1 /*
2 * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.security.spec.AlgorithmParameterSpec;
29 import java.util.*;
30 import java.util.concurrent.ConcurrentHashMap;
31 import java.io.*;
32 import java.security.cert.Certificate;
33 import java.security.cert.X509Certificate;
34
35 import java.nio.ByteBuffer;
36
37 import java.security.Provider.Service;
38
39 import javax.crypto.Cipher;
40 import javax.crypto.IllegalBlockSizeException;
41 import javax.crypto.BadPaddingException;
42 import javax.crypto.NoSuchPaddingException;
43
44 import sun.security.util.Debug;
45 import sun.security.jca.*;
46 import sun.security.jca.GetInstance.Instance;
47
48 /**
49 * The Signature class is used to provide applications the functionality
50 * of a digital signature algorithm. Digital signatures are used for
51 * authentication and integrity assurance of digital data.
52 *
53 * <p> The signature algorithm can be, among others, the NIST standard
54 * DSA, using DSA and SHA-1. The DSA algorithm using the
55 * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}.
56 * In the case of RSA, there are multiple choices for the message digest
57 * algorithm, so the signing algorithm could be specified as, for example,
58 * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}.
59 * The algorithm name must be specified, as there is no default.
60 *
61 * <p> A Signature object can be used to generate and verify digital
62 * signatures.
63 *
64 * <p> There are three phases to the use of a Signature object for
65 * either signing data or verifying a signature:<ol>
66 *
67 * <li>Initialization, with either
68 *
69 * <ul>
70 *
71 * <li>a public key, which initializes the signature for
72 * verification (see {@link #initVerify(PublicKey) initVerify}), or
73 *
74 * <li>a private key (and optionally a Secure Random Number Generator),
75 * which initializes the signature for signing
76 * (see {@link #initSign(PrivateKey)}
77 * and {@link #initSign(PrivateKey, SecureRandom)}).
78 *
79 * </ul>
80 *
81 * <li>Updating
82 *
83 * <p>Depending on the type of initialization, this will update the
84 * bytes to be signed or verified. See the
85 * {@link #update(byte) update} methods.
86 *
87 * <li>Signing or Verifying a signature on all updated bytes. See the
88 * {@link #sign() sign} methods and the {@link #verify(byte[]) verify}
89 * method.
90 *
91 * </ol>
92 *
93 * <p>Note that this class is abstract and extends from
94 * {@code SignatureSpi} for historical reasons.
95 * Application developers should only take notice of the methods defined in
96 * this {@code Signature} class; all the methods in
97 * the superclass are intended for cryptographic service providers who wish to
98 * supply their own implementations of digital signature algorithms.
99 *
100 * <p> Every implementation of the Java platform is required to support the
101 * following standard {@code Signature} algorithms:
102 * <ul>
103 * <li>{@code SHA1withDSA}</li>
104 * <li>{@code SHA256withDSA}</li>
105 * <li>{@code SHA1withRSA}</li>
106 * <li>{@code SHA256withRSA}</li>
107 * </ul>
108 * These algorithms are described in the <a href=
109 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
110 * Signature section</a> of the
111 * Java Cryptography Architecture Standard Algorithm Name Documentation.
112 * Consult the release documentation for your implementation to see if any
113 * other algorithms are supported.
114 *
115 * @author Benjamin Renaud
116 *
117 */
118
119 public abstract class Signature extends SignatureSpi {
120
121 private static final Debug debug =
122 Debug.getInstance("jca", "Signature");
123
124 private static final Debug pdebug =
125 Debug.getInstance("provider", "Provider");
126 private static final boolean skipDebug =
127 Debug.isOn("engine=") && !Debug.isOn("signature");
128
129 /*
130 * The algorithm for this signature object.
131 * This value is used to map an OID to the particular algorithm.
132 * The mapping is done in AlgorithmObject.algOID(String algorithm)
133 */
134 private String algorithm;
135
136 // The provider
137 Provider provider;
138
139 /**
140 * Possible {@link #state} value, signifying that
141 * this signature object has not yet been initialized.
142 */
143 protected static final int UNINITIALIZED = 0;
144
145 /**
146 * Possible {@link #state} value, signifying that
147 * this signature object has been initialized for signing.
148 */
149 protected static final int SIGN = 2;
150
151 /**
152 * Possible {@link #state} value, signifying that
153 * this signature object has been initialized for verification.
154 */
155 protected static final int VERIFY = 3;
156
157 /**
158 * Current state of this signature object.
159 */
160 protected int state = UNINITIALIZED;
161
162 /**
163 * Creates a Signature object for the specified algorithm.
164 *
165 * @param algorithm the standard string name of the algorithm.
166 * See the Signature section in the <a href=
167 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
168 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
169 * for information about standard algorithm names.
170 */
171 protected Signature(String algorithm) {
172 this.algorithm = algorithm;
173 }
174
175 // name of the special signature alg
176 private static final String RSA_SIGNATURE = "NONEwithRSA";
177
178 // name of the equivalent cipher alg
179 private static final String RSA_CIPHER = "RSA/ECB/PKCS1Padding";
180
181 // all the services we need to lookup for compatibility with Cipher
182 private static final List<ServiceId> rsaIds = List.of(
183 new ServiceId("Signature", "NONEwithRSA"),
184 new ServiceId("Cipher", "RSA/ECB/PKCS1Padding"),
185 new ServiceId("Cipher", "RSA/ECB"),
186 new ServiceId("Cipher", "RSA//PKCS1Padding"),
187 new ServiceId("Cipher", "RSA"));
188
189 /**
190 * Returns a Signature object that implements the specified signature
191 * algorithm.
