< prev index next >

src/java.base/share/classes/java/security/SignatureSpi.java

Print this page


   1 /*
   2  * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  55     /**
  56      * Application-specified source of randomness.
  57      */
  58     protected SecureRandom appRandom = null;
  59 
  60     /**
  61      * Initializes this signature object with the specified
  62      * public key for verification operations.
  63      *
  64      * @param publicKey the public key of the identity whose signature is
  65      * going to be verified.
  66      *
  67      * @exception InvalidKeyException if the key is improperly
  68      * encoded, parameters are missing, and so on.
  69      */
  70     protected abstract void engineInitVerify(PublicKey publicKey)
  71         throws InvalidKeyException;
  72 
  73     /**
  74      * Initializes this signature object with the specified
  75      * public key for verification operations.
  76      *
  77      * @param publicKey the public key of the identity whose signature is
  78      * going to be verified.
  79      * @param params the parameters for generating this signature
  80      *
  81      * @exception InvalidKeyException if the key is improperly
  82      * encoded, does not work with the given parameters, and so on.
  83      * @exception InvalidAlgorithmParameterException if the given parameters
  84      * is invalid.
  85      */
  86     void engineInitVerify(PublicKey publicKey,
  87             AlgorithmParameterSpec params)
  88             throws InvalidKeyException, InvalidAlgorithmParameterException {
  89         if (params != null) {
  90             try {
  91                 engineSetParameter(params);
  92             } catch (UnsupportedOperationException usoe) {
  93                 // error out if not overrridden
  94                 throw new InvalidAlgorithmParameterException(usoe);
  95             }
  96         }
  97         engineInitVerify(publicKey);
  98     }
  99 
 100     /**
 101      * Initializes this signature object with the specified
 102      * private key for signing operations.
 103      *
 104      * @param privateKey the private key of the identity whose signature
 105      * will be generated.
 106      *
 107      * @exception InvalidKeyException if the key is improperly
 108      * encoded, parameters are missing, and so on.
 109      */
 110     protected abstract void engineInitSign(PrivateKey privateKey)
 111         throws InvalidKeyException;
 112 
 113     /**
 114      * Initializes this signature object with the specified
 115      * private key and source of randomness for signing operations.
 116      *
 117      * <p>This concrete method has been added to this previously-defined
 118      * abstract class. (For backwards compatibility, it cannot be abstract.)
 119      *
 120      * @param privateKey the private key of the identity whose signature
 121      * will be generated.
 122      * @param random the source of randomness
 123      *
 124      * @exception InvalidKeyException if the key is improperly
 125      * encoded, parameters are missing, and so on.
 126      */
 127     protected void engineInitSign(PrivateKey privateKey,
 128             SecureRandom random)
