1 /*
2 * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.security.spec.AlgorithmParameterSpec;
29 import java.util.*;
30 import java.util.concurrent.ConcurrentHashMap;
31 import java.io.*;
32 import java.security.cert.Certificate;
33 import java.security.cert.X509Certificate;
34
35 import java.nio.ByteBuffer;
36
37 import java.security.Provider.Service;
38
39 import javax.crypto.Cipher;
40 import javax.crypto.IllegalBlockSizeException;
41 import javax.crypto.BadPaddingException;
42 import javax.crypto.NoSuchPaddingException;
43
44 import sun.security.util.Debug;
45 import sun.security.jca.*;
46 import sun.security.jca.GetInstance.Instance;
47
48 /**
49 * The Signature class is used to provide applications the functionality
50 * of a digital signature algorithm. Digital signatures are used for
51 * authentication and integrity assurance of digital data.
52 *
53 * <p> The signature algorithm can be, among others, the NIST standard
54 * DSA, using DSA and SHA-1. The DSA algorithm using the
55 * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}.
56 * In the case of RSA, there are multiple choices for the message digest
57 * algorithm, so the signing algorithm could be specified as, for example,
58 * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}.
59 * The algorithm name must be specified, as there is no default.
60 *
61 * <p> A Signature object can be used to generate and verify digital
62 * signatures.
63 *
64 * <p> There are three phases to the use of a Signature object for
65 * either signing data or verifying a signature:<ol>
66 *
67 * <li>Initialization, with either
68 *
69 * <ul>
70 *
71 * <li>a public key, which initializes the signature for
72 * verification (see {@link #initVerify(PublicKey) initVerify}), or
73 *
74 * <li>a private key (and optionally a Secure Random Number Generator),
75 * which initializes the signature for signing
76 * (see {@link #initSign(PrivateKey)}
77 * and {@link #initSign(PrivateKey, SecureRandom)}).
78 *
79 * </ul>
80 *
81 * <li>Updating
82 *
83 * <p>Depending on the type of initialization, this will update the
84 * bytes to be signed or verified. See the
85 * {@link #update(byte) update} methods.
86 *
87 * <li>Signing or Verifying a signature on all updated bytes. See the
88 * {@link #sign() sign} methods and the {@link #verify(byte[]) verify}
89 * method.
90 *
91 * </ol>
92 *
93 * <p>Note that this class is abstract and extends from
94 * {@code SignatureSpi} for historical reasons.
95 * Application developers should only take notice of the methods defined in
96 * this {@code Signature} class; all the methods in
97 * the superclass are intended for cryptographic service providers who wish to
98 * supply their own implementations of digital signature algorithms.
99 *
100 * <p> Every implementation of the Java platform is required to support the
101 * following standard {@code Signature} algorithms:
102 * <ul>
103 * <li>{@code SHA1withDSA}</li>
104 * <li>{@code SHA256withDSA}</li>
105 * <li>{@code SHA1withRSA}</li>
106 * <li>{@code SHA256withRSA}</li>
107 * </ul>
108 * These algorithms are described in the <a href=
109 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
110 * Signature section</a> of the
111 * Java Cryptography Architecture Standard Algorithm Name Documentation.
112 * Consult the release documentation for your implementation to see if any
113 * other algorithms are supported.
114 *
115 * @author Benjamin Renaud
116 *
117 */
118
119 public abstract class Signature extends SignatureSpi {
120
121 private static final Debug debug =
122 Debug.getInstance("jca", "Signature");
123
124 private static final Debug pdebug =
125 Debug.getInstance("provider", "Provider");
126 private static final boolean skipDebug =
127 Debug.isOn("engine=") && !Debug.isOn("signature");
128
129 /*
130 * The algorithm for this signature object.
131 * This value is used to map an OID to the particular algorithm.
132 * The mapping is done in AlgorithmObject.algOID(String algorithm)
133 */
134 private String algorithm;
135
136 // The provider
137 Provider provider;
138
139 /**
140 * Possible {@link #state} value, signifying that
141 * this signature object has not yet been initialized.
142 */
143 protected static final int UNINITIALIZED = 0;
144
145 /**
146 * Possible {@link #state} value, signifying that
147 * this signature object has been initialized for signing.
148 */
149 protected static final int SIGN = 2;
150
151 /**
152 * Possible {@link #state} value, signifying that
153 * this signature object has been initialized for verification.
154 */
155 protected static final int VERIFY = 3;
156
157 /**
158 * Current state of this signature object.
159 */
160 protected int state = UNINITIALIZED;
161
162 /**
163 * Creates a Signature object for the specified algorithm.
164 *
165 * @param algorithm the standard string name of the algorithm.
166 * See the Signature section in the <a href=
167 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
168 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
169 * for information about standard algorithm names.
170 */
171 protected Signature(String algorithm) {
172 this.algorithm = algorithm;
173 }
174
175 // name of the special signature alg
176 private static final String RSA_SIGNATURE = "NONEwithRSA";
177
178 // name of the equivalent cipher alg
179 private static final String RSA_CIPHER = "RSA/ECB/PKCS1Padding";
180
181 // all the services we need to lookup for compatibility with Cipher
182 private static final List<ServiceId> rsaIds = List.of(
183 new ServiceId("Signature", "NONEwithRSA"),
184 new ServiceId("Cipher", "RSA/ECB/PKCS1Padding"),
185 new ServiceId("Cipher", "RSA/ECB"),
186 new ServiceId("Cipher", "RSA//PKCS1Padding"),
187 new ServiceId("Cipher", "RSA"));
188
189 /**
190 * Returns a Signature object that implements the specified signature
191 * algorithm.
