< prev index next >

src/java.base/share/classes/java/security/Signature.java

Print this page

        

@@ -38,12 +38,10 @@
 
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.BadPaddingException;
 import javax.crypto.NoSuchPaddingException;
-import jdk.internal.access.JavaSecuritySignatureAccess;
-import jdk.internal.access.SharedSecrets;
 
 import sun.security.util.Debug;
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
 

@@ -118,38 +116,10 @@
  *
  */
 
 public abstract class Signature extends SignatureSpi {
 
-    static {
-        SharedSecrets.setJavaSecuritySignatureAccess(
-            new JavaSecuritySignatureAccess() {
-                @Override
-                public void initVerify(Signature s, PublicKey publicKey,
-                        AlgorithmParameterSpec params)
-                        throws InvalidKeyException,
-                        InvalidAlgorithmParameterException {
-                    s.initVerify(publicKey, params);
-                }
-                @Override
-                public void initVerify(Signature s,
-                        java.security.cert.Certificate certificate,
-                        AlgorithmParameterSpec params)
-                        throws InvalidKeyException,
-                        InvalidAlgorithmParameterException {
-                    s.initVerify(certificate, params);
-                }
-                @Override
-                public void initSign(Signature s, PrivateKey privateKey,
-                        AlgorithmParameterSpec params, SecureRandom random)
-                        throws InvalidKeyException,
-                        InvalidAlgorithmParameterException {
-                    s.initSign(privateKey, params, random);
-                }
-        });
-    }
-
     private static final Debug debug =
                         Debug.getInstance("jca", "Signature");
 
     private static final Debug pdebug =
                         Debug.getInstance("provider", "Provider");

@@ -510,57 +480,10 @@
                 " verification algorithm from: " + getProviderName());
         }
     }
 
     /**
-     * Initialize this object for verification. If this method is called
-     * again with different arguments, it negates the effect
-     * of this call.
-     *
-     * @param publicKey the public key of the identity whose signature is
-     * going to be verified.
-     * @param params the parameters used for verifying this signature.
-     *
-     * @exception InvalidKeyException if the key is invalid.
-     * @exception InvalidAlgorithmParameterException if the params is invalid.
-     */
-    final void initVerify(PublicKey publicKey, AlgorithmParameterSpec params)
-            throws InvalidKeyException, InvalidAlgorithmParameterException {
-        engineInitVerify(publicKey, params);
-        state = VERIFY;
-
-        if (!skipDebug && pdebug != null) {
-            pdebug.println("Signature." + algorithm +
-                " verification algorithm from: " + getProviderName());
-        }
-    }
-
-    private static PublicKey getPublicKeyFromCert(Certificate cert)
-            throws InvalidKeyException {
-        // If the certificate is of type X509Certificate,
-        // we should check whether it has a Key Usage
-        // extension marked as critical.
-        //if (cert instanceof java.security.cert.X509Certificate) {
-        if (cert instanceof X509Certificate) {
-            // Check whether the cert has a key usage extension
-            // marked as a critical extension.
-            // The OID for KeyUsage extension is 2.5.29.15.
-            X509Certificate c = (X509Certificate)cert;
-            Set<String> critSet = c.getCriticalExtensionOIDs();
-
-            if (critSet != null && !critSet.isEmpty()
-                && critSet.contains("2.5.29.15")) {
-                boolean[] keyUsageInfo = c.getKeyUsage();
-                // keyUsageInfo[0] is for digitalSignature.
-                if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
-                    throw new InvalidKeyException("Wrong key usage");
-            }
-        }
-        return cert.getPublicKey();
-    }
-
-    /**
      * Initializes this object for verification, using the public key from
      * the given certificate.
      * <p>If the certificate is of type X.509 and has a <i>key usage</i>
      * extension field marked as critical, and the value of the <i>key usage</i>
      * extension field implies that the public key in

@@ -576,44 +499,31 @@
      * information or cannot be used for digital signature purposes.
      * @since 1.3
      */
     public final void initVerify(Certificate certificate)
             throws InvalidKeyException {
-        engineInitVerify(getPublicKeyFromCert(certificate));
-        state = VERIFY;
+        // If the certificate is of type X509Certificate,
+        // we should check whether it has a Key Usage
+        // extension marked as critical.
+        if (certificate instanceof java.security.cert.X509Certificate) {
+            // Check whether the cert has a key usage extension
+            // marked as a critical extension.
+            // The OID for KeyUsage extension is 2.5.29.15.
+            X509Certificate cert = (X509Certificate)certificate;
+            Set<String> critSet = cert.getCriticalExtensionOIDs();
 