192 *
193 * <p> This method traverses the list of registered security Providers,
194 * starting with the most preferred Provider.
195 * A new Signature object encapsulating the
196 * SignatureSpi implementation from the first
197 * Provider that supports the specified algorithm is returned.
198 *
199 * <p> Note that the list of registered providers may be retrieved via
200 * the {@link Security#getProviders() Security.getProviders()} method.
201 *
202 * @implNote
203 * The JDK Reference Implementation additionally uses the
204 * {@code jdk.security.provider.preferred}
205 * {@link Security#getProperty(String) Security} property to determine
206 * the preferred provider order for the specified algorithm. This
207 * may be different than the order of providers returned by
208 * {@link Security#getProviders() Security.getProviders()}.
209 *
210 * @param algorithm the standard name of the algorithm requested.
211 * See the Signature section in the <a href=
212 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
213 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
214 * for information about standard algorithm names.
215 *
216 * @return the new {@code Signature} object
217 *
218 * @throws NoSuchAlgorithmException if no {@code Provider} supports a
219 * {@code Signature} implementation for the
220 * specified algorithm
221 *
222 * @throws NullPointerException if {@code algorithm} is {@code null}
223 *
224 * @see Provider
225 */
226 public static Signature getInstance(String algorithm)
227 throws NoSuchAlgorithmException {
228 Objects.requireNonNull(algorithm, "null algorithm name");
229 List<Service> list;
230 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
231 list = GetInstance.getServices(rsaIds);
232 } else {
233 list = GetInstance.getServices("Signature", algorithm);
234 }
235 Iterator<Service> t = list.iterator();
236 if (t.hasNext() == false) {
237 throw new NoSuchAlgorithmException
238 (algorithm + " Signature not available");
239 }
240 // try services until we find an Spi or a working Signature subclass
241 NoSuchAlgorithmException failure;
242 do {
243 Service s = t.next();
244 if (isSpi(s)) {
245 return new Delegate(s, t, algorithm);
246 } else {
247 // must be a subclass of Signature, disable dynamic selection
248 try {
249 Instance instance =
250 GetInstance.getInstance(s, SignatureSpi.class);
251 return getInstance(instance, algorithm);
252 } catch (NoSuchAlgorithmException e) {
253 failure = e;
254 }
255 }
256 } while (t.hasNext());
257 throw failure;
258 }
259
260 private static Signature getInstance(Instance instance, String algorithm) {
261 Signature sig;
262 if (instance.impl instanceof Signature) {
263 sig = (Signature)instance.impl;
264 sig.algorithm = algorithm;
265 } else {
266 SignatureSpi spi = (SignatureSpi)instance.impl;
267 sig = new Delegate(spi, algorithm);
268 }
269 sig.provider = instance.provider;
270 return sig;
271 }
272
273 private static final Map<String,Boolean> signatureInfo;
274
275 static {
276 signatureInfo = new ConcurrentHashMap<>();
277 Boolean TRUE = Boolean.TRUE;
278 // pre-initialize with values for our SignatureSpi implementations
279 signatureInfo.put("sun.security.provider.DSA$RawDSA", TRUE);
280 signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", TRUE);
281 signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", TRUE);
282 signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", TRUE);
283 signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", TRUE);
284 signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE);
285 signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
286 signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
287 signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
288 signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
289 }
290
291 private static boolean isSpi(Service s) {
292 if (s.getType().equals("Cipher")) {
293 // must be a CipherSpi, which we can wrap with the CipherAdapter
294 return true;
295 }
296 String className = s.getClassName();
297 Boolean result = signatureInfo.get(className);
298 if (result == null) {
299 try {
300 Object instance = s.newInstance(null);
301 // Signature extends SignatureSpi
302 // so it is a "real" Spi if it is an
303 // instance of SignatureSpi but not Signature
304 boolean r = (instance instanceof SignatureSpi)
305 && (instance instanceof Signature == false);
306 if ((debug != null) && (r == false)) {
307 debug.println("Not a SignatureSpi " + className);
308 debug.println("Delayed provider selection may not be "
309 + "available for algorithm " + s.getAlgorithm());
310 }
311 result = Boolean.valueOf(r);
312 signatureInfo.put(className, result);
313 } catch (Exception e) {
314 // something is wrong, assume not an SPI
315 return false;
316 }
317 }
318 return result.booleanValue();
319 }
320
321 /**
322 * Returns a Signature object that implements the specified signature
323 * algorithm.
324 *
325 * <p> A new Signature object encapsulating the
326 * SignatureSpi implementation from the specified provider
327 * is returned. The specified provider must be registered
328 * in the security provider list.
329 *
330 * <p> Note that the list of registered providers may be retrieved via
331 * the {@link Security#getProviders() Security.getProviders()} method.
332 *
333 * @param algorithm the name of the algorithm requested.
334 * See the Signature section in the <a href=
335 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
336 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
337 * for information about standard algorithm names.
338 *
339 * @param provider the name of the provider.