192 *
193 * <p> This method traverses the list of registered security Providers,
194 * starting with the most preferred Provider.
195 * A new Signature object encapsulating the
196 * SignatureSpi implementation from the first
197 * Provider that supports the specified algorithm is returned.
198 *
199 * <p> Note that the list of registered providers may be retrieved via
200 * the {@link Security#getProviders() Security.getProviders()} method.
201 *
202 * @implNote
203 * The JDK Reference Implementation additionally uses the
204 * {@code jdk.security.provider.preferred}
205 * {@link Security#getProperty(String) Security} property to determine
206 * the preferred provider order for the specified algorithm. This
207 * may be different than the order of providers returned by
208 * {@link Security#getProviders() Security.getProviders()}.
209 *
210 * @param algorithm the standard name of the algorithm requested.
211 * See the Signature section in the <a href=
212 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
213 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
214 * for information about standard algorithm names.
215 *
216 * @return the new Signature object.
217 *
218 * @exception NoSuchAlgorithmException if no Provider supports a
219 * Signature implementation for the
220 * specified algorithm.
221 *
222 * @see Provider
223 */
224 public static Signature getInstance(String algorithm)
225 throws NoSuchAlgorithmException {
226 List<Service> list;
227 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
228 list = GetInstance.getServices(rsaIds);
229 } else {
230 list = GetInstance.getServices("Signature", algorithm);
231 }
232 Iterator<Service> t = list.iterator();
233 if (t.hasNext() == false) {
234 throw new NoSuchAlgorithmException
235 (algorithm + " Signature not available");
236 }
237 // try services until we find an Spi or a working Signature subclass
238 NoSuchAlgorithmException failure;
239 do {
240 Service s = t.next();
241 if (isSpi(s)) {
242 return new Delegate(s, t, algorithm);
243 } else {
244 // must be a subclass of Signature, disable dynamic selection
245 try {
246 Instance instance =
247 GetInstance.getInstance(s, SignatureSpi.class);
248 return getInstance(instance, algorithm);
249 } catch (NoSuchAlgorithmException e) {
250 failure = e;
251 }
252 }
253 } while (t.hasNext());
254 throw failure;
255 }
256
257 private static Signature getInstance(Instance instance, String algorithm) {
258 Signature sig;
259 if (instance.impl instanceof Signature) {
260 sig = (Signature)instance.impl;
261 sig.algorithm = algorithm;
262 } else {
263 SignatureSpi spi = (SignatureSpi)instance.impl;
264 sig = new Delegate(spi, algorithm);
265 }
266 sig.provider = instance.provider;
267 return sig;
268 }
269
270 private static final Map<String,Boolean> signatureInfo;
271
272 static {
273 signatureInfo = new ConcurrentHashMap<>();
274 Boolean TRUE = Boolean.TRUE;
275 // pre-initialize with values for our SignatureSpi implementations
276 signatureInfo.put("sun.security.provider.DSA$RawDSA", TRUE);
277 signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", TRUE);
278 signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", TRUE);
279 signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", TRUE);
280 signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", TRUE);
281 signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE);
282 signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
283 signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
284 signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
285 signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
286 }
287
288 private static boolean isSpi(Service s) {
289 if (s.getType().equals("Cipher")) {
290 // must be a CipherSpi, which we can wrap with the CipherAdapter
291 return true;
292 }
293 String className = s.getClassName();
294 Boolean result = signatureInfo.get(className);
295 if (result == null) {
296 try {
297 Object instance = s.newInstance(null);
298 // Signature extends SignatureSpi
299 // so it is a "real" Spi if it is an
300 // instance of SignatureSpi but not Signature
301 boolean r = (instance instanceof SignatureSpi)
302 && (instance instanceof Signature == false);
303 if ((debug != null) && (r == false)) {
304 debug.println("Not a SignatureSpi " + className);
305 debug.println("Delayed provider selection may not be "
306 + "available for algorithm " + s.getAlgorithm());
307 }
308 result = Boolean.valueOf(r);
309 signatureInfo.put(className, result);
310 } catch (Exception e) {
311 // something is wrong, assume not an SPI
312 return false;
313 }
314 }
315 return result.booleanValue();
316 }
317
318 /**
319 * Returns a Signature object that implements the specified signature
320 * algorithm.
321 *
322 * <p> A new Signature object encapsulating the
323 * SignatureSpi implementation from the specified provider
324 * is returned. The specified provider must be registered
325 * in the security provider list.
326 *
327 * <p> Note that the list of registered providers may be retrieved via
328 * the {@link Security#getProviders() Security.getProviders()} method.
329 *
330 * @param algorithm the name of the algorithm requested.
331 * See the Signature section in the <a href=
332 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
333 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
334 * for information about standard algorithm names.
335 *
336 * @param provider the name of the provider.
337 *
338 * @return the new Signature object.
339 *
340 * @exception NoSuchAlgorithmException if a SignatureSpi
341 * implementation for the specified algorithm is not
342 * available from the specified provider.
343 *
344 * @exception NoSuchProviderException if the specified provider is not
345 * registered in the security provider list.
346 *
347 * @exception IllegalArgumentException if the provider name is null
348 * or empty.
