|
1 /* |
|
2 * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Sun designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Sun in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
|
22 * CA 95054 USA or visit www.sun.com if you need additional information or |
|
23 * have any questions. |
|
24 */ |
|
25 |
|
26 package java.security; |
|
27 |
|
28 import java.security.spec.AlgorithmParameterSpec; |
|
29 import java.util.*; |
|
30 import java.io.*; |
|
31 |
|
32 import java.nio.ByteBuffer; |
|
33 |
|
34 import sun.security.jca.JCAUtil; |
|
35 |
|
36 /** |
|
37 * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) |
|
38 * for the <code>Signature</code> class, which is used to provide the |
|
39 * functionality of a digital signature algorithm. Digital signatures are used |
|
40 * for authentication and integrity assurance of digital data. |
|
41 *. |
|
42 * <p> All the abstract methods in this class must be implemented by each |
|
43 * cryptographic service provider who wishes to supply the implementation |
|
44 * of a particular signature algorithm. |
|
45 * |
|
46 * @author Benjamin Renaud |
|
47 * |
|
48 * |
|
49 * @see Signature |
|
50 */ |
|
51 |
|
52 public abstract class SignatureSpi { |
|
53 |
|
54 /** |
|
55 * Application-specified source of randomness. |
|
56 */ |
|
57 protected SecureRandom appRandom = null; |
|
58 |
|
59 /** |
|
60 * Initializes this signature object with the specified |
|
61 * public key for verification operations. |
|
62 * |
|
63 * @param publicKey the public key of the identity whose signature is |
|
64 * going to be verified. |
|
65 * |
|
66 * @exception InvalidKeyException if the key is improperly |
|
67 * encoded, parameters are missing, and so on. |
|
68 */ |
|
69 protected abstract void engineInitVerify(PublicKey publicKey) |
|
70 throws InvalidKeyException; |
|
71 |
|
72 /** |
|
73 * Initializes this signature object with the specified |
|
74 * private key for signing operations. |
|
75 * |
|
76 * @param privateKey the private key of the identity whose signature |
|
77 * will be generated. |
|
78 * |
|
79 * @exception InvalidKeyException if the key is improperly |
|
80 * encoded, parameters are missing, and so on. |
|
81 */ |
|
82 protected abstract void engineInitSign(PrivateKey privateKey) |
|
83 throws InvalidKeyException; |
|
84 |
|
85 /** |
|
86 * Initializes this signature object with the specified |
|
87 * private key and source of randomness for signing operations. |
|
88 * |
|
89 * <p>This concrete method has been added to this previously-defined |
|
90 * abstract class. (For backwards compatibility, it cannot be abstract.) |
|
91 * |
|
92 * @param privateKey the private key of the identity whose signature |
|
93 * will be generated. |
|
94 * @param random the source of randomness |
|
95 * |
|
96 * @exception InvalidKeyException if the key is improperly |
|
97 * encoded, parameters are missing, and so on. |
|
98 */ |
|
99 protected void engineInitSign(PrivateKey privateKey, |
|
100 SecureRandom random) |
|
101 throws InvalidKeyException { |
|
102 this.appRandom = random; |
|
103 engineInitSign(privateKey); |
|
104 } |
|
105 |
|
106 /** |
|
107 * Updates the data to be signed or verified |
|
108 * using the specified byte. |
|
109 * |
|
110 * @param b the byte to use for the update. |
|
111 * |
|
112 * @exception SignatureException if the engine is not initialized |
|
113 * properly. |
|
114 */ |
|
115 protected abstract void engineUpdate(byte b) throws SignatureException; |
|
116 |
|
117 /** |
|
118 * Updates the data to be signed or verified, using the |
|
119 * specified array of bytes, starting at the specified offset. |
|
120 * |
|
121 * @param b the array of bytes |
|
122 * @param off the offset to start from in the array of bytes |
|
123 * @param len the number of bytes to use, starting at offset |
|
124 * |
|
125 * @exception SignatureException if the engine is not initialized |
|
126 * properly |
|
127 */ |
|
128 protected abstract void engineUpdate(byte[] b, int off, int len) |
|
129 throws SignatureException; |
|
130 |
|
131 /** |
|
132 * Updates the data to be signed or verified using the specified |
|
133 * ByteBuffer. Processes the <code>data.remaining()</code> bytes |
|
134 * starting at at <code>data.position()</code>. |
|
135 * Upon return, the buffer's position will be equal to its limit; |
|
136 * its limit will not have changed. |
|
137 * |
|
138 * @param input the ByteBuffer |
|
139 * @since 1.5 |
|
140 */ |
|
141 protected void engineUpdate(ByteBuffer input) { |
|
142 if (input.hasRemaining() == false) { |
|
143 return; |
|
144 } |
|
145 try { |
|
146 if (input.hasArray()) { |
|
147 byte[] b = input.array(); |
|
148 int ofs = input.arrayOffset(); |
|
149 int pos = input.position(); |
|
150 int lim = input.limit(); |
|
151 engineUpdate(b, ofs + pos, lim - pos); |
|
152 input.position(lim); |
|
153 } else { |
|
154 int len = input.remaining(); |
|