340 *
341 * @return the new {@code Signature} object
342 *
343 * @throws IllegalArgumentException if the provider name is {@code null}
344 * or empty
345 *
346 * @throws NoSuchAlgorithmException if a {@code SignatureSpi}
347 * implementation for the specified algorithm is not
348 * available from the specified provider
349 *
350 * @throws NoSuchProviderException if the specified provider is not
351 * registered in the security provider list
352 *
353 * @throws NullPointerException if {@code algorithm} is {@code null}
354 *
355 * @see Provider
356 */
357 public static Signature getInstance(String algorithm, String provider)
358 throws NoSuchAlgorithmException, NoSuchProviderException {
359 Objects.requireNonNull(algorithm, "null algorithm name");
360 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
361 // exception compatibility with existing code
362 if ((provider == null) || (provider.length() == 0)) {
363 throw new IllegalArgumentException("missing provider");
364 }
365 Provider p = Security.getProvider(provider);
366 if (p == null) {
367 throw new NoSuchProviderException
368 ("no such provider: " + provider);
369 }
370 return getInstanceRSA(p);
371 }
372 Instance instance = GetInstance.getInstance
373 ("Signature", SignatureSpi.class, algorithm, provider);
374 return getInstance(instance, algorithm);
375 }
376
377 /**
378 * Returns a Signature object that implements the specified
379 * signature algorithm.
380 *
381 * <p> A new Signature object encapsulating the
382 * SignatureSpi implementation from the specified Provider
383 * object is returned. Note that the specified Provider object
384 * does not have to be registered in the provider list.
385 *
386 * @param algorithm the name of the algorithm requested.
387 * See the Signature section in the <a href=
388 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
389 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
390 * for information about standard algorithm names.
391 *
392 * @param provider the provider.
393 *
394 * @return the new {@code Signature} object
395 *
396 * @throws IllegalArgumentException if the provider is {@code null}
397 *
398 * @throws NoSuchAlgorithmException if a {@code SignatureSpi}
399 * implementation for the specified algorithm is not available
400 * from the specified {@code Provider} object
401 *
402 * @throws NullPointerException if {@code algorithm} is {@code null}
403 *
404 * @see Provider
405 *
406 * @since 1.4
407 */
408 public static Signature getInstance(String algorithm, Provider provider)
409 throws NoSuchAlgorithmException {
410 Objects.requireNonNull(algorithm, "null algorithm name");
411 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
412 // exception compatibility with existing code
413 if (provider == null) {
414 throw new IllegalArgumentException("missing provider");
415 }
416 return getInstanceRSA(provider);
417 }
418 Instance instance = GetInstance.getInstance
419 ("Signature", SignatureSpi.class, algorithm, provider);
420 return getInstance(instance, algorithm);
421 }
422
423 // return an implementation for NONEwithRSA, which is a special case
424 // because of the Cipher.RSA/ECB/PKCS1Padding compatibility wrapper
425 private static Signature getInstanceRSA(Provider p)
426 throws NoSuchAlgorithmException {
427 // try Signature first
428 Service s = p.getService("Signature", RSA_SIGNATURE);
429 if (s != null) {
430 Instance instance = GetInstance.getInstance(s, SignatureSpi.class);
431 return getInstance(instance, RSA_SIGNATURE);
432 }
433 // check Cipher
434 try {
435 Cipher c = Cipher.getInstance(RSA_CIPHER, p);
436 return new Delegate(new CipherAdapter(c), RSA_SIGNATURE);
437 } catch (GeneralSecurityException e) {
438 // throw Signature style exception message to avoid confusion,
439 // but append Cipher exception as cause
440 throw new NoSuchAlgorithmException("no such algorithm: "
441 + RSA_SIGNATURE + " for provider " + p.getName(), e);
442 }
443 }
444
445 /**
446 * Returns the provider of this signature object.
447 *
448 * @return the provider of this signature object
449 */
450 public final Provider getProvider() {
451 chooseFirstProvider();
452 return this.provider;
453 }
454
455 void chooseFirstProvider() {
456 // empty, overridden in Delegate
457 }
458
459 /**
460 * Initializes this object for verification. If this method is called
461 * again with a different argument, it negates the effect
462 * of this call.
463 *
464 * @param publicKey the public key of the identity whose signature is
465 * going to be verified.
466 *
467 * @exception InvalidKeyException if the key is invalid.
468 */
469 public final void initVerify(PublicKey publicKey)
470 throws InvalidKeyException {
471 engineInitVerify(publicKey);
472 state = VERIFY;
473
474 if (!skipDebug && pdebug != null) {
475 pdebug.println("Signature." + algorithm +
476 " verification algorithm from: " + this.provider.getName());
477 }
478 }
479
480 /**
481 * Initializes this object for verification, using the public key from
482 * the given certificate.
483 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
484 * extension field marked as critical, and the value of the <i>key usage</i>
485 * extension field implies that the public key in
486 * the certificate and its corresponding private key are not
487 * supposed to be used for digital signatures, an
488 * {@code InvalidKeyException} is thrown.
489 *
490 * @param certificate the certificate of the identity whose signature is
491 * going to be verified.
492 *
493 * @exception InvalidKeyException if the public key in the certificate
494 * is not encoded properly or does not include required parameter
495 * information or cannot be used for digital signature purposes.
496 * @since 1.3
497 */
498 public final void initVerify(Certificate certificate)
499 throws InvalidKeyException {
500 // If the certificate is of type X509Certificate,
501 // we should check whether it has a Key Usage
502 // extension marked as critical.
503 if (certificate instanceof java.security.cert.X509Certificate) {
504 // Check whether the cert has a key usage extension
505 // marked as a critical extension.
506 // The OID for KeyUsage extension is 2.5.29.15.
507 X509Certificate cert = (X509Certificate)certificate;
508 Set<String> critSet = cert.getCriticalExtensionOIDs();
509
510 if (critSet != null && !critSet.isEmpty()
511 && critSet.contains("2.5.29.15")) {
512 boolean[] keyUsageInfo = cert.getKeyUsage();
513 // keyUsageInfo[0] is for digitalSignature.
