27 |
27 |
28 import java.io.IOException; |
28 import java.io.IOException; |
29 import java.security.*; |
29 import java.security.*; |
30 import java.security.spec.*; |
30 import java.security.spec.*; |
31 import sun.security.rsa.RSAUtil; |
31 import sun.security.rsa.RSAUtil; |
|
32 import jdk.internal.access.SharedSecrets; |
32 |
33 |
33 /** |
34 /** |
34 * Utility class for Signature related operations. Currently used by various |
35 * Utility class for Signature related operations. Currently used by various |
35 * internal PKI classes such as sun.security.x509.X509CertImpl, |
36 * internal PKI classes such as sun.security.x509.X509CertImpl, |
36 * sun.security.pkcs.SignerInfo, for setting signature parameters. |
37 * sun.security.pkcs.SignerInfo, for setting signature parameters. |
37 * |
38 * |
38 * @since 11 |
39 * @since 11 |
39 */ |
40 */ |
40 public class SignatureUtil { |
41 public class SignatureUtil { |
41 |
42 |
|
43 private static String checkName(String algName) throws ProviderException { |
|
44 if (algName.indexOf(".") == -1) { |
|
45 return algName; |
|
46 } |
|
47 // convert oid to String |
|
48 try { |
|
49 return Signature.getInstance(algName).getAlgorithm(); |
|
50 } catch (Exception e) { |
|
51 throw new ProviderException("Error mapping algorithm name", e); |
|
52 } |
|
53 } |
|
54 |
42 // Utility method of creating an AlgorithmParameters object with |
55 // Utility method of creating an AlgorithmParameters object with |
43 // the specified algorithm name and encoding |
56 // the specified algorithm name and encoding |
44 private static AlgorithmParameters createAlgorithmParameters(String algName, |
57 private static AlgorithmParameters createAlgorithmParameters(String algName, |
45 byte[] paramBytes) throws ProviderException { |
58 byte[] paramBytes) throws ProviderException { |
46 |
59 |
47 try { |
60 try { |
|
61 algName = checkName(algName); |
48 AlgorithmParameters result = |
62 AlgorithmParameters result = |
49 AlgorithmParameters.getInstance(algName); |
63 AlgorithmParameters.getInstance(algName); |
50 result.init(paramBytes); |
64 result.init(paramBytes); |
51 return result; |
65 return result; |
52 } catch (NoSuchAlgorithmException | IOException e) { |
66 } catch (NoSuchAlgorithmException | IOException e) { |
53 throw new ProviderException(e); |
67 throw new ProviderException(e); |
54 } |
68 } |
55 } |
69 } |
56 |
70 |
57 private static AlgorithmParameterSpec getParamSpec(String sigName, |
71 // Utility method for converting the specified AlgorithmParameters object |
|
72 // into an AlgorithmParameterSpec object. |
|
73 public static AlgorithmParameterSpec getParamSpec(String sigName, |
58 AlgorithmParameters params) |
74 AlgorithmParameters params) |
59 throws InvalidAlgorithmParameterException, ProviderException { |
75 throws ProviderException { |
60 |
76 |
61 if (params == null) return null; |
77 sigName = checkName(sigName); |
62 |
78 AlgorithmParameterSpec paramSpec = null; |
63 if (sigName.toUpperCase().indexOf("RSA") == -1) { |
79 if (params != null) { |
64 throw new ProviderException |
80 if (sigName.toUpperCase().indexOf("RSA") == -1) { |
65 ("Unrecognized algorithm for signature parameters " + |
81 throw new ProviderException |
66 sigName); |
82 ("Unrecognized algorithm for signature parameters " + |
|
83 sigName); |
|
84 } |
|
85 // AlgorithmParameters.getAlgorithm() may returns oid if it's |
|
86 // created during DER decoding. Convert to use the standard name |
|
87 // before passing it to RSAUtil |
|
88 if (params.getAlgorithm().indexOf(".") != -1) { |
|
89 try { |
|
90 params = createAlgorithmParameters(sigName, |
|
91 params.getEncoded()); |
|
92 } catch (IOException e) { |
|
93 throw new ProviderException(e); |
|
94 } |
|
95 } |