155 byte[] b = new byte[JCAUtil.getTempArraySize(len)]; |
|
156 while (len > 0) { |
|
157 int chunk = Math.min(len, b.length); |
|
158 input.get(b, 0, chunk); |
|
159 engineUpdate(b, 0, chunk); |
|
160 len -= chunk; |
|
161 } |
|
162 } |
|
163 } catch (SignatureException e) { |
|
164 // is specified to only occur when the engine is not initialized |
|
165 // this case should never occur as it is caught in Signature.java |
|
166 throw new ProviderException("update() failed", e); |
|
167 } |
|
168 } |
|
169 |
|
170 /** |
|
171 * Returns the signature bytes of all the data |
|
172 * updated so far. |
|
173 * The format of the signature depends on the underlying |
|
174 * signature scheme. |
|
175 * |
|
176 * @return the signature bytes of the signing operation's result. |
|
177 * |
|
178 * @exception SignatureException if the engine is not |
|
179 * initialized properly or if this signature algorithm is unable to |
|
180 * process the input data provided. |
|
181 */ |
|
182 protected abstract byte[] engineSign() throws SignatureException; |
|
183 |
|
184 /** |
|
185 * Finishes this signature operation and stores the resulting signature |
|
186 * bytes in the provided buffer <code>outbuf</code>, starting at |
|
187 * <code>offset</code>. |
|
188 * The format of the signature depends on the underlying |
|
189 * signature scheme. |
|
190 * |
|
191 * <p>The signature implementation is reset to its initial state |
|
192 * (the state it was in after a call to one of the |
|
193 * <code>engineInitSign</code> methods) |
|
194 * and can be reused to generate further signatures with the same private |
|
195 * key. |
|
196 * |
|
197 * This method should be abstract, but we leave it concrete for |
|
198 * binary compatibility. Knowledgeable providers should override this |
|
199 * method. |
|
200 * |
|
201 * @param outbuf buffer for the signature result. |
|
202 * |
|
203 * @param offset offset into <code>outbuf</code> where the signature is |
|
204 * stored. |
|
205 * |
|
206 * @param len number of bytes within <code>outbuf</code> allotted for the |
|
207 * signature. |
|
208 * Both this default implementation and the SUN provider do not |
|
209 * return partial digests. If the value of this parameter is less |
|
210 * than the actual signature length, this method will throw a |
|
211 * SignatureException. |
|
212 * This parameter is ignored if its value is greater than or equal to |
|
213 * the actual signature length. |
|
214 * |
|
215 * @return the number of bytes placed into <code>outbuf</code> |
|
216 * |
|
217 * @exception SignatureException if the engine is not |
|
218 * initialized properly, if this signature algorithm is unable to |
|
219 * process the input data provided, or if <code>len</code> is less |
|
220 * than the actual signature length. |
|
221 * |
|
222 * @since 1.2 |
|
223 */ |
|
224 protected int engineSign(byte[] outbuf, int offset, int len) |
|
225 throws SignatureException { |
|
226 byte[] sig = engineSign(); |
|
227 if (len < sig.length) { |
|
228 throw new SignatureException |
|
229 ("partial signatures not returned"); |
|
230 } |
|
231 if (outbuf.length - offset < sig.length) { |
|
232 throw new SignatureException |
|
233 ("insufficient space in the output buffer to store the " |
|
234 + "signature"); |
|
235 } |
|
236 System.arraycopy(sig, 0, outbuf, offset, sig.length); |
|
237 return sig.length; |
|
238 } |
|
239 |
|
240 /** |
|
241 * Verifies the passed-in signature. |
|
242 * |
|
243 * @param sigBytes the signature bytes to be verified. |
|
244 * |
|
245 * @return true if the signature was verified, false if not. |
|
246 * |
|
247 * @exception SignatureException if the engine is not |
|
248 * initialized properly, the passed-in signature is improperly |
|
249 * encoded or of the wrong type, if this signature algorithm is unable to |
|
250 * process the input data provided, etc. |
|
251 */ |
|
252 protected abstract boolean engineVerify(byte[] sigBytes) |
|
253 throws SignatureException; |
|
254 |
|
255 /** |
|
256 * Verifies the passed-in signature in the specified array |
|
257 * of bytes, starting at the specified offset. |
|
258 * |
|
259 * <p> Note: Subclasses should overwrite the default implementation. |
|
260 * |
|
261 * |
|
262 * @param sigBytes the signature bytes to be verified. |
|
263 * @param offset the offset to start from in the array of bytes. |
|
264 * @param length the number of bytes to use, starting at offset. |
|
265 * |
|
266 * @return true if the signature was verified, false if not. |
|
267 * |
|
268 * @exception SignatureException if the engine is not |
|
269 * initialized properly, the passed-in signature is improperly |
|
270 * encoded or of the wrong type, if this signature algorithm is unable to |
|
271 * process the input data provided, etc. |
|
272 * @since 1.4 |
|
273 */ |
|
274 protected boolean engineVerify(byte[] sigBytes, int offset, int length) |
|
275 throws SignatureException { |
|
276 byte[] sigBytesCopy = new byte[length]; |
