1 /* |
1 /* |
2 * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
26 package sun.security.pkcs; |
26 package sun.security.pkcs; |
27 |
27 |
28 import java.io.OutputStream; |
28 import java.io.OutputStream; |
29 import java.io.IOException; |
29 import java.io.IOException; |
30 import java.math.BigInteger; |
30 import java.math.BigInteger; |
31 import java.security.CryptoPrimitive; |
|
32 import java.security.InvalidKeyException; |
|
33 import java.security.MessageDigest; |
|
34 import java.security.NoSuchAlgorithmException; |
|
35 import java.security.Principal; |
|
36 import java.security.PublicKey; |
|
37 import java.security.Signature; |
|
38 import java.security.SignatureException; |
|
39 import java.security.Timestamp; |
|
40 import java.security.cert.CertPathValidatorException; |
31 import java.security.cert.CertPathValidatorException; |
41 import java.security.cert.CertificateException; |
32 import java.security.cert.CertificateException; |
42 import java.security.cert.CertificateFactory; |
33 import java.security.cert.CertificateFactory; |
43 import java.security.cert.CertPath; |
34 import java.security.cert.CertPath; |
44 import java.security.cert.X509Certificate; |
35 import java.security.cert.X509Certificate; |
|
36 import java.security.*; |
45 import java.util.ArrayList; |
37 import java.util.ArrayList; |
46 import java.util.Arrays; |
38 import java.util.Arrays; |
47 import java.util.Collections; |
39 import java.util.Collections; |
48 import java.util.EnumSet; |
40 import java.util.EnumSet; |
49 import java.util.Set; |
41 import java.util.Set; |
60 import sun.security.util.KeyUtil; |
52 import sun.security.util.KeyUtil; |
61 import sun.security.util.ObjectIdentifier; |
53 import sun.security.util.ObjectIdentifier; |
62 import sun.security.x509.AlgorithmId; |
54 import sun.security.x509.AlgorithmId; |
63 import sun.security.x509.X500Name; |
55 import sun.security.x509.X500Name; |
64 import sun.security.x509.KeyUsageExtension; |
56 import sun.security.x509.KeyUsageExtension; |
|
57 import sun.security.util.SignatureUtil; |
65 |
58 |
66 /** |
59 /** |
67 * A SignerInfo, as defined in PKCS#7's signedData type. |
60 * A SignerInfo, as defined in PKCS#7's signedData type. |
68 * |
61 * |
69 * @author Benjamin Renaud |
62 * @author Benjamin Renaud |
451 + "digital signatures"); |
444 + "digital signatures"); |
452 } |
445 } |
453 } |
446 } |
454 |
447 |
455 Signature sig = Signature.getInstance(algname); |
448 Signature sig = Signature.getInstance(algname); |
|
449 |
|
450 // set parameters before Signature.initSign/initVerify call, |
|
451 // so key can be checked when it's set |
|
452 AlgorithmParameters ap = |
|
453 digestEncryptionAlgorithmId.getParameters(); |
|
454 try { |
|
455 SignatureUtil.specialSetParameter(sig, ap); |
|
456 } catch (ProviderException | InvalidAlgorithmParameterException e) { |
|
457 throw new SignatureException(e.getMessage(), e); |
|
458 } |
|
459 |
456 sig.initVerify(key); |
460 sig.initVerify(key); |
457 sig.update(dataSigned); |
461 sig.update(dataSigned); |
458 if (sig.verify(encryptedDigest)) { |
462 if (sig.verify(encryptedDigest)) { |
459 return this; |
463 return this; |
460 } |
464 } |
461 |
|
462 } catch (IOException e) { |
465 } catch (IOException e) { |
463 throw new SignatureException("IO error verifying signature:\n" + |
466 throw new SignatureException("IO error verifying signature:\n" + |
464 e.getMessage()); |
467 e.getMessage()); |
465 |
|
466 } catch (InvalidKeyException e) { |
468 } catch (InvalidKeyException e) { |
467 throw new SignatureException("InvalidKey: " + e.getMessage()); |
469 throw new SignatureException("InvalidKey: " + e.getMessage()); |
468 |
|
469 } |
470 } |
470 return null; |
471 return null; |
471 } |
472 } |
472 |
473 |
473 /* Verify the content of the pkcs7 block. */ |
474 /* Verify the content of the pkcs7 block. */ |
474 SignerInfo verify(PKCS7 block) |
475 SignerInfo verify(PKCS7 block) |
475 throws NoSuchAlgorithmException, SignatureException { |
476 throws NoSuchAlgorithmException, SignatureException { |
476 return verify(block, null); |
477 return verify(block, null); |
477 } |
478 } |
478 |
|
479 |
479 |
480 public BigInteger getVersion() { |
480 public BigInteger getVersion() { |
481 return version; |
481 return version; |
482 } |
482 } |
483 |
483 |