|
96 paramSpec = RSAUtil.getParamSpec(params); |
67 } |
97 } |
68 // AlgorithmParameters.getAlgorithm() may returns oid if it's |
98 return paramSpec; |
69 // created during DER decoding. Convert to use the standard name |
|
70 // before passing it to RSAUtil |
|
71 String alg = params.getAlgorithm(); |
|
72 if (alg.equalsIgnoreCase(sigName) || alg.indexOf(".") != -1) { |
|
73 try { |
|
74 params = createAlgorithmParameters(sigName, |
|
75 params.getEncoded()); |
|
76 } catch (IOException e) { |
|
77 throw new ProviderException(e); |
|
78 } |
|
79 } |
|
80 return RSAUtil.getParamSpec(params); |
|
81 } |
99 } |
82 |
100 |
83 // Special method for setting the specified parameter bytes into the |
101 // Utility method for converting the specified parameter bytes into an |
84 // specified Signature object as signature parameters. |
102 // AlgorithmParameterSpec object. |
85 public static void specialSetParameter(Signature sig, byte[] paramBytes) |
103 public static AlgorithmParameterSpec getParamSpec(String sigName, |
86 throws InvalidAlgorithmParameterException, ProviderException { |
104 byte[] paramBytes) |
|
105 throws ProviderException { |
|
106 sigName = checkName(sigName); |
|
107 AlgorithmParameterSpec paramSpec = null; |
87 if (paramBytes != null) { |
108 if (paramBytes != null) { |
88 String sigName = sig.getAlgorithm(); |
109 if (sigName.toUpperCase().indexOf("RSA") == -1) { |
|
110 throw new ProviderException |
|
111 ("Unrecognized algorithm for signature parameters " + |
|
112 sigName); |
|
113 } |
89 AlgorithmParameters params = |
114 AlgorithmParameters params = |
90 createAlgorithmParameters(sigName, paramBytes); |
115 createAlgorithmParameters(sigName, paramBytes); |
91 specialSetParameter(sig, params); |
116 paramSpec = RSAUtil.getParamSpec(params); |
92 } |
117 } |
|
118 return paramSpec; |
93 } |
119 } |
94 |
120 |
95 // Special method for setting the specified AlgorithmParameter object |
121 // Utility method for initializing the specified Signature object |
96 // into the specified Signature object as signature parameters. |
122 // for verification with the specified key and params (may be null) |
97 public static void specialSetParameter(Signature sig, |
123 public static void initVerifyWithParam(Signature s, PublicKey key, |
98 AlgorithmParameters params) |
124 AlgorithmParameterSpec params) |
99 throws InvalidAlgorithmParameterException, ProviderException { |
125 throws ProviderException, InvalidAlgorithmParameterException, |
100 if (params != null) { |
126 InvalidKeyException { |
101 String sigName = sig.getAlgorithm(); |
127 SharedSecrets.getJavaSecuritySignatureAccess().initVerify(s, key, params); |
102 sig.setParameter(getParamSpec(sigName, params)); |
128 } |
103 } |
129 |
|
130 // Utility method for initializing the specified Signature object |
|
131 // for verification with the specified Certificate and params (may be null) |
|
132 public static void initVerifyWithParam(Signature s, |
|
133 java.security.cert.Certificate cert, |
|
134 AlgorithmParameterSpec params) |
|
135 throws ProviderException, InvalidAlgorithmParameterException, |
|
136 InvalidKeyException { |
|
137 SharedSecrets.getJavaSecuritySignatureAccess().initVerify(s, cert, params); |
|
138 } |
|
139 |
|
140 // Utility method for initializing the specified Signature object |
|
141 // for signing with the specified key and params (may be null) |
|
142 public static void initSignWithParam(Signature s, PrivateKey key, |
|
143 AlgorithmParameterSpec params, SecureRandom sr) |
|
144 throws ProviderException, InvalidAlgorithmParameterException, |
|
145 InvalidKeyException { |
|
146 SharedSecrets.getJavaSecuritySignatureAccess().initSign(s, key, params, sr); |
104 } |
147 } |
105 } |
148 } |