|
277 System.arraycopy(sigBytes, offset, sigBytesCopy, 0, length); |
|
278 return engineVerify(sigBytesCopy); |
|
279 } |
|
280 |
|
281 /** |
|
282 * Sets the specified algorithm parameter to the specified |
|
283 * value. This method supplies a general-purpose mechanism through |
|
284 * which it is possible to set the various parameters of this object. |
|
285 * A parameter may be any settable parameter for the algorithm, such as |
|
286 * a parameter size, or a source of random bits for signature generation |
|
287 * (if appropriate), or an indication of whether or not to perform |
|
288 * a specific but optional computation. A uniform algorithm-specific |
|
289 * naming scheme for each parameter is desirable but left unspecified |
|
290 * at this time. |
|
291 * |
|
292 * @param param the string identifier of the parameter. |
|
293 * |
|
294 * @param value the parameter value. |
|
295 * |
|
296 * @exception InvalidParameterException if <code>param</code> is an |
|
297 * invalid parameter for this signature algorithm engine, |
|
298 * the parameter is already set |
|
299 * and cannot be set again, a security exception occurs, and so on. |
|
300 * |
|
301 * @deprecated Replaced by {@link |
|
302 * #engineSetParameter(java.security.spec.AlgorithmParameterSpec) |
|
303 * engineSetParameter}. |
|
304 */ |
|
305 @Deprecated |
|
306 protected abstract void engineSetParameter(String param, Object value) |
|
307 throws InvalidParameterException; |
|
308 |
|
309 /** |
|
310 * <p>This method is overridden by providers to initialize |
|
311 * this signature engine with the specified parameter set. |
|
312 * |
|
313 * @param params the parameters |
|
314 * |
|
315 * @exception UnsupportedOperationException if this method is not |
|
316 * overridden by a provider |
|
317 * |
|
318 * @exception InvalidAlgorithmParameterException if this method is |
|
319 * overridden by a provider and the the given parameters |
|
320 * are inappropriate for this signature engine |
|
321 */ |
|
322 protected void engineSetParameter(AlgorithmParameterSpec params) |
|
323 throws InvalidAlgorithmParameterException { |
|
324 throw new UnsupportedOperationException(); |
|
325 } |
|
326 |
|
327 /** |
|
328 * <p>This method is overridden by providers to return the |
|
329 * parameters used with this signature engine, or null |
|
330 * if this signature engine does not use any parameters. |
|
331 * |
|
332 * <p>The returned parameters may be the same that were used to initialize |
|
333 * this signature engine, or may contain a combination of default and |
|
334 * randomly generated parameter values used by the underlying signature |
|
335 * implementation if this signature engine requires algorithm parameters |
|
336 * but was not initialized with any. |
|
337 * |
|
338 * @return the parameters used with this signature engine, or null if this |
|
339 * signature engine does not use any parameters |
|
340 * |
|
341 * @exception UnsupportedOperationException if this method is |
|
342 * not overridden by a provider |
|
343 * @since 1.4 |
|
344 */ |
|
345 protected AlgorithmParameters engineGetParameters() { |
|
346 throw new UnsupportedOperationException(); |
|
347 } |
|
348 |
|
349 /** |
|
350 * Gets the value of the specified algorithm parameter. |
|
351 * This method supplies a general-purpose mechanism through which it |
|
352 * is possible to get the various parameters of this object. A parameter |
|
353 * may be any settable parameter for the algorithm, such as a parameter |
|
354 * size, or a source of random bits for signature generation (if |
|
355 * appropriate), or an indication of whether or not to perform a |
|
356 * specific but optional computation. A uniform algorithm-specific |
|
357 * naming scheme for each parameter is desirable but left unspecified |
|
358 * at this time. |
|
359 * |
|
360 * @param param the string name of the parameter. |
|
361 * |
|
362 * @return the object that represents the parameter value, or null if |
|
363 * there is none. |
|
364 * |
|
365 * @exception InvalidParameterException if <code>param</code> is an |
|
366 * invalid parameter for this engine, or another exception occurs while |
|
367 * trying to get this parameter. |
|
368 * |
|
369 * @deprecated |
|
370 */ |
|
371 @Deprecated |
|
372 protected abstract Object engineGetParameter(String param) |
|
373 throws InvalidParameterException; |
|
374 |
|
375 /** |
|
376 * Returns a clone if the implementation is cloneable. |
|
377 * |
|
378 * @return a clone if the implementation is cloneable. |
|
379 * |
|
380 * @exception CloneNotSupportedException if this is called |
|
381 * on an implementation that does not support <code>Cloneable</code>. |
|
382 */ |
|
383 public Object clone() throws CloneNotSupportedException { |
|
384 if (this instanceof Cloneable) { |
|
385 return super.clone(); |
|
386 } else { |
|
387 throw new CloneNotSupportedException(); |
|
388 } |
|
389 } |
|
390 } |