 129             throws InvalidKeyException {
 130         this.appRandom = random;
 131         engineInitSign(privateKey);
 132     }
 133 
 134     /**
 135      * Initializes this signature object with the specified
 136      * private key and source of randomness for signing operations.
 137      *
 138      * <p>This concrete method has been added to this previously-defined
 139      * abstract class. (For backwards compatibility, it cannot be abstract.)
 140      *
 141      * @param privateKey the private key of the identity whose signature
 142      * will be generated.
 143      * @param params the parameters for generating this signature
 144      * @param random the source of randomness
 145      *
 146      * @exception InvalidKeyException if the key is improperly
 147      * encoded, parameters are missing, and so on.
 148      * @exception InvalidAlgorithmParameterException if the parameters is
 149      * invalid.
 150      */
 151     void engineInitSign(PrivateKey privateKey,
 152             AlgorithmParameterSpec params, SecureRandom random)
 153             throws InvalidKeyException, InvalidAlgorithmParameterException {
 154         if (params != null) {
 155             try {
 156                 engineSetParameter(params);
 157             } catch (UnsupportedOperationException usoe) {
 158                 // error out if not overrridden
 159                 throw new InvalidAlgorithmParameterException(usoe);
 160             }
 161         }
 162         engineInitSign(privateKey, random);
 163     }
 164 
 165     /**
 166      * Updates the data to be signed or verified
 167      * using the specified byte.
 168      *
 169      * @param b the byte to use for the update.
 170      *
 171      * @exception SignatureException if the engine is not initialized
 172      * properly.
 173      */
 174     protected abstract void engineUpdate(byte b) throws SignatureException;
 175 
 176     /**
 177      * Updates the data to be signed or verified, using the
 178      * specified array of bytes, starting at the specified offset.
 179      *
 180      * @param b the array of bytes
 181      * @param off the offset to start from in the array of bytes
 182      * @param len the number of bytes to use, starting at offset
 183      *
 184      * @exception SignatureException if the engine is not initialized
 185      * properly
 186      */
 187     protected abstract void engineUpdate(byte[] b, int off, int len)
 188             throws SignatureException;
 189 
 190     /**
 191      * Updates the data to be signed or verified using the specified
 192      * ByteBuffer. Processes the {@code data.remaining()} bytes
 193      * starting at {@code data.position()}.
 194      * Upon return, the buffer's position will be equal to its limit;
 195      * its limit will not have changed.
 196      *
 197      * @param input the ByteBuffer
 198      * @since 1.5
 199      */
 200     protected void engineUpdate(ByteBuffer input) {
 201         if (input.hasRemaining() == false) {
 202             return;
 203         }
 204         try {
 205             if (input.hasArray()) {
 206                 byte[] b = input.array();
 207                 int ofs = input.arrayOffset();
 208                 int pos = input.position();


