org.bouncycastle.tls.crypto.impl.bc.BcTlsRSAPSSVerifier Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bctls-jdk14 Show documentation
Show all versions of bctls-jdk14 Show documentation
The Bouncy Castle Java APIs for TLS and DTLS.
package org.bouncycastle.tls.crypto.impl.bc;
import java.io.IOException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.tls.DigitallySigned;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.SignatureScheme;
import org.bouncycastle.tls.crypto.TlsStreamVerifier;
/**
* Operator supporting the verification of RSASSA-PSS signatures using the BC light-weight API.
*/
public class BcTlsRSAPSSVerifier
extends BcTlsVerifier
{
private final int signatureScheme;
public BcTlsRSAPSSVerifier(BcTlsCrypto crypto, RSAKeyParameters publicKey, int signatureScheme)
{
super(crypto, publicKey);
if (!SignatureScheme.isRSAPSS(signatureScheme))
{
throw new IllegalArgumentException("signatureScheme");
}
this.signatureScheme = signatureScheme;
}
public boolean verifyRawSignature(DigitallySigned signature, byte[] hash) throws IOException
{
throw new UnsupportedOperationException();
}
public TlsStreamVerifier getStreamVerifier(DigitallySigned signature)
{
SignatureAndHashAlgorithm algorithm = signature.getAlgorithm();
if (algorithm == null || SignatureScheme.from(algorithm) != signatureScheme)
{
throw new IllegalStateException("Invalid algorithm: " + algorithm);
}
int cryptoHashAlgorithm = SignatureScheme.getCryptoHashAlgorithm(signatureScheme);
Digest digest = crypto.createDigest(cryptoHashAlgorithm);
PSSSigner verifier = new PSSSigner(new RSAEngine(), digest, digest.getDigestSize());
verifier.init(false, publicKey);
return new BcTlsStreamVerifier(verifier, signature.getSignature());
}
}