349 *
350 * @see Provider
351 */
352 public static Signature getInstance(String algorithm, String provider)
353 throws NoSuchAlgorithmException, NoSuchProviderException {
354 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
355 // exception compatibility with existing code
356 if ((provider == null) || (provider.length() == 0)) {
357 throw new IllegalArgumentException("missing provider");
358 }
359 Provider p = Security.getProvider(provider);
360 if (p == null) {
361 throw new NoSuchProviderException
362 ("no such provider: " + provider);
363 }
364 return getInstanceRSA(p);
365 }
366 Instance instance = GetInstance.getInstance
367 ("Signature", SignatureSpi.class, algorithm, provider);
368 return getInstance(instance, algorithm);
369 }
370
371 /**
372 * Returns a Signature object that implements the specified
373 * signature algorithm.
374 *
375 * <p> A new Signature object encapsulating the
376 * SignatureSpi implementation from the specified Provider
377 * object is returned. Note that the specified Provider object
378 * does not have to be registered in the provider list.
379 *
380 * @param algorithm the name of the algorithm requested.
381 * See the Signature section in the <a href=
382 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
383 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
384 * for information about standard algorithm names.
385 *
386 * @param provider the provider.
387 *
388 * @return the new Signature object.
389 *
390 * @exception NoSuchAlgorithmException if a SignatureSpi
391 * implementation for the specified algorithm is not available
392 * from the specified Provider object.
393 *
394 * @exception IllegalArgumentException if the provider is null.
395 *
396 * @see Provider
397 *
398 * @since 1.4
399 */
400 public static Signature getInstance(String algorithm, Provider provider)
401 throws NoSuchAlgorithmException {
402 if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
403 // exception compatibility with existing code
404 if (provider == null) {
405 throw new IllegalArgumentException("missing provider");
406 }
407 return getInstanceRSA(provider);
408 }
409 Instance instance = GetInstance.getInstance
410 ("Signature", SignatureSpi.class, algorithm, provider);
411 return getInstance(instance, algorithm);
412 }
413
414 // return an implementation for NONEwithRSA, which is a special case
415 // because of the Cipher.RSA/ECB/PKCS1Padding compatibility wrapper
416 private static Signature getInstanceRSA(Provider p)
417 throws NoSuchAlgorithmException {
418 // try Signature first
419 Service s = p.getService("Signature", RSA_SIGNATURE);
420 if (s != null) {
421 Instance instance = GetInstance.getInstance(s, SignatureSpi.class);
422 return getInstance(instance, RSA_SIGNATURE);
423 }
424 // check Cipher
425 try {
426 Cipher c = Cipher.getInstance(RSA_CIPHER, p);
427 return new Delegate(new CipherAdapter(c), RSA_SIGNATURE);
428 } catch (GeneralSecurityException e) {
429 // throw Signature style exception message to avoid confusion,
430 // but append Cipher exception as cause
431 throw new NoSuchAlgorithmException("no such algorithm: "
432 + RSA_SIGNATURE + " for provider " + p.getName(), e);
433 }
434 }
435
436 /**
437 * Returns the provider of this signature object.
438 *
439 * @return the provider of this signature object
440 */
441 public final Provider getProvider() {
442 chooseFirstProvider();
443 return this.provider;
444 }
445
446 void chooseFirstProvider() {
447 // empty, overridden in Delegate
448 }
449
450 /**
451 * Initializes this object for verification. If this method is called
452 * again with a different argument, it negates the effect
453 * of this call.
454 *
455 * @param publicKey the public key of the identity whose signature is
456 * going to be verified.
457 *
458 * @exception InvalidKeyException if the key is invalid.
459 */
460 public final void initVerify(PublicKey publicKey)
461 throws InvalidKeyException {
462 engineInitVerify(publicKey);
463 state = VERIFY;
464
465 if (!skipDebug && pdebug != null) {
466 pdebug.println("Signature." + algorithm +
467 " verification algorithm from: " + this.provider.getName());
468 }
469 }
470
471 /**
472 * Initializes this object for verification, using the public key from
473 * the given certificate.
474 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
475 * extension field marked as critical, and the value of the <i>key usage</i>
476 * extension field implies that the public key in
477 * the certificate and its corresponding private key are not
478 * supposed to be used for digital signatures, an
479 * {@code InvalidKeyException} is thrown.
480 *
481 * @param certificate the certificate of the identity whose signature is
482 * going to be verified.
483 *
484 * @exception InvalidKeyException if the public key in the certificate
485 * is not encoded properly or does not include required parameter
486 * information or cannot be used for digital signature purposes.
487 * @since 1.3
488 */
489 public final void initVerify(Certificate certificate)
490 throws InvalidKeyException {
491 // If the certificate is of type X509Certificate,
492 // we should check whether it has a Key Usage
493 // extension marked as critical.
494 if (certificate instanceof java.security.cert.X509Certificate) {
495 // Check whether the cert has a key usage extension
496 // marked as a critical extension.
497 // The OID for KeyUsage extension is 2.5.29.15.
498 X509Certificate cert = (X509Certificate)certificate;
499 Set<String> critSet = cert.getCriticalExtensionOIDs();
500
501 if (critSet != null && !critSet.isEmpty()
502 && critSet.contains("2.5.29.15")) {
503 boolean[] keyUsageInfo = cert.getKeyUsage();
504 // keyUsageInfo[0] is for digitalSignature.
505 if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
506 throw new InvalidKeyException("Wrong key usage");
507 }
508 }
509
510 PublicKey publicKey = certificate.getPublicKey();
511 engineInitVerify(publicKey);
512 state = VERIFY;
513
514 if (!skipDebug && pdebug != null) {
515 pdebug.println("Signature." + algorithm +
516 " verification algorithm from: " + this.provider.getName());
517 }
518 }
519
520 /**
521 * Initialize this object for signing. If this method is called
522 * again with a different argument, it negates the effect
523 * of this call.
