< prev index next >

src/java.base/share/classes/sun/security/x509/X509CRLImpl.java

Print this page


   1 /*
   2  * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


 353      * @exception CRLException on encoding errors.
 354      */
 355     public synchronized void verify(PublicKey key, String sigProvider)
 356             throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
 357             NoSuchProviderException, SignatureException {
 358 
 359         if (sigProvider == null) {
 360             sigProvider = "";
 361         }
 362         if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
 363             // this CRL has already been successfully verified using
 364             // this public key. Make sure providers match, too.
 365             if (sigProvider.equals(verifiedProvider)) {
 366                 return;
 367             }
 368         }
 369         if (signedCRL == null) {
 370             throw new CRLException("Uninitialized CRL");
 371         }
 372         Signature   sigVerf = null;
 373         String sigName = sigAlgId.getName();
 374         if (sigProvider.isEmpty()) {
 375             sigVerf = Signature.getInstance(sigName);
 376         } else {
 377             sigVerf = Signature.getInstance(sigName, sigProvider);
 378         }
 379 




 380         try {
 381             SignatureUtil.initVerifyWithParam(sigVerf, key,
 382                 SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
 383         } catch (ProviderException e) {
 384             throw new CRLException(e.getMessage(), e.getCause());
 385         } catch (InvalidAlgorithmParameterException e) {
 386             throw new CRLException(e);
 387         }
 388 
 389         if (tbsCertList == null) {
 390             throw new CRLException("Uninitialized CRL");
 391         }
 392 
 393         sigVerf.update(tbsCertList, 0, tbsCertList.length);
 394 
 395         if (!sigVerf.verify(signature)) {
 396             throw new SignatureException("Signature does not match.");
 397         }
 398         verifiedPublicKey = key;
 399         verifiedProvider = sigProvider;
 400     }
 401 
 402     /**


 406      * the given provider. Note that the specified Provider object
 407      * does not have to be registered in the provider list.
 408      *
 409      * @param key the PublicKey used to carry out the verification.
 410      * @param sigProvider the signature provider.
 411      *
 412      * @exception NoSuchAlgorithmException on unsupported signature
 413      * algorithms.
 414      * @exception InvalidKeyException on incorrect key.
 415      * @exception SignatureException on signature errors.
 416      * @exception CRLException on encoding errors.
 417      */
 418     public synchronized void verify(PublicKey key, Provider sigProvider)
 419             throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
 420             SignatureException {
 421 
 422         if (signedCRL == null) {
 423             throw new CRLException("Uninitialized CRL");
 424         }
 425         Signature sigVerf = null;
 426         String sigName = sigAlgId.getName();
 427         if (sigProvider == null) {
 428             sigVerf = Signature.getInstance(sigName);
 429         } else {
 430             sigVerf = Signature.getInstance(sigName, sigProvider);
 431         }
 432 




 433         try {
 434             SignatureUtil.initVerifyWithParam(sigVerf, key,
 435                 SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
 436         } catch (ProviderException e) {
 437             throw new CRLException(e.getMessage(), e.getCause());
 438         } catch (InvalidAlgorithmParameterException e) {
 439             throw new CRLException(e);
 440         }
 441 
 442         if (tbsCertList == null) {
 443             throw new CRLException("Uninitialized CRL");
 444         }
 445 
 446         sigVerf.update(tbsCertList, 0, tbsCertList.length);
 447 
 448         if (!sigVerf.verify(signature)) {
 449             throw new SignatureException("Signature does not match.");
 450         }
 451         verifiedPublicKey = key;
 452     }
 453 
 454     /**
 455      * Encodes an X.509 CRL, and signs it using the given key.


 481      * algorithms.
 482      * @exception InvalidKeyException on incorrect key.
 483      * @exception NoSuchProviderException on incorrect provider.
 484      * @exception SignatureException on signature errors.
 485      * @exception CRLException if any mandatory data was omitted.
 486      */
 487     public void sign(PrivateKey key, String algorithm, String provider)
 488     throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
 489         NoSuchProviderException, SignatureException {
 490         try {
 491             if (readOnly)
 492                 throw new CRLException("cannot over-write existing CRL");
 493             Signature sigEngine = null;
 494             if (provider == null || provider.isEmpty())
 495                 sigEngine = Signature.getInstance(algorithm);
 496             else
 497                 sigEngine = Signature.getInstance(algorithm, provider);
 498 
 499             sigEngine.initSign(key);
 500 
 501             // in case the name is reset
 502             sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
 503             infoSigAlgId = sigAlgId;
 504 
 505             DerOutputStream out = new DerOutputStream();
 506             DerOutputStream tmp = new DerOutputStream();
 507 
 508             // encode crl info
 509             encodeInfo(tmp);
 510 
 511             // encode algorithm identifier
 512             sigAlgId.encode(tmp);
 513 
 514             // Create and encode the signature itself.
 515             sigEngine.update(tbsCertList, 0, tbsCertList.length);
 516             signature = sigEngine.sign();
 517             tmp.putBitString(signature);
 518 
 519             // Wrap the signed data in a SEQUENCE { data, algorithm, sig }
 520             out.write(DerValue.tag_Sequence, tmp);
 521             signedCRL = out.toByteArray();


