equal
deleted
inserted
replaced
34 |
34 |
35 import sun.security.util.*; |
35 import sun.security.util.*; |
36 import sun.security.x509.AlgorithmId; |
36 import sun.security.x509.AlgorithmId; |
37 import sun.security.x509.X500Name; |
37 import sun.security.x509.X500Name; |
38 import sun.security.x509.KeyUsageExtension; |
38 import sun.security.x509.KeyUsageExtension; |
39 import sun.security.x509.PKIXExtensions; |
|
40 import sun.misc.HexDumpEncoder; |
39 import sun.misc.HexDumpEncoder; |
41 |
40 |
42 /** |
41 /** |
43 * A SignerInfo, as defined in PKCS#7's signedData type. |
42 * A SignerInfo, as defined in PKCS#7's signedData type. |
44 * |
43 * |
298 // first, check content type |
297 // first, check content type |
299 ObjectIdentifier contentType = (ObjectIdentifier) |
298 ObjectIdentifier contentType = (ObjectIdentifier) |
300 authenticatedAttributes.getAttributeValue( |
299 authenticatedAttributes.getAttributeValue( |
301 PKCS9Attribute.CONTENT_TYPE_OID); |
300 PKCS9Attribute.CONTENT_TYPE_OID); |
302 if (contentType == null || |
301 if (contentType == null || |
303 !contentType.equals(content.contentType)) |
302 !contentType.equals((Object)content.contentType)) |
304 return null; // contentType does not match, bad SignerInfo |
303 return null; // contentType does not match, bad SignerInfo |
305 |
304 |
306 // now, check message digest |
305 // now, check message digest |
307 byte[] messageDigest = (byte[]) |
306 byte[] messageDigest = (byte[]) |
308 authenticatedAttributes.getAttributeValue( |
307 authenticatedAttributes.getAttributeValue( |
369 } catch (IOException ioe) { |
368 } catch (IOException ioe) { |
370 throw new SignatureException("Failed to parse keyUsage " |
369 throw new SignatureException("Failed to parse keyUsage " |
371 + "extension"); |
370 + "extension"); |
372 } |
371 } |
373 |
372 |
374 boolean digSigAllowed = ((Boolean)keyUsage.get( |
373 boolean digSigAllowed = keyUsage.get( |
375 KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue(); |
374 KeyUsageExtension.DIGITAL_SIGNATURE).booleanValue(); |
376 |
375 |
377 boolean nonRepuAllowed = ((Boolean)keyUsage.get( |
376 boolean nonRepuAllowed = keyUsage.get( |
378 KeyUsageExtension.NON_REPUDIATION)).booleanValue(); |
377 KeyUsageExtension.NON_REPUDIATION).booleanValue(); |
379 |
378 |
380 if (!digSigAllowed && !nonRepuAllowed) { |
379 if (!digSigAllowed && !nonRepuAllowed) { |
381 throw new SignatureException("Key usage restricted: " |
380 throw new SignatureException("Key usage restricted: " |
382 + "cannot be used for " |
381 + "cannot be used for " |
383 + "digital signatures"); |
382 + "digital signatures"); |