524 *
525 * @param privateKey the private key of the identity whose signature
526 * is going to be generated.
527 *
528 * @exception InvalidKeyException if the key is invalid.
529 */
530 public final void initSign(PrivateKey privateKey)
531 throws InvalidKeyException {
532 engineInitSign(privateKey);
533 state = SIGN;
534
535 if (!skipDebug && pdebug != null) {
536 pdebug.println("Signature." + algorithm +
537 " signing algorithm from: " + this.provider.getName());
538 }
539 }
540
541 /**
542 * Initialize this object for signing. If this method is called
543 * again with a different argument, it negates the effect
544 * of this call.
545 *
546 * @param privateKey the private key of the identity whose signature
547 * is going to be generated.
548 *
549 * @param random the source of randomness for this signature.
550 *
551 * @exception InvalidKeyException if the key is invalid.
552 */
553 public final void initSign(PrivateKey privateKey, SecureRandom random)
554 throws InvalidKeyException {
555 engineInitSign(privateKey, random);
556 state = SIGN;
557
558 if (!skipDebug && pdebug != null) {
559 pdebug.println("Signature." + algorithm +
560 " signing algorithm from: " + this.provider.getName());
561 }
562 }
563
564 /**
565 * Returns the signature bytes of all the data updated.
566 * The format of the signature depends on the underlying
567 * signature scheme.
568 *
569 * <p>A call to this method resets this signature object to the state
570 * it was in when previously initialized for signing via a
571 * call to {@code initSign(PrivateKey)}. That is, the object is
572 * reset and available to generate another signature from the same
573 * signer, if desired, via new calls to {@code update} and
574 * {@code sign}.
575 *
576 * @return the signature bytes of the signing operation's result.
577 *
578 * @exception SignatureException if this signature object is not
579 * initialized properly or if this signature algorithm is unable to
580 * process the input data provided.
581 */
582 public final byte[] sign() throws SignatureException {
583 if (state == SIGN) {
584 return engineSign();
585 }
586 throw new SignatureException("object not initialized for " +
587 "signing");
588 }
589
590 /**
591 * Finishes the signature operation and stores the resulting signature
592 * bytes in the provided buffer {@code outbuf}, starting at
593 * {@code offset}.
594 * The format of the signature depends on the underlying
595 * signature scheme.
596 *
597 * <p>This signature object is reset to its initial state (the state it
598 * was in after a call to one of the {@code initSign} methods) and
599 * can be reused to generate further signatures with the same private key.
600 *
601 * @param outbuf buffer for the signature result.
602 *
603 * @param offset offset into {@code outbuf} where the signature is
604 * stored.
605 *
606 * @param len number of bytes within {@code outbuf} allotted for the
607 * signature.
608 *
609 * @return the number of bytes placed into {@code outbuf}.
610 *
611 * @exception SignatureException if this signature object is not
612 * initialized properly, if this signature algorithm is unable to
613 * process the input data provided, or if {@code len} is less
614 * than the actual signature length.
615 * @exception IllegalArgumentException if {@code outbuf} is {@code null},
616 * or {@code offset} or {@code len} is less than 0, or the sum of
617 * {@code offset} and {@code len} is greater than the length of
618 * {@code outbuf}.
619 *
620 * @since 1.2
621 */
622 public final int sign(byte[] outbuf, int offset, int len)
623 throws SignatureException {
624 if (outbuf == null) {
625 throw new IllegalArgumentException("No output buffer given");
626 }
627 if (offset < 0 || len < 0) {
628 throw new IllegalArgumentException("offset or len is less than 0");
629 }
630 if (outbuf.length - offset < len) {
631 throw new IllegalArgumentException
632 ("Output buffer too small for specified offset and length");
633 }
634 if (state != SIGN) {
635 throw new SignatureException("object not initialized for " +
636 "signing");
637 }
638 return engineSign(outbuf, offset, len);
639 }
640
641 /**
642 * Verifies the passed-in signature.
643 *
644 * <p>A call to this method resets this signature object to the state
645 * it was in when previously initialized for verification via a
646 * call to {@code initVerify(PublicKey)}. That is, the object is
647 * reset and available to verify another signature from the identity
648 * whose public key was specified in the call to {@code initVerify}.
649 *
650 * @param signature the signature bytes to be verified.
651 *
652 * @return true if the signature was verified, false if not.
653 *
654 * @exception SignatureException if this signature object is not
655 * initialized properly, the passed-in signature is improperly
656 * encoded or of the wrong type, if this signature algorithm is unable to
657 * process the input data provided, etc.
658 */
659 public final boolean verify(byte[] signature) throws SignatureException {
660 if (state == VERIFY) {
661 return engineVerify(signature);
662 }
663 throw new SignatureException("object not initialized for " +
664 "verification");
665 }
666
667 /**
668 * Verifies the passed-in signature in the specified array
669 * of bytes, starting at the specified offset.
670 *
671 * <p>A call to this method resets this signature object to the state
672 * it was in when previously initialized for verification via a
673 * call to {@code initVerify(PublicKey)}. That is, the object is
674 * reset and available to verify another signature from the identity
675 * whose public key was specified in the call to {@code initVerify}.
676 *
677 *
678 * @param signature the signature bytes to be verified.
679 * @param offset the offset to start from in the array of bytes.
