< prev index next >

src/java.base/share/classes/sun/security/x509/X509CertImpl.java

Print this page

        

@@ -420,20 +420,22 @@
         if (signedCert == null) {
             throw new CertificateEncodingException("Uninitialized certificate");
         }
         // Verify the signature ...
         Signature sigVerf = null;
-        String sigName = algId.getName();
         if (sigProvider.isEmpty()) {
-            sigVerf = Signature.getInstance(sigName);
+            sigVerf = Signature.getInstance(algId.getName());
         } else {
-            sigVerf = Signature.getInstance(sigName, sigProvider);
+            sigVerf = Signature.getInstance(algId.getName(), sigProvider);
         }
 
+        sigVerf.initVerify(key);
+
+        // set parameters after Signature.initSign/initVerify call,
+        // so the deferred provider selection happens when key is set
         try {
-            SignatureUtil.initVerifyWithParam(sigVerf, key,
-                SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
+            SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
         } catch (ProviderException e) {
             throw new CertificateException(e.getMessage(), e.getCause());
         } catch (InvalidAlgorithmParameterException e) {
             throw new CertificateException(e);
         }

@@ -474,20 +476,22 @@
         if (signedCert == null) {
             throw new CertificateEncodingException("Uninitialized certificate");
         }
         // Verify the signature ...
         Signature sigVerf = null;
-        String sigName = algId.getName();
         if (sigProvider == null) {
-            sigVerf = Signature.getInstance(sigName);
+            sigVerf = Signature.getInstance(algId.getName());
         } else {
-            sigVerf = Signature.getInstance(sigName, sigProvider);
+            sigVerf = Signature.getInstance(algId.getName(), sigProvider);
         }
 
+        sigVerf.initVerify(key);
+
+        // set parameters after Signature.initSign/initVerify call,
+        // so the deferred provider selection happens when key is set
         try {
-            SignatureUtil.initVerifyWithParam(sigVerf, key,
-                SignatureUtil.getParamSpec(sigName, getSigAlgParams()));
+            SignatureUtil.specialSetParameter(sigVerf, getSigAlgParams());
         } catch (ProviderException e) {
             throw new CertificateException(e.getMessage(), e.getCause());
         } catch (InvalidAlgorithmParameterException e) {
             throw new CertificateException(e);
         }

@@ -581,23 +585,26 @@
             String algorithm, String provider)
             throws CertificateException, NoSuchAlgorithmException,
             InvalidKeyException, InvalidAlgorithmParameterException,
             NoSuchProviderException, SignatureException {
         try {
-            if (readOnly) {
+            if (readOnly)
                 throw new CertificateEncodingException(
-                        "cannot over-write existing certificate");
-            }
+                              "cannot over-write existing certificate");
             Signature sigEngine = null;
-            if (provider == null || provider.isEmpty()) {
+            if (provider == null || provider.isEmpty())
                 sigEngine = Signature.getInstance(algorithm);
-            } else {
+            else
                 sigEngine = Signature.getInstance(algorithm, provider);
-            }
 
-            SignatureUtil.initSignWithParam(sigEngine, key, signingParams,
-                    null);
+            sigEngine.initSign(key);
+
+            if (signingParams != null) {
+                // set parameters after Signature.initSign/initVerify call, so
+                // the deferred provider selection happens when the key is set
+                sigEngine.setParameter(signingParams);
+            }
 
             // in case the name is reset
             if (signingParams != null) {
                 algId = AlgorithmId.get(sigEngine.getParameters());
             } else {
< prev index next >