514 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
515 throw new InvalidKeyException("Wrong key usage");
516 }
517 }
518
519 PublicKey publicKey = certificate.getPublicKey();
520 engineInitVerify(publicKey);
521 state = VERIFY;
522
523 if (!skipDebug && pdebug != null) {
524 pdebug.println("Signature." + algorithm +
525 " verification algorithm from: " + this.provider.getName());
526 }
527 }
528
529 /**
530 * Initialize this object for signing. If this method is called
531 * again with a different argument, it negates the effect
532 * of this call.
533 *
534 * @param privateKey the private key of the identity whose signature
535 * is going to be generated.
536 *
537 * @exception InvalidKeyException if the key is invalid.
538 */
539 public final void initSign(PrivateKey privateKey)
540 throws InvalidKeyException {
541 engineInitSign(privateKey);
542 state = SIGN;
543
544 if (!skipDebug && pdebug != null) {
545 pdebug.println("Signature." + algorithm +
546 " signing algorithm from: " + this.provider.getName());
547 }
548 }
549
550 /**
551 * Initialize this object for signing. If this method is called
552 * again with a different argument, it negates the effect
553 * of this call.
554 *
555 * @param privateKey the private key of the identity whose signature
556 * is going to be generated.
557 *
558 * @param random the source of randomness for this signature.
559 *
560 * @exception InvalidKeyException if the key is invalid.
561 */
562 public final void initSign(PrivateKey privateKey, SecureRandom random)
563 throws InvalidKeyException {
564 engineInitSign(privateKey, random);
565 state = SIGN;
566
567 if (!skipDebug && pdebug != null) {
568 pdebug.println("Signature." + algorithm +
569 " signing algorithm from: " + this.provider.getName());
570 }
571 }
572
573 /**
574 * Returns the signature bytes of all the data updated.
575 * The format of the signature depends on the underlying
576 * signature scheme.
577 *
578 * <p>A call to this method resets this signature object to the state
579 * it was in when previously initialized for signing via a
580 * call to {@code initSign(PrivateKey)}. That is, the object is
581 * reset and available to generate another signature from the same
582 * signer, if desired, via new calls to {@code update} and
583 * {@code sign}.
584 *
585 * @return the signature bytes of the signing operation's result.
586 *
587 * @exception SignatureException if this signature object is not
588 * initialized properly or if this signature algorithm is unable to
589 * process the input data provided.
590 */
591 public final byte[] sign() throws SignatureException {
592 if (state == SIGN) {
593 return engineSign();
594 }
595 throw new SignatureException("object not initialized for " +
596 "signing");
597 }
598
599 /**
600 * Finishes the signature operation and stores the resulting signature
601 * bytes in the provided buffer {@code outbuf}, starting at
602 * {@code offset}.
603 * The format of the signature depends on the underlying
604 * signature scheme.
605 *
606 * <p>This signature object is reset to its initial state (the state it
607 * was in after a call to one of the {@code initSign} methods) and
608 * can be reused to generate further signatures with the same private key.
609 *
610 * @param outbuf buffer for the signature result.
611 *
612 * @param offset offset into {@code outbuf} where the signature is
613 * stored.
614 *
615 * @param len number of bytes within {@code outbuf} allotted for the
616 * signature.
617 *
618 * @return the number of bytes placed into {@code outbuf}.
619 *
620 * @exception SignatureException if this signature object is not
621 * initialized properly, if this signature algorithm is unable to
622 * process the input data provided, or if {@code len} is less
623 * than the actual signature length.
624 * @exception IllegalArgumentException if {@code outbuf} is {@code null},
625 * or {@code offset} or {@code len} is less than 0, or the sum of
626 * {@code offset} and {@code len} is greater than the length of
627 * {@code outbuf}.
628 *
629 * @since 1.2
630 */
631 public final int sign(byte[] outbuf, int offset, int len)
632 throws SignatureException {
633 if (outbuf == null) {
634 throw new IllegalArgumentException("No output buffer given");
635 }
636 if (offset < 0 || len < 0) {
637 throw new IllegalArgumentException("offset or len is less than 0");
638 }
639 if (outbuf.length - offset < len) {
640 throw new IllegalArgumentException
641 ("Output buffer too small for specified offset and length");
642 }
643 if (state != SIGN) {
644 throw new SignatureException("object not initialized for " +
645 "signing");
646 }
647 return engineSign(outbuf, offset, len);
648 }
649
650 /**
651 * Verifies the passed-in signature.
652 *
653 * <p>A call to this method resets this signature object to the state
654 * it was in when previously initialized for verification via a
655 * call to {@code initVerify(PublicKey)}. That is, the object is
656 * reset and available to verify another signature from the identity
657 * whose public key was specified in the call to {@code initVerify}.
658 *
659 * @param signature the signature bytes to be verified.
660 *
661 * @return true if the signature was verified, false if not.
662 *
663 * @exception SignatureException if this signature object is not
664 * initialized properly, the passed-in signature is improperly
665 * encoded or of the wrong type, if this signature algorithm is unable to
666 * process the input data provided, etc.
667 */
668 public final boolean verify(byte[] signature) throws SignatureException {
669 if (state == VERIFY) {
670 return engineVerify(signature);
671 }
672 throw new SignatureException("object not initialized for " +
673 "verification");
674 }
675
676 /**
677 * Verifies the passed-in signature in the specified array
678 * of bytes, starting at the specified offset.