680 * @param length the number of bytes to use, starting at offset.
681 *
682 * @return true if the signature was verified, false if not.
683 *
684 * @exception SignatureException if this signature object is not
685 * initialized properly, the passed-in signature is improperly
686 * encoded or of the wrong type, if this signature algorithm is unable to
687 * process the input data provided, etc.
688 * @exception IllegalArgumentException if the {@code signature}
689 * byte array is null, or the {@code offset} or {@code length}
690 * is less than 0, or the sum of the {@code offset} and
691 * {@code length} is greater than the length of the
692 * {@code signature} byte array.
693 * @since 1.4
694 */
695 public final boolean verify(byte[] signature, int offset, int length)
696 throws SignatureException {
697 if (state == VERIFY) {
698 if (signature == null) {
699 throw new IllegalArgumentException("signature is null");
700 }
701 if (offset < 0 || length < 0) {
702 throw new IllegalArgumentException
703 ("offset or length is less than 0");
704 }
705 if (signature.length - offset < length) {
706 throw new IllegalArgumentException
707 ("signature too small for specified offset and length");
708 }
709
710 return engineVerify(signature, offset, length);
711 }
712 throw new SignatureException("object not initialized for " +
713 "verification");
714 }
715
716 /**
717 * Updates the data to be signed or verified by a byte.
718 *
719 * @param b the byte to use for the update.
720 *
721 * @exception SignatureException if this signature object is not
722 * initialized properly.
723 */
724 public final void update(byte b) throws SignatureException {
725 if (state == VERIFY || state == SIGN) {
726 engineUpdate(b);
727 } else {
728 throw new SignatureException("object not initialized for "
729 + "signature or verification");
730 }
731 }
732
733 /**
734 * Updates the data to be signed or verified, using the specified
735 * array of bytes.
736 *
737 * @param data the byte array to use for the update.
738 *
739 * @exception SignatureException if this signature object is not
740 * initialized properly.
741 */
742 public final void update(byte[] data) throws SignatureException {
743 update(data, 0, data.length);
744 }
745
746 /**
747 * Updates the data to be signed or verified, using the specified
748 * array of bytes, starting at the specified offset.
749 *
750 * @param data the array of bytes.
751 * @param off the offset to start from in the array of bytes.
752 * @param len the number of bytes to use, starting at offset.
753 *
754 * @exception SignatureException if this signature object is not
755 * initialized properly.
756 * @exception IllegalArgumentException if {@code data} is {@code null},
757 * or {@code off} or {@code len} is less than 0, or the sum of
758 * {@code off} and {@code len} is greater than the length of
759 * {@code data}.
760 */
761 public final void update(byte[] data, int off, int len)
762 throws SignatureException {
763 if (state == SIGN || state == VERIFY) {
764 if (data == null) {
765 throw new IllegalArgumentException("data is null");
766 }
767 if (off < 0 || len < 0) {
768 throw new IllegalArgumentException("off or len is less than 0");
769 }
770 if (data.length - off < len) {
771 throw new IllegalArgumentException
772 ("data too small for specified offset and length");
773 }
774 engineUpdate(data, off, len);
775 } else {
776 throw new SignatureException("object not initialized for "
777 + "signature or verification");
778 }
779 }
780
781 /**
782 * Updates the data to be signed or verified using the specified
783 * ByteBuffer. Processes the {@code data.remaining()} bytes
784 * starting at {@code data.position()}.
785 * Upon return, the buffer's position will be equal to its limit;
786 * its limit will not have changed.
787 *
788 * @param data the ByteBuffer
789 *
790 * @exception SignatureException if this signature object is not
791 * initialized properly.
792 * @since 1.5
793 */
794 public final void update(ByteBuffer data) throws SignatureException {
795 if ((state != SIGN) && (state != VERIFY)) {
796 throw new SignatureException("object not initialized for "
797 + "signature or verification");
798 }
799 if (data == null) {
800 throw new NullPointerException();
801 }
802 engineUpdate(data);
803 }
804
805 /**
806 * Returns the name of the algorithm for this signature object.
807 *
808 * @return the name of the algorithm for this signature object.
809 */
810 public final String getAlgorithm() {
811 return this.algorithm;
812 }
813
814 /**
815 * Returns a string representation of this signature object,
816 * providing information that includes the state of the object
817 * and the name of the algorithm used.
818 *
819 * @return a string representation of this signature object.
820 */
821 public String toString() {
822 String initState = "";
823 switch (state) {
824 case UNINITIALIZED:
825 initState = "<not initialized>";
826 break;
827 case VERIFY:
828 initState = "<initialized for verifying>";
829 break;
830 case SIGN:
831 initState = "<initialized for signing>";
832 break;
833 }
834 return "Signature object: " + getAlgorithm() + initState;
835 }
836
837 /**
838 * Sets the specified algorithm parameter to the specified value.
839 * This method supplies a general-purpose mechanism through
840 * which it is possible to set the various parameters of this object.
841 * A parameter may be any settable parameter for the algorithm, such as
842 * a parameter size, or a source of random bits for signature generation
843 * (if appropriate), or an indication of whether or not to perform
844 * a specific but optional computation. A uniform algorithm-specific
845 * naming scheme for each parameter is desirable but left unspecified
846 * at this time.
847 *
848 * @param param the string identifier of the parameter.
849 * @param value the parameter value.
850 *
851 * @exception InvalidParameterException if {@code param} is an
852 * invalid parameter for this signature algorithm engine,
853 * the parameter is already set
854 * and cannot be set again, a security exception occurs, and so on.