 264      *
 265      * @param len number of bytes within {@code outbuf} allotted for the
 266      * signature.
 267      * Both this default implementation and the SUN provider do not
 268      * return partial digests. If the value of this parameter is less
 269      * than the actual signature length, this method will throw a
 270      * SignatureException.
 271      * This parameter is ignored if its value is greater than or equal to
 272      * the actual signature length.
 273      *
 274      * @return the number of bytes placed into {@code outbuf}
 275      *
 276      * @exception SignatureException if the engine is not
 277      * initialized properly, if this signature algorithm is unable to
 278      * process the input data provided, or if {@code len} is less
 279      * than the actual signature length.
 280      *
 281      * @since 1.2
 282      */
 283     protected int engineSign(byte[] outbuf, int offset, int len)
 284              throws SignatureException {
 285         byte[] sig = engineSign();
 286         if (len < sig.length) {
 287                 throw new SignatureException
 288                     ("partial signatures not returned");
 289         }
 290         if (outbuf.length - offset < sig.length) {
 291                 throw new SignatureException
 292                     ("insufficient space in the output buffer to store the "
 293                      + "signature");
 294         }
 295         System.arraycopy(sig, 0, outbuf, offset, sig.length);
 296         return sig.length;
 297     }
 298 
 299     /**
 300      * Verifies the passed-in signature.
 301      *
 302      * @param sigBytes the signature bytes to be verified.
 303      *
 304      * @return true if the signature was verified, false if not.
 305      *
 306      * @exception SignatureException if the engine is not
 307      * initialized properly, the passed-in signature is improperly
 308      * encoded or of the wrong type, if this signature algorithm is unable to
 309      * process the input data provided, etc.
 310      */
 311     protected abstract boolean engineVerify(byte[] sigBytes)
 312             throws SignatureException;
 313 
 314     /**
 315      * Verifies the passed-in signature in the specified array
 316      * of bytes, starting at the specified offset.
 317      *
 318      * <p> Note: Subclasses should overwrite the default implementation.
 319      *
 320      *
 321      * @param sigBytes the signature bytes to be verified.
 322      * @param offset the offset to start from in the array of bytes.
 323      * @param length the number of bytes to use, starting at offset.
 324      *
 325      * @return true if the signature was verified, false if not.
 326      *
 327      * @exception SignatureException if the engine is not
 328      * initialized properly, the passed-in signature is improperly
 329      * encoded or of the wrong type, if this signature algorithm is unable to
 330      * process the input data provided, etc.
 331      * @since 1.4
 332      */
 333     protected boolean engineVerify(byte[] sigBytes, int offset, int length)
 334             throws SignatureException {
 335         byte[] sigBytesCopy = new byte[length];
 336         System.arraycopy(sigBytes, offset, sigBytesCopy, 0, length);
 337         return engineVerify(sigBytesCopy);
 338     }
 339 
 340     /**
 341      * Sets the specified algorithm parameter to the specified
 342      * value. This method supplies a general-purpose mechanism through
 343      * which it is possible to set the various parameters of this object.
 344      * A parameter may be any settable parameter for the algorithm, such as
 345      * a parameter size, or a source of random bits for signature generation
 346      * (if appropriate), or an indication of whether or not to perform
 347      * a specific but optional computation. A uniform algorithm-specific
 348      * naming scheme for each parameter is desirable but left unspecified
 349      * at this time.
 350      *
 351      * @param param the string identifier of the parameter.
 352      *
 353      * @param value the parameter value.
 354      *
 355      * @exception InvalidParameterException if {@code param} is an
 356      * invalid parameter for this signature algorithm engine,
 357      * the parameter is already set
 358      * and cannot be set again, a security exception occurs, and so on.
 359      *
 360      * @deprecated Replaced by {@link
 361      * #engineSetParameter(java.security.spec.AlgorithmParameterSpec)
 362      * engineSetParameter}.
 363      */
 364     @Deprecated
 365     protected abstract void engineSetParameter(String param, Object value)
 366             throws InvalidParameterException;
 367 
 368     /**
 369      * <p>This method is overridden by providers to initialize
 370      * this signature engine with the specified parameter set.
 371      *
 372      * @param params the parameters
 373      *
 374      * @exception UnsupportedOperationException if this method is not
 375      * overridden by a provider
 376      *
 377      * @exception InvalidAlgorithmParameterException if this method is
 378      * overridden by a provider and the given parameters
 379      * are inappropriate for this signature engine
 380      */
 381     protected void engineSetParameter(AlgorithmParameterSpec params)
 382             throws InvalidAlgorithmParameterException {
 383         throw new UnsupportedOperationException();
 384     }
 385 
 386     /**
 387      * <p>This method is overridden by providers to return the parameters
 388      * used with this signature engine.
 389      *
 390      * <p> If this signature engine has been previously initialized with
 391      * parameters (by calling the {@code engineSetParameter} method), this
 392      * method returns the same parameters. If this signature engine has not been
 393      * initialized with parameters, this method may return a combination of
 394      * default and randomly generated parameter values if the underlying
 395      * signature implementation supports it and can successfully generate
 396      * them. Otherwise, {@code null} is returned.
 397      *
 398      * @return the parameters used with this signature engine, or {@code null}
 399      *
 400      * @exception UnsupportedOperationException if this method is
 401      * not overridden by a provider
 402      * @since 1.4
 403      */