679 *
680 * <p>A call to this method resets this signature object to the state
681 * it was in when previously initialized for verification via a
682 * call to {@code initVerify(PublicKey)}. That is, the object is
683 * reset and available to verify another signature from the identity
684 * whose public key was specified in the call to {@code initVerify}.
685 *
686 *
687 * @param signature the signature bytes to be verified.
688 * @param offset the offset to start from in the array of bytes.
689 * @param length the number of bytes to use, starting at offset.
690 *
691 * @return true if the signature was verified, false if not.
692 *
693 * @exception SignatureException if this signature object is not
694 * initialized properly, the passed-in signature is improperly
695 * encoded or of the wrong type, if this signature algorithm is unable to
696 * process the input data provided, etc.
697 * @exception IllegalArgumentException if the {@code signature}
698 * byte array is null, or the {@code offset} or {@code length}
699 * is less than 0, or the sum of the {@code offset} and
700 * {@code length} is greater than the length of the
701 * {@code signature} byte array.
702 * @since 1.4
703 */
704 public final boolean verify(byte[] signature, int offset, int length)
705 throws SignatureException {
706 if (state == VERIFY) {
707 if (signature == null) {
708 throw new IllegalArgumentException("signature is null");
709 }
710 if (offset < 0 || length < 0) {
711 throw new IllegalArgumentException
712 ("offset or length is less than 0");
713 }
714 if (signature.length - offset < length) {
715 throw new IllegalArgumentException
716 ("signature too small for specified offset and length");
717 }
718
719 return engineVerify(signature, offset, length);
720 }
721 throw new SignatureException("object not initialized for " +
722 "verification");
723 }
724
725 /**
726 * Updates the data to be signed or verified by a byte.
727 *
728 * @param b the byte to use for the update.
729 *
730 * @exception SignatureException if this signature object is not
731 * initialized properly.
732 */
733 public final void update(byte b) throws SignatureException {
734 if (state == VERIFY || state == SIGN) {
735 engineUpdate(b);
736 } else {
737 throw new SignatureException("object not initialized for "
738 + "signature or verification");
739 }
740 }
741
742 /**
743 * Updates the data to be signed or verified, using the specified
744 * array of bytes.
745 *
746 * @param data the byte array to use for the update.
747 *
748 * @exception SignatureException if this signature object is not
749 * initialized properly.
750 */
751 public final void update(byte[] data) throws SignatureException {
752 update(data, 0, data.length);
753 }
754
755 /**
756 * Updates the data to be signed or verified, using the specified
757 * array of bytes, starting at the specified offset.
758 *
759 * @param data the array of bytes.
760 * @param off the offset to start from in the array of bytes.
761 * @param len the number of bytes to use, starting at offset.
762 *
763 * @exception SignatureException if this signature object is not
764 * initialized properly.
765 * @exception IllegalArgumentException if {@code data} is {@code null},
766 * or {@code off} or {@code len} is less than 0, or the sum of
767 * {@code off} and {@code len} is greater than the length of
768 * {@code data}.
769 */
770 public final void update(byte[] data, int off, int len)
771 throws SignatureException {
772 if (state == SIGN || state == VERIFY) {
773 if (data == null) {
774 throw new IllegalArgumentException("data is null");
775 }
776 if (off < 0 || len < 0) {
777 throw new IllegalArgumentException("off or len is less than 0");
778 }
779 if (data.length - off < len) {
780 throw new IllegalArgumentException
781 ("data too small for specified offset and length");
782 }
783 engineUpdate(data, off, len);
784 } else {
785 throw new SignatureException("object not initialized for "
786 + "signature or verification");
787 }
788 }
789
790 /**
791 * Updates the data to be signed or verified using the specified
792 * ByteBuffer. Processes the {@code data.remaining()} bytes
793 * starting at {@code data.position()}.
794 * Upon return, the buffer's position will be equal to its limit;
795 * its limit will not have changed.
796 *
797 * @param data the ByteBuffer
798 *
799 * @exception SignatureException if this signature object is not
800 * initialized properly.
801 * @since 1.5
802 */
803 public final void update(ByteBuffer data) throws SignatureException {
804 if ((state != SIGN) && (state != VERIFY)) {
805 throw new SignatureException("object not initialized for "
806 + "signature or verification");
807 }
808 if (data == null) {
809 throw new NullPointerException();
810 }
811 engineUpdate(data);
812 }
813
814 /**
815 * Returns the name of the algorithm for this signature object.
816 *
817 * @return the name of the algorithm for this signature object.
818 */
819 public final String getAlgorithm() {
820 return this.algorithm;
821 }
822
823 /**
824 * Returns a string representation of this signature object,
825 * providing information that includes the state of the object
826 * and the name of the algorithm used.
827 *
828 * @return a string representation of this signature object.
829 */
830 public String toString() {
831 String initState = "";
832 switch (state) {
833 case UNINITIALIZED:
834 initState = "<not initialized>";
835 break;
836 case VERIFY:
837 initState = "<initialized for verifying>";
838 break;
839 case SIGN:
840 initState = "<initialized for signing>";
841 break;
842 }
843 return "Signature object: " + getAlgorithm() + initState;
844 }
845
846 /**
847 * Sets the specified algorithm parameter to the specified value.
848 * This method supplies a general-purpose mechanism through
849 * which it is possible to set the various parameters of this object.
850 * A parameter may be any settable parameter for the algorithm, such as
851 * a parameter size, or a source of random bits for signature generation
852 * (if appropriate), or an indication of whether or not to perform
853 * a specific but optional computation. A uniform algorithm-specific
854 * naming scheme for each parameter is desirable but left unspecified
855 * at this time.