855 *
856 * @see #getParameter
857 *
858 * @deprecated Use
859 * {@link #setParameter(java.security.spec.AlgorithmParameterSpec)
860 * setParameter}.
861 */
862 @Deprecated
863 public final void setParameter(String param, Object value)
864 throws InvalidParameterException {
865 engineSetParameter(param, value);
866 }
867
868 /**
869 * Initializes this signature engine with the specified parameter set.
870 *
871 * @param params the parameters
872 *
873 * @exception InvalidAlgorithmParameterException if the given parameters
874 * are inappropriate for this signature engine
875 *
876 * @see #getParameters
877 */
878 public final void setParameter(AlgorithmParameterSpec params)
879 throws InvalidAlgorithmParameterException {
880 engineSetParameter(params);
881 }
882
883 /**
884 * Returns the parameters used with this signature object.
885 *
886 * <p>The returned parameters may be the same that were used to initialize
887 * this signature, or may contain a combination of default and randomly
888 * generated parameter values used by the underlying signature
889 * implementation if this signature requires algorithm parameters but
890 * was not initialized with any.
891 *
892 * @return the parameters used with this signature, or null if this
893 * signature does not use any parameters.
894 *
895 * @see #setParameter(AlgorithmParameterSpec)
896 * @since 1.4
897 */
898 public final AlgorithmParameters getParameters() {
899 return engineGetParameters();
900 }
901
902 /**
903 * Gets the value of the specified algorithm parameter. This method
904 * supplies a general-purpose mechanism through which it is possible to
905 * get the various parameters of this object. A parameter may be any
906 * settable parameter for the algorithm, such as a parameter size, or
907 * a source of random bits for signature generation (if appropriate),
908 * or an indication of whether or not to perform a specific but optional
909 * computation. A uniform algorithm-specific naming scheme for each
910 * parameter is desirable but left unspecified at this time.
911 *
912 * @param param the string name of the parameter.
913 *
914 * @return the object that represents the parameter value, or null if
915 * there is none.
916 *
917 * @exception InvalidParameterException if {@code param} is an invalid
918 * parameter for this engine, or another exception occurs while
919 * trying to get this parameter.
920 *
921 * @see #setParameter(String, Object)
922 *
923 * @deprecated
924 */
925 @Deprecated
926 public final Object getParameter(String param)
927 throws InvalidParameterException {
928 return engineGetParameter(param);
929 }
930
931 /**
932 * Returns a clone if the implementation is cloneable.
933 *
934 * @return a clone if the implementation is cloneable.
935 *
936 * @exception CloneNotSupportedException if this is called
937 * on an implementation that does not support {@code Cloneable}.
938 */
939 public Object clone() throws CloneNotSupportedException {
940 if (this instanceof Cloneable) {
941 return super.clone();
942 } else {
943 throw new CloneNotSupportedException();
944 }
945 }
946
947 /*
948 * The following class allows providers to extend from SignatureSpi
949 * rather than from Signature. It represents a Signature with an
950 * encapsulated, provider-supplied SPI object (of type SignatureSpi).
951 * If the provider implementation is an instance of SignatureSpi, the
952 * getInstance() methods above return an instance of this class, with
953 * the SPI object encapsulated.
954 *
955 * Note: All SPI methods from the original Signature class have been
956 * moved up the hierarchy into a new class (SignatureSpi), which has
957 * been interposed in the hierarchy between the API (Signature)
958 * and its original parent (Object).
959 */
960
961 @SuppressWarnings("deprecation")
962 private static class Delegate extends Signature {
963
964 // The provider implementation (delegate)
965 // filled in once the provider is selected
966 private SignatureSpi sigSpi;
967
968 // lock for mutex during provider selection
969 private final Object lock;
970
971 // next service to try in provider selection
972 // null once provider is selected
973 private Service firstService;
974
975 // remaining services to try in provider selection
976 // null once provider is selected
977 private Iterator<Service> serviceIterator;
978
979 // constructor
980 Delegate(SignatureSpi sigSpi, String algorithm) {
981 super(algorithm);
982 this.sigSpi = sigSpi;
983 this.lock = null; // no lock needed
984 }
985
986 // used with delayed provider selection
987 Delegate(Service service,
988 Iterator<Service> iterator, String algorithm) {
989 super(algorithm);
990 this.firstService = service;
991 this.serviceIterator = iterator;
992 this.lock = new Object();
993 }
994
995 /**
996 * Returns a clone if the delegate is cloneable.
997 *
998 * @return a clone if the delegate is cloneable.
999 *
1000 * @exception CloneNotSupportedException if this is called on a
1001 * delegate that does not support {@code Cloneable}.
1002 */
1003 public Object clone() throws CloneNotSupportedException {
1004 chooseFirstProvider();
1005 if (sigSpi instanceof Cloneable) {
1006 SignatureSpi sigSpiClone = (SignatureSpi)sigSpi.clone();
1007 // Because 'algorithm' and 'provider' are private
1008 // members of our supertype, we must perform a cast to
1009 // access them.
