1 /* |
1 /* |
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
23 * questions. |
23 * questions. |
24 */ |
24 */ |
25 |
25 |
26 package java.security.cert; |
26 package java.security.cert; |
27 |
27 |
28 import java.security.NoSuchAlgorithmException; |
28 import java.security.*; |
29 import java.security.NoSuchProviderException; |
29 import java.security.spec.*; |
30 import java.security.InvalidKeyException; |
30 |
31 import java.security.SignatureException; |
|
32 import java.security.Principal; |
|
33 import java.security.Provider; |
|
34 import java.security.PublicKey; |
|
35 import java.security.Signature; |
|
36 import javax.security.auth.x500.X500Principal; |
31 import javax.security.auth.x500.X500Principal; |
37 |
32 |
38 import java.math.BigInteger; |
33 import java.math.BigInteger; |
39 import java.util.Date; |
34 import java.util.Date; |
40 import java.util.Set; |
35 import java.util.Set; |
41 import java.util.Arrays; |
36 import java.util.Arrays; |
42 |
37 |
43 import sun.security.x509.X509CRLImpl; |
38 import sun.security.x509.X509CRLImpl; |
|
39 import sun.security.util.SignatureUtil; |
44 |
40 |
45 /** |
41 /** |
46 * <p> |
42 * <p> |
47 * Abstract class for an X.509 Certificate Revocation List (CRL). |
43 * Abstract class for an X.509 Certificate Revocation List (CRL). |
48 * A CRL is a time-stamped list identifying revoked certificates. |
44 * A CRL is a time-stamped list identifying revoked certificates. |
244 throws CRLException, NoSuchAlgorithmException, |
240 throws CRLException, NoSuchAlgorithmException, |
245 InvalidKeyException, SignatureException { |
241 InvalidKeyException, SignatureException { |
246 Signature sig = (sigProvider == null) |
242 Signature sig = (sigProvider == null) |
247 ? Signature.getInstance(getSigAlgName()) |
243 ? Signature.getInstance(getSigAlgName()) |
248 : Signature.getInstance(getSigAlgName(), sigProvider); |
244 : Signature.getInstance(getSigAlgName(), sigProvider); |
|
245 |
249 sig.initVerify(key); |
246 sig.initVerify(key); |
|
247 |
|
248 // set parameters after Signature.initSign/initVerify call, |
|
249 // so the deferred provider selections occur when key is set |
|
250 try { |
|
251 SignatureUtil.specialSetParameter(sig, getSigAlgParams()); |
|
252 } catch (ProviderException e) { |
|
253 throw new CRLException(e.getMessage(), e.getCause()); |
|
254 } catch (InvalidAlgorithmParameterException e) { |
|
255 throw new CRLException(e); |
|
256 } |
250 |
257 |
251 byte[] tbsCRL = getTBSCertList(); |
258 byte[] tbsCRL = getTBSCertList(); |
252 sig.update(tbsCRL, 0, tbsCRL.length); |
259 sig.update(tbsCRL, 0, tbsCRL.length); |
253 |
260 |
254 if (sig.verify(getSignature()) == false) { |
261 if (sig.verify(getSignature()) == false) { |