }
908
909 /**
910 * Updates the data to be signed or verified using the specified
911 * ByteBuffer. Processes the {@code data.remaining()} bytes
912 * starting at {@code data.position()}.
913 * Upon return, the buffer's position will be equal to its limit;
914 * its limit will not have changed.
915 *
916 * @param data the ByteBuffer
917 *
918 * @throws SignatureException if this signature object is not
919 * initialized properly.
920 * @since 1.5
921 */
922 public final void update(ByteBuffer data) throws SignatureException {
923 if ((state != SIGN) && (state != VERIFY)) {
924 throw new SignatureException("object not initialized for "
925 + "signature or verification");
926 }
927 if (data == null) {
928 throw new NullPointerException();
929 }
930 engineUpdate(data);
931 }
932
933 /**
934 * Returns the name of the algorithm for this signature object.
935 *
936 * @return the name of the algorithm for this signature object.
937 */
938 public final String getAlgorithm() {
959 initState = "<initialized for signing>";
960 break;
961 }
962 return "Signature object: " + getAlgorithm() + initState;
963 }
964
965 /**
966 * Sets the specified algorithm parameter to the specified value.
967 * This method supplies a general-purpose mechanism through
968 * which it is possible to set the various parameters of this object.
969 * A parameter may be any settable parameter for the algorithm, such as
970 * a parameter size, or a source of random bits for signature generation
971 * (if appropriate), or an indication of whether or not to perform
972 * a specific but optional computation. A uniform algorithm-specific
973 * naming scheme for each parameter is desirable but left unspecified
974 * at this time.
975 *
976 * @param param the string identifier of the parameter.
977 * @param value the parameter value.
978 *
979 * @throws InvalidParameterException if {@code param} is an
980 * invalid parameter for this signature algorithm engine,
981 * the parameter is already set
982 * and cannot be set again, a security exception occurs, and so on.
983 *
984 * @see #getParameter
985 *
986 * @deprecated Use
987 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
988 * setParameter}.
989 */
990 @Deprecated
991 public final void setParameter(String param, Object value)
992 throws InvalidParameterException {
993 engineSetParameter(param, value);
994 }
995
996 /**
997 * Initializes this signature engine with the specified parameter set.
998 *
999 * @param params the parameters
1000 *
1001 * @throws InvalidAlgorithmParameterException if the given parameters
1002 * are inappropriate for this signature engine
1003 *
1004 * @see #getParameters
1005 */
1006 public final void setParameter(AlgorithmParameterSpec params)
1007 throws InvalidAlgorithmParameterException {
1008 engineSetParameter(params);
1009 }
1010
1011 /**
1012 * Returns the parameters used with this signature object.
1013 *
1014 * <p> If this signature has been previously initialized with parameters
1015 * (by calling the {@code setParameter} method), this method returns
1016 * the same parameters. If this signature has not been initialized with
1017 * parameters, this method may return a combination of default and
1018 * randomly generated parameter values if the underlying
1019 * signature implementation supports it and can successfully generate
1020 * them. Otherwise, {@code null} is returned.
1021 *
1026 */
1027 public final AlgorithmParameters getParameters() {
1028 return engineGetParameters();
1029 }
1030
1031 /**
1032 * Gets the value of the specified algorithm parameter. This method
1033 * supplies a general-purpose mechanism through which it is possible to
1034 * get the various parameters of this object. A parameter may be any
1035 * settable parameter for the algorithm, such as a parameter size, or
1036 * a source of random bits for signature generation (if appropriate),
1037 * or an indication of whether or not to perform a specific but optional
1038 * computation. A uniform algorithm-specific naming scheme for each
1039 * parameter is desirable but left unspecified at this time.
1040 *
1041 * @param param the string name of the parameter.
1042 *
1043 * @return the object that represents the parameter value, or {@code null} if
1044 * there is none.
1045 *
1046 * @throws InvalidParameterException if {@code param} is an invalid
1047 * parameter for this engine, or another exception occurs while
1048 * trying to get this parameter.
1049 *
1050 * @see #setParameter(String, Object)
1051 *
1052 * @deprecated
1053 */
1054 @Deprecated
1055 public final Object getParameter(String param)
1056 throws InvalidParameterException {
1057 return engineGetParameter(param);
1058 }
1059
1060 /**
1061 * Returns a clone if the implementation is cloneable.
1062 *
1063 * @return a clone if the implementation is cloneable.
1064 *
1065 * @throws CloneNotSupportedException if this is called
1066 * on an implementation that does not support {@code Cloneable}.
1067 */
1068 public Object clone() throws CloneNotSupportedException {
1069 if (this instanceof Cloneable) {
1070 return super.clone();
1071 } else {
1072 throw new CloneNotSupportedException();
1073 }
1074 }
1075
1076 /*
1077 * The following class allows providers to extend from SignatureSpi
1078 * rather than from Signature. It represents a Signature with an
1079 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
1080 * If the provider implementation is an instance of SignatureSpi, the
1081 * getInstance() methods above return an instance of this class, with
1082 * the SPI object encapsulated.
1083 *
1084 * Note: All SPI methods from the original Signature class have been
1085 * moved up the hierarchy into a new class (SignatureSpi), which has
1109 Delegate(SignatureSpi sigSpi, String algorithm) {
1110 super(algorithm);
1111 this.sigSpi = sigSpi;
1112 this.lock = null; // no lock needed
1113 }
1114
1115 // used with delayed provider selection
1116 Delegate(Service service,
1117 Iterator<Service> iterator, String algorithm) {
1118 super(algorithm);
1119 this.firstService = service;
1120 this.serviceIterator = iterator;
1121 this.lock = new Object();
1122 }
1123
1124 /**
1125 * Returns a clone if the delegate is cloneable.
1126 *
1127 * @return a clone if the delegate is cloneable.
1128 *
1129 * @throws CloneNotSupportedException if this is called on a
1130 * delegate that does not support {@code Cloneable}.
1131 */
1132 public Object clone() throws CloneNotSupportedException {
1133 chooseFirstProvider();
1134 if (sigSpi instanceof Cloneable) {
1135 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
1136 // Because 'algorithm' and 'provider' are private
1137 // members of our supertype, we must perform a cast to
1138 // access them.
1139 Signature that =
1140 new Delegate(sigSpiClone, ((Signature)this).algorithm);
1141 that.provider = ((Signature)this).provider;
1142 return that;
1143 } else {
1144 throw new CloneNotSupportedException();
1145 }
1146 }
1147
1148 private static SignatureSpi newInstance(Service s)
1149 throws NoSuchAlgorithmException {
|