1010 Signature that =
1011 new Delegate(sigSpiClone, ((Signature)this).algorithm);
1012 that.provider = ((Signature)this).provider;
1013 return that;
1014 } else {
1015 throw new CloneNotSupportedException();
1016 }
1017 }
1018
1019 private static SignatureSpi newInstance(Service s)
1020 throws NoSuchAlgorithmException {
1021 if (s.getType().equals("Cipher")) {
1022 // must be NONEwithRSA
1023 try {
1024 Cipher c = Cipher.getInstance(RSA_CIPHER, s.getProvider());
1025 return new CipherAdapter(c);
1026 } catch (NoSuchPaddingException e) {
1027 throw new NoSuchAlgorithmException(e);
1028 }
1029 } else {
1030 Object o = s.newInstance(null);
1031 if (o instanceof SignatureSpi == false) {
1032 throw new NoSuchAlgorithmException
1033 ("Not a SignatureSpi: " + o.getClass().getName());
1034 }
1035 return (SignatureSpi)o;
1036 }
1037 }
1038
1039 // max number of debug warnings to print from chooseFirstProvider()
1040 private static int warnCount = 10;
1041
1042 /**
1043 * Choose the Spi from the first provider available. Used if
1044 * delayed provider selection is not possible because initSign()/
1045 * initVerify() is not the first method called.
1046 */
1047 void chooseFirstProvider() {
1048 if (sigSpi != null) {
1049 return;
1050 }
1051 synchronized (lock) {
1052 if (sigSpi != null) {
1053 return;
1054 }
1055 if (debug != null) {
1056 int w = --warnCount;
1057 if (w >= 0) {
1058 debug.println("Signature.init() not first method "
1059 + "called, disabling delayed provider selection");
1060 if (w == 0) {
1061 debug.println("Further warnings of this type will "
1062 + "be suppressed");
1063 }
1064 new Exception("Call trace").printStackTrace();
1065 }
1066 }
1067 Exception lastException = null;
1068 while ((firstService != null) || serviceIterator.hasNext()) {
1069 Service s;
1070 if (firstService != null) {
1071 s = firstService;
1072 firstService = null;
1073 } else {
1074 s = serviceIterator.next();
1075 }
1076 if (isSpi(s) == false) {
1077 continue;
1078 }
1079 try {
1080 sigSpi = newInstance(s);
1081 provider = s.getProvider();
1082 // not needed any more
1083 firstService = null;
1084 serviceIterator = null;
1085 return;
1086 } catch (NoSuchAlgorithmException e) {
1087 lastException = e;
1088 }
1089 }
1090 ProviderException e = new ProviderException
1091 ("Could not construct SignatureSpi instance");
1092 if (lastException != null) {
1093 e.initCause(lastException);
1094 }
1095 throw e;
1096 }
1097 }
1098
1099 private void chooseProvider(int type, Key key, SecureRandom random)
1100 throws InvalidKeyException {
1101 synchronized (lock) {
1102 if (sigSpi != null) {
1103 init(sigSpi, type, key, random);
1104 return;
1105 }
1106 Exception lastException = null;
1107 while ((firstService != null) || serviceIterator.hasNext()) {
1108 Service s;
1109 if (firstService != null) {
1110 s = firstService;
1111 firstService = null;
1112 } else {
1113 s = serviceIterator.next();
1114 }
1115 // if provider says it does not support this key, ignore it
1116 if (s.supportsParameter(key) == false) {
1117 continue;
1118 }
1119 // if instance is not a SignatureSpi, ignore it
1120 if (isSpi(s) == false) {
1121 continue;
1122 }
1123 try {
1124 SignatureSpi spi = newInstance(s);
1125 init(spi, type, key, random);
1126 provider = s.getProvider();
1127 sigSpi = spi;
1128 firstService = null;
1129 serviceIterator = null;
1130 return;
1131 } catch (Exception e) {
1132 // NoSuchAlgorithmException from newInstance()
1133 // InvalidKeyException from init()
1134 // RuntimeException (ProviderException) from init()
1135 if (lastException == null) {
1136 lastException = e;
1137 }
1138 }
1139 }
1140 // no working provider found, fail
1141 if (lastException instanceof InvalidKeyException) {
1142 throw (InvalidKeyException)lastException;
1143 }
1144 if (lastException instanceof RuntimeException) {
1145 throw (RuntimeException)lastException;
1146 }
1147 String k = (key != null) ? key.getClass().getName() : "(null)";
1148 throw new InvalidKeyException
1149 ("No installed provider supports this key: "
1150 + k, lastException);
1151 }
1152 }
1153
1154 private static final int I_PUB = 1;
1155 private static final int I_PRIV = 2;
1156 private static final int I_PRIV_SR = 3;
1157
1158 private void init(SignatureSpi spi, int type, Key key,
1159 SecureRandom random) throws InvalidKeyException {
1160 switch (type) {
1161 case I_PUB:
1162 spi.engineInitVerify((PublicKey)key);
1163 break;
1164 case I_PRIV:
1165 spi.engineInitSign((PrivateKey)key);
1166 break;
1167 case I_PRIV_SR:
1168 spi.engineInitSign((PrivateKey)key, random);
1169 break;
1170 default:
1171 throw new AssertionError("Internal error: " + type);
1172 }
1173 }
1174
1175 protected void engineInitVerify(PublicKey publicKey)
1176 throws InvalidKeyException {
1177 if (sigSpi != null) {
1178 sigSpi.engineInitVerify(publicKey);
1179 } else {
1180 chooseProvider(I_PUB, publicKey, null);
1181 }
1182 }
1183
1184 protected void engineInitSign(PrivateKey privateKey)
