1 /* |
1 /* |
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
27 |
27 |
28 import java.io.InputStream; |
28 import java.io.InputStream; |
29 import java.io.OutputStream; |
29 import java.io.OutputStream; |
30 import java.io.IOException; |
30 import java.io.IOException; |
31 import java.math.BigInteger; |
31 import java.math.BigInteger; |
32 import java.security.Principal; |
|
33 import java.security.PublicKey; |
|
34 import java.security.PrivateKey; |
|
35 import java.security.Provider; |
|
36 import java.security.Signature; |
|
37 import java.security.NoSuchAlgorithmException; |
|
38 import java.security.InvalidKeyException; |
|
39 import java.security.NoSuchProviderException; |
|
40 import java.security.SignatureException; |
|
41 import java.security.cert.Certificate; |
32 import java.security.cert.Certificate; |
42 import java.security.cert.X509CRL; |
33 import java.security.cert.X509CRL; |
43 import java.security.cert.X509Certificate; |
34 import java.security.cert.X509Certificate; |
44 import java.security.cert.X509CRLEntry; |
35 import java.security.cert.X509CRLEntry; |
45 import java.security.cert.CRLException; |
36 import java.security.cert.CRLException; |
|
37 import java.security.*; |
46 import java.util.*; |
38 import java.util.*; |
47 |
39 |
48 import javax.security.auth.x500.X500Principal; |
40 import javax.security.auth.x500.X500Principal; |
49 |
41 |
50 import sun.security.provider.X509Factory; |
42 import sun.security.provider.X509Factory; |
51 import sun.security.util.*; |
43 import sun.security.util.*; |
52 import sun.security.util.HexDumpEncoder; |
|
53 |
44 |
54 /** |
45 /** |
55 * <p> |
46 * <p> |
56 * An implementation for X509 CRL (Certificate Revocation List). |
47 * An implementation for X509 CRL (Certificate Revocation List). |
57 * <p> |
48 * <p> |
382 if (sigProvider.length() == 0) { |
373 if (sigProvider.length() == 0) { |
383 sigVerf = Signature.getInstance(sigAlgId.getName()); |
374 sigVerf = Signature.getInstance(sigAlgId.getName()); |
384 } else { |
375 } else { |
385 sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider); |
376 sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider); |
386 } |
377 } |
|
378 |
387 sigVerf.initVerify(key); |
379 sigVerf.initVerify(key); |
|
380 |
|
381 // set parameters after Signature.initSign/initVerify call, |
|
382 // so the deferred provider selection happens when key is set |
|
383 try { |
|
384 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams()); |
|
385 } catch (ProviderException e) { |
|
386 throw new CRLException(e.getMessage(), e.getCause()); |
|
387 } catch (InvalidAlgorithmParameterException e) { |
|
388 throw new CRLException(e); |
|
389 } |
388 |
390 |
389 if (tbsCertList == null) { |
391 if (tbsCertList == null) { |
390 throw new CRLException("Uninitialized CRL"); |
392 throw new CRLException("Uninitialized CRL"); |
391 } |
393 } |
392 |
394 |
426 if (sigProvider == null) { |
428 if (sigProvider == null) { |
427 sigVerf = Signature.getInstance(sigAlgId.getName()); |
429 sigVerf = Signature.getInstance(sigAlgId.getName()); |
428 } else { |
430 } else { |
429 sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider); |
431 sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider); |
430 } |
432 } |
|
433 |
431 sigVerf.initVerify(key); |
434 sigVerf.initVerify(key); |
|
435 |
|
436 // set parameters after Signature.initSign/initVerify call, |
|
437 // so the deferred provider selection happens when key is set |
|
438 try { |
|
439 SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams()); |
|
440 } catch (ProviderException e) { |
|
441 throw new CRLException(e.getMessage(), e.getCause()); |
|
442 } catch (InvalidAlgorithmParameterException e) { |
|
443 throw new CRLException(e); |
|
444 } |
432 |
445 |
433 if (tbsCertList == null) { |
446 if (tbsCertList == null) { |
434 throw new CRLException("Uninitialized CRL"); |
447 throw new CRLException("Uninitialized CRL"); |
435 } |
448 } |
436 |
449 |