856 *
857 * @param param the string identifier of the parameter.
858 * @param value the parameter value.
859 *
860 * @exception InvalidParameterException if {@code param} is an
861 * invalid parameter for this signature algorithm engine,
862 * the parameter is already set
863 * and cannot be set again, a security exception occurs, and so on.
864 *
865 * @see #getParameter
866 *
867 * @deprecated Use
868 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
869 * setParameter}.
870 */
871 @Deprecated
872 public final void setParameter(String param, Object value)
873 throws InvalidParameterException {
874 engineSetParameter(param, value);
875 }
876
877 /**
878 * Initializes this signature engine with the specified parameter set.
879 *
880 * @param params the parameters
881 *
882 * @exception InvalidAlgorithmParameterException if the given parameters
883 * are inappropriate for this signature engine
884 *
885 * @see #getParameters
886 */
887 public final void setParameter(AlgorithmParameterSpec params)
888 throws InvalidAlgorithmParameterException {
889 engineSetParameter(params);
890 }
891
892 /**
893 * Returns the parameters used with this signature object.
894 *
895 * <p>The returned parameters may be the same that were used to initialize
896 * this signature, or may contain a combination of default and randomly
897 * generated parameter values used by the underlying signature
898 * implementation if this signature requires algorithm parameters but
899 * was not initialized with any.
900 *
901 * @return the parameters used with this signature, or null if this
902 * signature does not use any parameters.
903 *
904 * @see #setParameter(AlgorithmParameterSpec)
905 * @since 1.4
906 */
907 public final AlgorithmParameters getParameters() {
908 return engineGetParameters();
909 }
910
911 /**
912 * Gets the value of the specified algorithm parameter. This method
913 * supplies a general-purpose mechanism through which it is possible to
914 * get the various parameters of this object. A parameter may be any
915 * settable parameter for the algorithm, such as a parameter size, or
916 * a source of random bits for signature generation (if appropriate),
917 * or an indication of whether or not to perform a specific but optional
918 * computation. A uniform algorithm-specific naming scheme for each
919 * parameter is desirable but left unspecified at this time.
920 *
921 * @param param the string name of the parameter.
922 *
923 * @return the object that represents the parameter value, or null if
924 * there is none.
925 *
926 * @exception InvalidParameterException if {@code param} is an invalid
927 * parameter for this engine, or another exception occurs while
928 * trying to get this parameter.
929 *
930 * @see #setParameter(String, Object)
931 *
932 * @deprecated
933 */
934 @Deprecated
935 public final Object getParameter(String param)
936 throws InvalidParameterException {
937 return engineGetParameter(param);
938 }
939
940 /**
941 * Returns a clone if the implementation is cloneable.
942 *
943 * @return a clone if the implementation is cloneable.
944 *
945 * @exception CloneNotSupportedException if this is called
946 * on an implementation that does not support {@code Cloneable}.
947 */
948 public Object clone() throws CloneNotSupportedException {
949 if (this instanceof Cloneable) {
950 return super.clone();
951 } else {
952 throw new CloneNotSupportedException();
953 }
954 }
955
956 /*
957 * The following class allows providers to extend from SignatureSpi
958 * rather than from Signature. It represents a Signature with an
959 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
960 * If the provider implementation is an instance of SignatureSpi, the
961 * getInstance() methods above return an instance of this class, with
962 * the SPI object encapsulated.
963 *
964 * Note: All SPI methods from the original Signature class have been
965 * moved up the hierarchy into a new class (SignatureSpi), which has
966 * been interposed in the hierarchy between the API (Signature)
967 * and its original parent (Object).
968 */
969
970 @SuppressWarnings("deprecation")
971 private static class Delegate extends Signature {
972
973 // The provider implementation (delegate)
974 // filled in once the provider is selected
975 private SignatureSpi sigSpi;
976
977 // lock for mutex during provider selection
978 private final Object lock;
979
980 // next service to try in provider selection
981 // null once provider is selected
982 private Service firstService;
983
984 // remaining services to try in provider selection
985 // null once provider is selected
986 private Iterator<Service> serviceIterator;
987
988 // constructor
989 Delegate(SignatureSpi sigSpi, String algorithm) {
990 super(algorithm);
991 this.sigSpi = sigSpi;
992 this.lock = null; // no lock needed
993 }
994
995 // used with delayed provider selection
996 Delegate(Service service,
997 Iterator<Service> iterator, String algorithm) {
998 super(algorithm);
999 this.firstService = service;
1000 this.serviceIterator = iterator;
1001 this.lock = new Object();
1002 }
1003
1004 /**
1005 * Returns a clone if the delegate is cloneable.
1006 *
1007 * @return a clone if the delegate is cloneable.
1008 *
1009 * @exception CloneNotSupportedException if this is called on a
1010 * delegate that does not support {@code Cloneable}.
1011 */
1012 public Object clone() throws CloneNotSupportedException {
1013 chooseFirstProvider();
1014 if (sigSpi instanceof Cloneable) {
1015 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
1016 // Because 'algorithm' and 'provider' are private
1017 // members of our supertype, we must perform a cast to
1018 // access them.