   1 /*
   2  * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  55     /**
  56      * Application-specified source of randomness.
  57      */
  58     protected SecureRandom appRandom = null;
  59 
  60     /**
  61      * Initializes this signature object with the specified
  62      * public key for verification operations.
  63      *
  64      * @param publicKey the public key of the identity whose signature is
  65      * going to be verified.
  66      *
  67      * @exception InvalidKeyException if the key is improperly
  68      * encoded, parameters are missing, and so on.
  69      */
  70     protected abstract void engineInitVerify(PublicKey publicKey)
  71         throws InvalidKeyException;
  72 
  73     /**
  74      * Initializes this signature object with the specified



























  75      * private key for signing operations.
  76      *
  77      * @param privateKey the private key of the identity whose signature
  78      * will be generated.
  79      *
  80      * @exception InvalidKeyException if the key is improperly
  81      * encoded, parameters are missing, and so on.
  82      */
  83     protected abstract void engineInitSign(PrivateKey privateKey)
  84         throws InvalidKeyException;
  85 
  86     /**
  87      * Initializes this signature object with the specified
  88      * private key and source of randomness for signing operations.
  89      *
  90      * <p>This concrete method has been added to this previously-defined
  91      * abstract class. (For backwards compatibility, it cannot be abstract.)
  92      *
  93      * @param privateKey the private key of the identity whose signature
  94      * will be generated.
  95      * @param random the source of randomness
  96      *
  97      * @exception InvalidKeyException if the key is improperly
  98      * encoded, parameters are missing, and so on.
  99      */
 100     protected void engineInitSign(PrivateKey privateKey,
 101                                   SecureRandom random)
 102         throws InvalidKeyException {
 103             this.appRandom = random;
 104             engineInitSign(privateKey);































 105     }
 106 
 107     /**
 108      * Updates the data to be signed or verified
 109      * using the specified byte.
 110      *
 111      * @param b the byte to use for the update.
 112      *
 113      * @exception SignatureException if the engine is not initialized
 114      * properly.
 115      */
 116     protected abstract void engineUpdate(byte b) throws SignatureException;
 117 
 118     /**
 119      * Updates the data to be signed or verified, using the
 120      * specified array of bytes, starting at the specified offset.
 121      *
 122      * @param b the array of bytes
 123      * @param off the offset to start from in the array of bytes
 124      * @param len the number of bytes to use, starting at offset
 125      *
 126      * @exception SignatureException if the engine is not initialized
 127      * properly
 128      */
 129     protected abstract void engineUpdate(byte[] b, int off, int len)
 130         throws SignatureException;
 131 
 132     /**
 133      * Updates the data to be signed or verified using the specified
 134      * ByteBuffer. Processes the {@code data.remaining()} bytes
 135      * starting at {@code data.position()}.
 136      * Upon return, the buffer's position will be equal to its limit;
 137      * its limit will not have changed.
 138      *
 139      * @param input the ByteBuffer
 140      * @since 1.5
 141      */
 142     protected void engineUpdate(ByteBuffer input) {
 143         if (input.hasRemaining() == false) {
 144             return;
 145         }
 146         try {
 147             if (input.hasArray()) {
 148                 byte[] b = input.array();
 149                 int ofs = input.arrayOffset();
 150                 int pos = input.position();