1185 throws InvalidKeyException {
1186 if (sigSpi != null) {
1187 sigSpi.engineInitSign(privateKey);
1188 } else {
1189 chooseProvider(I_PRIV, privateKey, null);
1190 }
1191 }
1192
1193 protected void engineInitSign(PrivateKey privateKey, SecureRandom sr)
1194 throws InvalidKeyException {
1195 if (sigSpi != null) {
1196 sigSpi.engineInitSign(privateKey, sr);
1197 } else {
1198 chooseProvider(I_PRIV_SR, privateKey, sr);
1199 }
1200 }
1201
1202 protected void engineUpdate(byte b) throws SignatureException {
1203 chooseFirstProvider();
1204 sigSpi.engineUpdate(b);
1205 }
1206
1207 protected void engineUpdate(byte[] b, int off, int len)
1208 throws SignatureException {
1209 chooseFirstProvider();
1210 sigSpi.engineUpdate(b, off, len);
1211 }
1212
1213 protected void engineUpdate(ByteBuffer data) {
1214 chooseFirstProvider();
1215 sigSpi.engineUpdate(data);
1216 }
1217
1218 protected byte[] engineSign() throws SignatureException {
1219 chooseFirstProvider();
1220 return sigSpi.engineSign();
1221 }
1222
1223 protected int engineSign(byte[] outbuf, int offset, int len)
1224 throws SignatureException {
1225 chooseFirstProvider();
1226 return sigSpi.engineSign(outbuf, offset, len);
1227 }
1228
1229 protected boolean engineVerify(byte[] sigBytes)
1230 throws SignatureException {
1231 chooseFirstProvider();
1232 return sigSpi.engineVerify(sigBytes);
1233 }
1234
1235 protected boolean engineVerify(byte[] sigBytes, int offset, int length)
1236 throws SignatureException {
1237 chooseFirstProvider();
1238 return sigSpi.engineVerify(sigBytes, offset, length);
1239 }
1240
1241 protected void engineSetParameter(String param, Object value)
1242 throws InvalidParameterException {
1243 chooseFirstProvider();
1244 sigSpi.engineSetParameter(param, value);
1245 }
1246
1247 protected void engineSetParameter(AlgorithmParameterSpec params)
1248 throws InvalidAlgorithmParameterException {
1249 chooseFirstProvider();
1250 sigSpi.engineSetParameter(params);
1251 }
1252
1253 protected Object engineGetParameter(String param)
1254 throws InvalidParameterException {
1255 chooseFirstProvider();
1256 return sigSpi.engineGetParameter(param);
1257 }
1258
1259 protected AlgorithmParameters engineGetParameters() {
1260 chooseFirstProvider();
1261 return sigSpi.engineGetParameters();
1262 }
1263 }
1264
1265 // adapter for RSA/ECB/PKCS1Padding ciphers
1266 @SuppressWarnings("deprecation")
1267 private static class CipherAdapter extends SignatureSpi {
1268
1269 private final Cipher cipher;
1270
1271 private ByteArrayOutputStream data;
1272
1273 CipherAdapter(Cipher cipher) {
1274 this.cipher = cipher;
1275 }
1276
1277 protected void engineInitVerify(PublicKey publicKey)
1278 throws InvalidKeyException {
1279 cipher.init(Cipher.DECRYPT_MODE, publicKey);
1280 if (data == null) {
1281 data = new ByteArrayOutputStream(128);
1282 } else {
1283 data.reset();
1284 }
1285 }
1286
1287 protected void engineInitSign(PrivateKey privateKey)
1288 throws InvalidKeyException {
1289 cipher.init(Cipher.ENCRYPT_MODE, privateKey);
1290 data = null;
1291 }
1292
1293 protected void engineInitSign(PrivateKey privateKey,
1294 SecureRandom random) throws InvalidKeyException {
1295 cipher.init(Cipher.ENCRYPT_MODE, privateKey, random);
1296 data = null;
1297 }
1298
1299 protected void engineUpdate(byte b) throws SignatureException {
1300 engineUpdate(new byte[] {b}, 0, 1);
1301 }
1302
1303 protected void engineUpdate(byte[] b, int off, int len)
1304 throws SignatureException {
1305 if (data != null) {
1306 data.write(b, off, len);
1307 return;
1308 }
1309 byte[] out = cipher.update(b, off, len);
1310 if ((out != null) && (out.length != 0)) {
1311 throw new SignatureException
1312 ("Cipher unexpectedly returned data");
1313 }
1314 }
1315
1316 protected byte[] engineSign() throws SignatureException {
1317 try {
1318 return cipher.doFinal();
1319 } catch (IllegalBlockSizeException e) {
1320 throw new SignatureException("doFinal() failed", e);
1321 } catch (BadPaddingException e) {
1322 throw new SignatureException("doFinal() failed", e);
1323 }
1324 }
1325
1326 protected boolean engineVerify(byte[] sigBytes)
1327 throws SignatureException {
1328 try {
1329 byte[] out = cipher.doFinal(sigBytes);
1330 byte[] dataBytes = data.toByteArray();
1331 data.reset();
1332 return MessageDigest.isEqual(out, dataBytes);
1333 } catch (BadPaddingException e) {
1334 // e.g. wrong public key used
1335 // return false rather than throwing exception
1336 return false;
1337 } catch (IllegalBlockSizeException e) {
1338 throw new SignatureException("doFinal() failed", e);
1339 }
1340 }
1341
1342 protected void engineSetParameter(String param, Object value)
1343 throws InvalidParameterException {
1344 throw new InvalidParameterException("Parameters not supported");
1345 }
1346
1347 protected Object engineGetParameter(String param)
1348 throws InvalidParameterException {
1349 throw new InvalidParameterException("Parameters not supported");
1350 }
1351
1352 }
1353
1354 }