1019 Signature that =
1020 new Delegate(sigSpiClone, ((Signature)this).algorithm);
1021 that.provider = ((Signature)this).provider;
1022 return that;
1023 } else {
1024 throw new CloneNotSupportedException();
1025 }
1026 }
1027
1028 private static SignatureSpi newInstance(Service s)
1029 throws NoSuchAlgorithmException {
1030 if (s.getType().equals("Cipher")) {
1031 // must be NONEwithRSA
1032 try {
1033 Cipher c = Cipher.getInstance(RSA_CIPHER, s.getProvider());
1034 return new CipherAdapter(c);
1035 } catch (NoSuchPaddingException e) {
1036 throw new NoSuchAlgorithmException(e);
1037 }
1038 } else {
1039 Object o = s.newInstance(null);
1040 if (o instanceof SignatureSpi == false) {
1041 throw new NoSuchAlgorithmException
1042 ("Not a SignatureSpi: " + o.getClass().getName());
1043 }
1044 return (SignatureSpi)o;
1045 }
1046 }
1047
1048 // max number of debug warnings to print from chooseFirstProvider()
1049 private static int warnCount = 10;
1050
1051 /**
1052 * Choose the Spi from the first provider available. Used if
1053 * delayed provider selection is not possible because initSign()/
1054 * initVerify() is not the first method called.
1055 */
1056 void chooseFirstProvider() {
1057 if (sigSpi != null) {
1058 return;
1059 }
1060 synchronized (lock) {
1061 if (sigSpi != null) {
1062 return;
1063 }
1064 if (debug != null) {
1065 int w = --warnCount;
1066 if (w >= 0) {
1067 debug.println("Signature.init() not first method "
1068 + "called, disabling delayed provider selection");
1069 if (w == 0) {
1070 debug.println("Further warnings of this type will "
1071 + "be suppressed");
1072 }
1073 new Exception("Call trace").printStackTrace();
1074 }
1075 }
1076 Exception lastException = null;
1077 while ((firstService != null) || serviceIterator.hasNext()) {
1078 Service s;
1079 if (firstService != null) {
1080 s = firstService;
1081 firstService = null;
1082 } else {
1083 s = serviceIterator.next();
1084 }
1085 if (isSpi(s) == false) {
1086 continue;
1087 }
1088 try {
1089 sigSpi = newInstance(s);
1090 provider = s.getProvider();
1091 // not needed any more
1092 firstService = null;
1093 serviceIterator = null;
1094 return;
1095 } catch (NoSuchAlgorithmException e) {
1096 lastException = e;
1097 }
1098 }
1099 ProviderException e = new ProviderException
1100 ("Could not construct SignatureSpi instance");
1101 if (lastException != null) {
1102 e.initCause(lastException);
1103 }
1104 throw e;
1105 }
1106 }
1107
1108 private void chooseProvider(int type, Key key, SecureRandom random)
1109 throws InvalidKeyException {
1110 synchronized (lock) {
1111 if (sigSpi != null) {
1112 init(sigSpi, type, key, random);
1113 return;
1114 }
1115 Exception lastException = null;
1116 while ((firstService != null) || serviceIterator.hasNext()) {
1117 Service s;
1118 if (firstService != null) {
1119 s = firstService;
1120 firstService = null;
1121 } else {
1122 s = serviceIterator.next();
1123 }
1124 // if provider says it does not support this key, ignore it
1125 if (s.supportsParameter(key) == false) {
1126 continue;
1127 }
1128 // if instance is not a SignatureSpi, ignore it
1129 if (isSpi(s) == false) {
1130 continue;
1131 }
1132 try {
1133 SignatureSpi spi = newInstance(s);
1134 init(spi, type, key, random);
1135 provider = s.getProvider();
1136 sigSpi = spi;
1137 firstService = null;
1138 serviceIterator = null;
1139 return;
1140 } catch (Exception e) {
1141 // NoSuchAlgorithmException from newInstance()
1142 // InvalidKeyException from init()
1143 // RuntimeException (ProviderException) from init()
1144 if (lastException == null) {
1145 lastException = e;
1146 }
1147 }
1148 }
1149 // no working provider found, fail
1150 if (lastException instanceof InvalidKeyException) {
1151 throw (InvalidKeyException)lastException;
1152 }
1153 if (lastException instanceof RuntimeException) {
1154 throw (RuntimeException)lastException;
1155 }
1156 String k = (key != null) ? key.getClass().getName() : "(null)";
1157 throw new InvalidKeyException
1158 ("No installed provider supports this key: "
1159 + k, lastException);
1160 }
1161 }
1162
1163 private static final int I_PUB = 1;
1164 private static final int I_PRIV = 2;
1165 private static final int I_PRIV_SR = 3;
1166
1167 private void init(SignatureSpi spi, int type, Key key,
1168 SecureRandom random) throws InvalidKeyException {
1169 switch (type) {
1170 case I_PUB:
1171 spi.engineInitVerify((PublicKey)key);
1172 break;
1173 case I_PRIV:
1174 spi.engineInitSign((PrivateKey)key);
1175 break;
1176 case I_PRIV_SR:
1177 spi.engineInitSign((PrivateKey)key, random);
1178 break;
1179 default:
1180 throw new AssertionError("Internal error: " + type);
1181 }
1182 }
1183
1184 protected void engineInitVerify(PublicKey publicKey)
1185 throws InvalidKeyException {
1186 if (sigSpi != null) {
1187 sigSpi.engineInitVerify(publicKey);
1188 } else {
1189 chooseProvider(I_PUB, publicKey, null);
1190 }
1191 }
1192
1193 protected void engineInitSign(PrivateKey privateKey)
