1 /* |
1 /* |
2 * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
29 import java.io.PrintStream; |
29 import java.io.PrintStream; |
30 import java.io.IOException; |
30 import java.io.IOException; |
31 import java.math.BigInteger; |
31 import java.math.BigInteger; |
32 |
32 |
33 import java.security.cert.CertificateException; |
33 import java.security.cert.CertificateException; |
34 import java.security.NoSuchAlgorithmException; |
34 import java.security.*; |
35 import java.security.InvalidKeyException; |
35 import java.security.spec.AlgorithmParameterSpec; |
36 import java.security.Signature; |
|
37 import java.security.SignatureException; |
|
38 import java.security.PublicKey; |
|
39 |
36 |
40 import java.util.Base64; |
37 import java.util.Base64; |
41 |
38 |
42 import sun.security.util.*; |
39 import sun.security.util.*; |
43 import sun.security.x509.AlgorithmId; |
40 import sun.security.x509.AlgorithmId; |
44 import sun.security.x509.X509Key; |
41 import sun.security.x509.X509Key; |
45 import sun.security.x509.X500Name; |
42 import sun.security.x509.X500Name; |
|
43 import sun.security.util.SignatureUtil; |
|
44 |
46 |
45 |
47 /** |
46 /** |
48 * A PKCS #10 certificate request is created and sent to a Certificate |
47 * A PKCS #10 certificate request is created and sent to a Certificate |
49 * Authority, which then creates an X.509 certificate and returns it to |
48 * Authority, which then creates an X.509 certificate and returns it to |
50 * the entity that requested it. A certificate request basically consists |
49 * the entity that requested it. A certificate request basically consists |
167 // key and signature algorithm we found. |
166 // key and signature algorithm we found. |
168 // |
167 // |
169 try { |
168 try { |
170 sigAlg = id.getName(); |
169 sigAlg = id.getName(); |
171 sig = Signature.getInstance(sigAlg); |
170 sig = Signature.getInstance(sigAlg); |
|
171 |
|
172 // set parameters before Signature.initSign/initVerify call, |
|
173 // so key can be checked when it's set |
|
174 SignatureUtil.specialSetParameter(sig, id.getParameters()); |
|
175 |
172 sig.initVerify(subjectPublicKeyInfo); |
176 sig.initVerify(subjectPublicKeyInfo); |
173 sig.update(data); |
177 sig.update(data); |
174 if (!sig.verify(sigData)) |
178 if (!sig.verify(sigData)) { |
175 throw new SignatureException("Invalid PKCS #10 signature"); |
179 throw new SignatureException("Invalid PKCS #10 signature"); |
|
180 } |
176 } catch (InvalidKeyException e) { |
181 } catch (InvalidKeyException e) { |
177 throw new SignatureException("invalid key"); |
182 throw new SignatureException("Invalid key"); |
|
183 } catch (InvalidAlgorithmParameterException e) { |
|
184 throw new SignatureException("Invalid signature parameters", e); |
|
185 } catch (ProviderException e) { |
|
186 throw new SignatureException("Error parsing signature parameters", |
|
187 e.getCause()); |
178 } |
188 } |
179 } |
189 } |
180 |
190 |
181 /** |
191 /** |
182 * Create the signed certificate request. This will later be |
192 * Create the signed certificate request. This will later be |