-        if (!skipDebug && pdebug != null) {
-            pdebug.println("Signature." + algorithm +
-                " verification algorithm from: " + getProviderName());
+            if (critSet != null && !critSet.isEmpty()
+                && critSet.contains("2.5.29.15")) {
+                boolean[] keyUsageInfo = cert.getKeyUsage();
+                // keyUsageInfo[0] is for digitalSignature.
+                if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
+                    throw new InvalidKeyException("Wrong key usage");
+            }
         }
-    }
 
-    /**
-     * Initializes this object for verification, using the public key from
-     * the given certificate.
-     * <p>If the certificate is of type X.509 and has a <i>key usage</i>
-     * extension field marked as critical, and the value of the <i>key usage</i>
-     * extension field implies that the public key in
-     * the certificate and its corresponding private key are not
-     * supposed to be used for digital signatures, an
-     * {@code InvalidKeyException} is thrown.
-     *
-     * @param certificate the certificate of the identity whose signature is
-     * going to be verified.
-     * @param params the parameters used for verifying this signature.
-     *
-     * @exception InvalidKeyException  if the public key in the certificate
-     * is not encoded properly or does not include required  parameter
-     * information or cannot be used for digital signature purposes.
-     * @exception InvalidAlgorithmParameterException if the params is invalid.
-     *
-     * @since 13
-     */
-    final void initVerify(Certificate certificate,
-            AlgorithmParameterSpec params)
-            throws InvalidKeyException, InvalidAlgorithmParameterException {
-        engineInitVerify(getPublicKeyFromCert(certificate), params);
+        PublicKey publicKey = certificate.getPublicKey();
+        engineInitVerify(publicKey);
         state = VERIFY;
 
         if (!skipDebug && pdebug != null) {
             pdebug.println("Signature." + algorithm +
                 " verification algorithm from: " + getProviderName());

@@ -663,35 +573,10 @@
                 " signing algorithm from: " + getProviderName());
         }
     }
 
     /**
-     * Initialize this object for signing. If this method is called
-     * again with different arguments, it negates the effect
-     * of this call.
-     *
-     * @param privateKey the private key of the identity whose signature
-     * is going to be generated.
-     * @param params the parameters used for generating signature.
-     * @param random the source of randomness for this signature.
-     *
-     * @exception InvalidKeyException if the key is invalid.
-     * @exception InvalidAlgorithmParameterException if the params is invalid
-     */
-    final void initSign(PrivateKey privateKey,
-            AlgorithmParameterSpec params, SecureRandom random)
-            throws InvalidKeyException, InvalidAlgorithmParameterException {
-        engineInitSign(privateKey, params, random);
-        state = SIGN;
-
-        if (!skipDebug && pdebug != null) {
-            pdebug.println("Signature." + algorithm +
-                " signing algorithm from: " + getProviderName());
-        }
-    }
-
-    /**
      * Returns the signature bytes of all the data updated.
      * The format of the signature depends on the underlying
      * signature scheme.
      *
      * <p>A call to this method resets this signature object to the state

@@ -1223,17 +1108,15 @@
                 }
                 throw e;
             }
         }
 
-        // Used by engineSetParameter/engineInitSign/engineInitVerify() to
-        // find the right provider with the supplied key, parameters, random source
-        private void chooseProvider(int type, Key key,
-                AlgorithmParameterSpec params, SecureRandom random)
-                throws InvalidKeyException, InvalidAlgorithmParameterException {
+        private void chooseProvider(int type, Key key, SecureRandom random)
+                throws InvalidKeyException {
             synchronized (lock) {
                 if (sigSpi != null) {
+                    init(sigSpi, type, key, random);
                     return;
                 }
                 Exception lastException = null;
                 while ((firstService != null) || serviceIterator.hasNext()) {
                     Service s;

@@ -1242,20 +1125,20 @@
                         firstService = null;
                     } else {
                         s = serviceIterator.next();
                     }
                     // if provider says it does not support this key, ignore it
-                    if (key != null && s.supportsParameter(key) == false) {
+                    if (s.supportsParameter(key) == false) {
                         continue;
                     }
                     // if instance is not a SignatureSpi, ignore it
                     if (isSpi(s) == false) {
                         continue;
                     }
                     try {
                         SignatureSpi spi = newInstance(s);
-                        tryOperation(spi, type, key, params, random);
+                        init(spi, type, key, random);
                         provider = s.getProvider();
                         sigSpi = spi;
                         firstService = null;
                         serviceIterator = null;
                         return;

@@ -1273,114 +1156,62 @@
                     throw (InvalidKeyException)lastException;
                 }
                 if (lastException instanceof RuntimeException) {
                     throw (RuntimeException)lastException;
                 }
-                if (lastException instanceof InvalidAlgorithmParameterException) {
-                    throw (InvalidAlgorithmParameterException)lastException;
-                }
-
                 String k = (key != null) ? key.getClass().getName() : "(null)";
                 throw new InvalidKeyException
                     ("No installed provider supports this key: "
                     + k, lastException);
             }
         }
 