   1 /*
   2  * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


 353      * @exception CRLException on encoding errors.
 354      */
 355     public synchronized void verify(PublicKey key, String sigProvider)
 356             throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
 357             NoSuchProviderException, SignatureException {
 358 
 359         if (sigProvider == null) {
 360             sigProvider = "";
 361         }
 362         if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
 363             // this CRL has already been successfully verified using
 364             // this public key. Make sure providers match, too.
 365             if (sigProvider.equals(verifiedProvider)) {
 366                 return;
 367             }
 368         }
 369         if (signedCRL == null) {
 370             throw new CRLException("Uninitialized CRL");
 371         }
 372         Signature   sigVerf = null;

 373         if (sigProvider.isEmpty()) {
 374             sigVerf = Signature.getInstance(sigAlgId.getName());
 375         } else {
 376             sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
 377         }
 378 
 379         sigVerf.initVerify(key);
 380 
 381         // set parameters after Signature.initSign/initVerify call,
 382         // so the deferred provider selection happens when key is set
 383         try {
 384             SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());

 385         } catch (ProviderException e) {
 386             throw new CRLException(e.getMessage(), e.getCause());
 387         } catch (InvalidAlgorithmParameterException e) {
 388             throw new CRLException(e);
 389         }
 390 
 391         if (tbsCertList == null) {
 392             throw new CRLException("Uninitialized CRL");
 393         }
 394 
 395         sigVerf.update(tbsCertList, 0, tbsCertList.length);
 396 
 397         if (!sigVerf.verify(signature)) {
 398             throw new SignatureException("Signature does not match.");
 399         }
 400         verifiedPublicKey = key;
 401         verifiedProvider = sigProvider;
 402     }
 403 
 404     /**


 408      * the given provider. Note that the specified Provider object
 409      * does not have to be registered in the provider list.
 410      *
 411      * @param key the PublicKey used to carry out the verification.
 412      * @param sigProvider the signature provider.
 413      *
 414      * @exception NoSuchAlgorithmException on unsupported signature
 415      * algorithms.
 416      * @exception InvalidKeyException on incorrect key.
 417      * @exception SignatureException on signature errors.
 418      * @exception CRLException on encoding errors.
 419      */
 420     public synchronized void verify(PublicKey key, Provider sigProvider)
 421             throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
 422             SignatureException {
 423 
 424         if (signedCRL == null) {
 425             throw new CRLException("Uninitialized CRL");
 426         }
 427         Signature sigVerf = null;

 428         if (sigProvider == null) {
 429             sigVerf = Signature.getInstance(sigAlgId.getName());
 430         } else {
 431             sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
 432         }
 433 
 434         sigVerf.initVerify(key);
 435 
 436         // set parameters after Signature.initSign/initVerify call,
 437         // so the deferred provider selection happens when key is set
 438         try {
 439             SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());

 440         } catch (ProviderException e) {
 441             throw new CRLException(e.getMessage(), e.getCause());
 442         } catch (InvalidAlgorithmParameterException e) {
 443             throw new CRLException(e);
 444         }
 445 
 446         if (tbsCertList == null) {
 447             throw new CRLException("Uninitialized CRL");
 448         }
 449 
 450         sigVerf.update(tbsCertList, 0, tbsCertList.length);
 451 
 452         if (!sigVerf.verify(signature)) {
 453             throw new SignatureException("Signature does not match.");
 454         }
 455         verifiedPublicKey = key;
 456     }
 457 
 458     /**
 459      * Encodes an X.509 CRL, and signs it using the given key.


 485      * algorithms.
 486      * @exception InvalidKeyException on incorrect key.
 487      * @exception NoSuchProviderException on incorrect provider.
 488      * @exception SignatureException on signature errors.
 489      * @exception CRLException if any mandatory data was omitted.
 490      */
 491     public void sign(PrivateKey key, String algorithm, String provider)
 492     throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
 493         NoSuchProviderException, SignatureException {
 494         try {
 495             if (readOnly)
 496                 throw new CRLException("cannot over-write existing CRL");
 497             Signature sigEngine = null;
 498             if (provider == null || provider.isEmpty())
 499                 sigEngine = Signature.getInstance(algorithm);
 500             else
 501                 sigEngine = Signature.getInstance(algorithm, provider);
 502 
 503             sigEngine.initSign(key);
 504 
 505                                 // in case the name is reset
 506             sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
 507             infoSigAlgId = sigAlgId;
 508 
 509             DerOutputStream out = new DerOutputStream();
 510             DerOutputStream tmp = new DerOutputStream();
 511 
 512             // encode crl info
 513             encodeInfo(tmp);
 514 
 515             // encode algorithm identifier
 516             sigAlgId.encode(tmp);
 517 
 518             // Create and encode the signature itself.
 519             sigEngine.update(tbsCertList, 0, tbsCertList.length);
 520             signature = sigEngine.sign();
 521             tmp.putBitString(signature);
 522 
 523             // Wrap the signed data in a SEQUENCE { data, algorithm, sig }
 524             out.write(DerValue.tag_Sequence, tmp);
 525             signedCRL = out.toByteArray();


< prev index next >