 206      *
 207      * @param len number of bytes within {@code outbuf} allotted for the
 208      * signature.
 209      * Both this default implementation and the SUN provider do not
 210      * return partial digests. If the value of this parameter is less
 211      * than the actual signature length, this method will throw a
 212      * SignatureException.
 213      * This parameter is ignored if its value is greater than or equal to
 214      * the actual signature length.
 215      *
 216      * @return the number of bytes placed into {@code outbuf}
 217      *
 218      * @exception SignatureException if the engine is not
 219      * initialized properly, if this signature algorithm is unable to
 220      * process the input data provided, or if {@code len} is less
 221      * than the actual signature length.
 222      *
 223      * @since 1.2
 224      */
 225     protected int engineSign(byte[] outbuf, int offset, int len)
 226                         throws SignatureException {
 227         byte[] sig = engineSign();
 228         if (len < sig.length) {
 229                 throw new SignatureException
 230                     ("partial signatures not returned");
 231         }
 232         if (outbuf.length - offset < sig.length) {
 233                 throw new SignatureException
 234                     ("insufficient space in the output buffer to store the "
 235                      + "signature");
 236         }
 237         System.arraycopy(sig, 0, outbuf, offset, sig.length);
 238         return sig.length;
 239     }
 240 
 241     /**
 242      * Verifies the passed-in signature.
 243      *
 244      * @param sigBytes the signature bytes to be verified.
 245      *
 246      * @return true if the signature was verified, false if not.
 247      *
 248      * @exception SignatureException if the engine is not
 249      * initialized properly, the passed-in signature is improperly
 250      * encoded or of the wrong type, if this signature algorithm is unable to
 251      * process the input data provided, etc.
 252      */
 253     protected abstract boolean engineVerify(byte[] sigBytes)
 254         throws SignatureException;
 255 
 256     /**
 257      * Verifies the passed-in signature in the specified array
 258      * of bytes, starting at the specified offset.
 259      *
 260      * <p> Note: Subclasses should overwrite the default implementation.
 261      *
 262      *
 263      * @param sigBytes the signature bytes to be verified.
 264      * @param offset the offset to start from in the array of bytes.
 265      * @param length the number of bytes to use, starting at offset.
 266      *
 267      * @return true if the signature was verified, false if not.
 268      *
 269      * @exception SignatureException if the engine is not
 270      * initialized properly, the passed-in signature is improperly
 271      * encoded or of the wrong type, if this signature algorithm is unable to
 272      * process the input data provided, etc.
 273      * @since 1.4
 274      */
 275     protected boolean engineVerify(byte[] sigBytes, int offset, int length)
 276         throws SignatureException {
 277         byte[] sigBytesCopy = new byte[length];
 278         System.arraycopy(sigBytes, offset, sigBytesCopy, 0, length);
 279         return engineVerify(sigBytesCopy);
 280     }
 281 
 282     /**
 283      * Sets the specified algorithm parameter to the specified
 284      * value. This method supplies a general-purpose mechanism through
 285      * which it is possible to set the various parameters of this object.
 286      * A parameter may be any settable parameter for the algorithm, such as
 287      * a parameter size, or a source of random bits for signature generation
 288      * (if appropriate), or an indication of whether or not to perform
 289      * a specific but optional computation. A uniform algorithm-specific
 290      * naming scheme for each parameter is desirable but left unspecified
 291      * at this time.
 292      *
 293      * @param param the string identifier of the parameter.
 294      *
 295      * @param value the parameter value.
 296      *
 297      * @exception InvalidParameterException if {@code param} is an
 298      * invalid parameter for this signature algorithm engine,
 299      * the parameter is already set
 300      * and cannot be set again, a security exception occurs, and so on.
 301      *
 302      * @deprecated Replaced by {@link
 303      * #engineSetParameter(java.security.spec.AlgorithmParameterSpec)
 304      * engineSetParameter}.
 305      */
 306     @Deprecated
 307     protected abstract void engineSetParameter(String param, Object value)
 308         throws InvalidParameterException;
 309 
 310     /**
 311      * <p>This method is overridden by providers to initialize
 312      * this signature engine with the specified parameter set.
 313      *
 314      * @param params the parameters
 315      *
 316      * @exception UnsupportedOperationException if this method is not
 317      * overridden by a provider
 318      *
 319      * @exception InvalidAlgorithmParameterException if this method is
 320      * overridden by a provider and the given parameters
 321      * are inappropriate for this signature engine
 322      */
 323     protected void engineSetParameter(AlgorithmParameterSpec params)
 324         throws InvalidAlgorithmParameterException {
 325             throw new UnsupportedOperationException();
 326     }
 327 
 328     /**
 329      * <p>This method is overridden by providers to return the parameters
 330      * used with this signature engine.
 331      *
 332      * <p> If this signature engine has been previously initialized with
 333      * parameters (by calling the {@code engineSetParameter} method), this
 334      * method returns the same parameters. If this signature engine has not been
 335      * initialized with parameters, this method may return a combination of
 336      * default and randomly generated parameter values if the underlying
 337      * signature implementation supports it and can successfully generate
 338      * them. Otherwise, {@code null} is returned.
 339      *
 340      * @return the parameters used with this signature engine, or {@code null}
 341      *
 342      * @exception UnsupportedOperationException if this method is
 343      * not overridden by a provider
 344      * @since 1.4
 345      */


< prev index next >