-        private static final int I_PUB           = 1;
-        private static final int I_PRIV          = 2;
-        private static final int I_PRIV_SR       = 3;
-        private static final int I_PUB_PARAM     = 4;
-        private static final int I_PRIV_PARAM_SR = 5;
-        private static final int S_PARAM         = 6;
-
-        private void tryOperation(SignatureSpi spi, int type, Key  key,
-                AlgorithmParameterSpec params, SecureRandom random)
-                throws InvalidKeyException, InvalidAlgorithmParameterException {
+        private static final int I_PUB     = 1;
+        private static final int I_PRIV    = 2;
+        private static final int I_PRIV_SR = 3;
+
+        private void init(SignatureSpi spi, int type, Key  key,
+                SecureRandom random) throws InvalidKeyException {
             switch (type) {
             case I_PUB:
                 spi.engineInitVerify((PublicKey)key);
                 break;
-            case I_PUB_PARAM:
-                spi.engineInitVerify((PublicKey)key, params);
-                break;
             case I_PRIV:
                 spi.engineInitSign((PrivateKey)key);
                 break;
             case I_PRIV_SR:
                 spi.engineInitSign((PrivateKey)key, random);
                 break;
-            case I_PRIV_PARAM_SR:
-                spi.engineInitSign((PrivateKey)key, params, random);
-                break;
-            case S_PARAM:
-                spi.engineSetParameter(params);
-                break;
             default:
                 throw new AssertionError("Internal error: " + type);
             }
         }
 
         protected void engineInitVerify(PublicKey publicKey)
                 throws InvalidKeyException {
             if (sigSpi != null) {
                 sigSpi.engineInitVerify(publicKey);
             } else {
-                try {
-                    chooseProvider(I_PUB, publicKey, null, null);
-                } catch (InvalidAlgorithmParameterException iape) {
-                    // should not happen, re-throw as IKE just in case
-                    throw new InvalidKeyException(iape);
-                }
-            }
-        }
-
-        void engineInitVerify(PublicKey publicKey,
-                AlgorithmParameterSpec params)
-                throws InvalidKeyException, InvalidAlgorithmParameterException {
-            if (sigSpi != null) {
-                sigSpi.engineInitVerify(publicKey, params);
-            } else {
-                chooseProvider(I_PUB_PARAM, publicKey, params, null);
+                chooseProvider(I_PUB, publicKey, null);
             }
         }
 
         protected void engineInitSign(PrivateKey privateKey)
                 throws InvalidKeyException {
             if (sigSpi != null) {
                 sigSpi.engineInitSign(privateKey);
             } else {
-                try {
-                    chooseProvider(I_PRIV, privateKey, null, null);
-                } catch (InvalidAlgorithmParameterException iape) {
-                    // should not happen, re-throw as IKE just in case
-                    throw new InvalidKeyException(iape);
-                }
+                chooseProvider(I_PRIV, privateKey, null);
             }
         }
 
         protected void engineInitSign(PrivateKey privateKey, SecureRandom sr)
                 throws InvalidKeyException {
             if (sigSpi != null) {
                 sigSpi.engineInitSign(privateKey, sr);
             } else {
-                try {
-                    chooseProvider(I_PRIV_SR, privateKey, null, sr);
-                } catch (InvalidAlgorithmParameterException iape) {
-                    // should not happen, re-throw as IKE just in case
-                    throw new InvalidKeyException(iape);
-                }
-            }
-        }
-
-        void engineInitSign(PrivateKey privateKey,
-                AlgorithmParameterSpec params, SecureRandom sr)
-                throws InvalidKeyException, InvalidAlgorithmParameterException {
-            if (sigSpi != null) {
-                sigSpi.engineInitSign(privateKey, params, sr);
-            } else {
-                chooseProvider(I_PRIV_PARAM_SR, privateKey, params, sr);
+                chooseProvider(I_PRIV_SR, privateKey, sr);
             }
         }
 
         protected void engineUpdate(byte b) throws SignatureException {
             chooseFirstProvider();

@@ -1427,20 +1258,12 @@
             sigSpi.engineSetParameter(param, value);
         }
 
         protected void engineSetParameter(AlgorithmParameterSpec params)
                 throws InvalidAlgorithmParameterException {
-            if (sigSpi != null) {
-                sigSpi.engineSetParameter(params);
-            } else {
-                try {
-                    chooseProvider(S_PARAM, null, params, null);
-                } catch (InvalidKeyException ike) {
-                    // should never happen, rethrow just in case
-                    throw new InvalidAlgorithmParameterException(ike);
-                }
-            }
+            chooseFirstProvider();
+            sigSpi.engineSetParameter(params);
         }
 
         protected Object engineGetParameter(String param)
                 throws InvalidParameterException {
             chooseFirstProvider();
< prev index next >