1194 throws InvalidKeyException {
1195 if (sigSpi != null) {
1196 sigSpi.engineInitSign(privateKey);
1197 } else {
1198 chooseProvider(I_PRIV, privateKey, null);
1199 }
1200 }
1201
1202 protected void engineInitSign(PrivateKey privateKey, SecureRandom sr)
1203 throws InvalidKeyException {
1204 if (sigSpi != null) {
1205 sigSpi.engineInitSign(privateKey, sr);
1206 } else {
1207 chooseProvider(I_PRIV_SR, privateKey, sr);
1208 }
1209 }
1210
1211 protected void engineUpdate(byte b) throws SignatureException {
1212 chooseFirstProvider();
1213 sigSpi.engineUpdate(b);
1214 }
1215
1216 protected void engineUpdate(byte[] b, int off, int len)
1217 throws SignatureException {
1218 chooseFirstProvider();
1219 sigSpi.engineUpdate(b, off, len);
1220 }
1221
1222 protected void engineUpdate(ByteBuffer data) {
1223 chooseFirstProvider();
1224 sigSpi.engineUpdate(data);
1225 }
1226
1227 protected byte[] engineSign() throws SignatureException {
1228 chooseFirstProvider();
1229 return sigSpi.engineSign();
1230 }
1231
1232 protected int engineSign(byte[] outbuf, int offset, int len)
1233 throws SignatureException {
1234 chooseFirstProvider();
1235 return sigSpi.engineSign(outbuf, offset, len);
1236 }
1237
1238 protected boolean engineVerify(byte[] sigBytes)
1239 throws SignatureException {
1240 chooseFirstProvider();
1241 return sigSpi.engineVerify(sigBytes);
1242 }
1243
1244 protected boolean engineVerify(byte[] sigBytes, int offset, int length)
1245 throws SignatureException {
1246 chooseFirstProvider();
1247 return sigSpi.engineVerify(sigBytes, offset, length);
1248 }
1249
1250 protected void engineSetParameter(String param, Object value)
1251 throws InvalidParameterException {
1252 chooseFirstProvider();
1253 sigSpi.engineSetParameter(param, value);
1254 }
1255
1256 protected void engineSetParameter(AlgorithmParameterSpec params)
1257 throws InvalidAlgorithmParameterException {
1258 chooseFirstProvider();
1259 sigSpi.engineSetParameter(params);
1260 }
1261
1262 protected Object engineGetParameter(String param)
1263 throws InvalidParameterException {
1264 chooseFirstProvider();
1265 return sigSpi.engineGetParameter(param);
1266 }
1267
1268 protected AlgorithmParameters engineGetParameters() {
1269 chooseFirstProvider();
1270 return sigSpi.engineGetParameters();
1271 }
1272 }
1273
1274 // adapter for RSA/ECB/PKCS1Padding ciphers
1275 @SuppressWarnings("deprecation")
1276 private static class CipherAdapter extends SignatureSpi {
1277
1278 private final Cipher cipher;
1279
1280 private ByteArrayOutputStream data;
1281
1282 CipherAdapter(Cipher cipher) {
1283 this.cipher = cipher;
1284 }
1285
1286 protected void engineInitVerify(PublicKey publicKey)
1287 throws InvalidKeyException {
1288 cipher.init(Cipher.DECRYPT_MODE, publicKey);
1289 if (data == null) {
1290 data = new ByteArrayOutputStream(128);
1291 } else {
1292 data.reset();
1293 }
1294 }
1295
1296 protected void engineInitSign(PrivateKey privateKey)
1297 throws InvalidKeyException {
1298 cipher.init(Cipher.ENCRYPT_MODE, privateKey);
1299 data = null;
1300 }
1301
1302 protected void engineInitSign(PrivateKey privateKey,
1303 SecureRandom random) throws InvalidKeyException {
1304 cipher.init(Cipher.ENCRYPT_MODE, privateKey, random);
1305 data = null;
1306 }
1307
1308 protected void engineUpdate(byte b) throws SignatureException {
1309 engineUpdate(new byte[] {b}, 0, 1);
1310 }
1311
1312 protected void engineUpdate(byte[] b, int off, int len)
1313 throws SignatureException {
1314 if (data != null) {
1315 data.write(b, off, len);
1316 return;
1317 }
1318 byte[] out = cipher.update(b, off, len);
1319 if ((out != null) && (out.length != 0)) {
1320 throw new SignatureException
1321 ("Cipher unexpectedly returned data");
1322 }
1323 }
1324
1325 protected byte[] engineSign() throws SignatureException {
1326 try {
1327 return cipher.doFinal();
1328 } catch (IllegalBlockSizeException e) {
1329 throw new SignatureException("doFinal() failed", e);
1330 } catch (BadPaddingException e) {
1331 throw new SignatureException("doFinal() failed", e);
1332 }
1333 }
1334
1335 protected boolean engineVerify(byte[] sigBytes)
1336 throws SignatureException {
1337 try {
1338 byte[] out = cipher.doFinal(sigBytes);
1339 byte[] dataBytes = data.toByteArray();
1340 data.reset();
1341 return MessageDigest.isEqual(out, dataBytes);
1342 } catch (BadPaddingException e) {
1343 // e.g. wrong public key used
1344 // return false rather than throwing exception
1345 return false;
1346 } catch (IllegalBlockSizeException e) {
1347 throw new SignatureException("doFinal() failed", e);
1348 }
1349 }
1350
1351 protected void engineSetParameter(String param, Object value)
1352 throws InvalidParameterException {
1353 throw new InvalidParameterException("Parameters not supported");
1354 }
1355
1356 protected Object engineGetParameter(String param)
1357 throws InvalidParameterException {
1358 throw new InvalidParameterException("Parameters not supported");
1359 }
1360
1361 }
1362
1363 }