All Downloads are FREE. Search and download functionalities are using the official Maven repository.

java.security.Signature Maven / Gradle / Ivy

There is a newer version: 1.14.0
Show newest version
/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package java.security;

import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import java.util.Set;
import org.apache.harmony.security.fortress.Engine;


/**
 * {@code Signature} is an engine class which is capable of creating and
 * verifying digital signatures, using different algorithms that have been
 * registered with the {@link Security} class.
 *
 * @see SignatureSpi
 */
public abstract class Signature extends SignatureSpi {

    // The service name.
    private static final String SERVICE = "Signature";

    // Used to access common engine functionality
    private static Engine ENGINE = new Engine(SERVICE);

    // The provider
    private Provider provider;

    // The algorithm.
    private String algorithm;

    /**
     * Constant that indicates that this {@code Signature} instance has not yet
     * been initialized.
     */
    protected static final int UNINITIALIZED = 0;

    /**
     * Constant that indicates that this {@code Signature} instance has been
     * initialized for signing.
     */
    protected static final int SIGN = 2;

    /**
     * Constant that indicates that this {@code Signature} instance has been
     * initialized for verification.
     */
    protected static final int VERIFY = 3;

    /**
     * Represents the current state of this {@code Signature}. The three
     * possible states are {@link #UNINITIALIZED}, {@link #SIGN} or
     * {@link #VERIFY}.
     */
    protected int state = UNINITIALIZED;

    /**
     * Constructs a new instance of {@code Signature} with the name of
     * the algorithm to use.
     *
     * @param algorithm
     *            the name of algorithm to use.
     */
    protected Signature(String algorithm) {
        this.algorithm = algorithm;
    }

    /**
     * Returns a new instance of {@code Signature} that utilizes the specified
     * algorithm.
     *
     * @param algorithm
     *            the name of the algorithm to use.
     * @return a new instance of {@code Signature} that utilizes the specified
     *         algorithm.
     * @throws NoSuchAlgorithmException
     *             if the specified algorithm is not available.
     * @throws NullPointerException
     *             if {@code algorithm} is {@code null}.
     */
    public static Signature getInstance(String algorithm)
            throws NoSuchAlgorithmException {
        if (algorithm == null) {
            throw new NullPointerException("algorithm == null");
        }
        Engine.SpiAndProvider sap = ENGINE.getInstance(algorithm, null);
        Object spi = sap.spi;
        Provider provider = sap.provider;
        if (spi instanceof Signature) {
            Signature result = (Signature) spi;
            result.algorithm = algorithm;
            result.provider = provider;
            return result;
        }
        return new SignatureImpl((SignatureSpi) spi, provider, algorithm);
    }

    /**
     * Returns a new instance of {@code Signature} that utilizes the specified
     * algorithm from the specified provider.
     *
     * @param algorithm
     *            the name of the algorithm to use.
     * @param provider
     *            the name of the provider.
     * @return a new instance of {@code Signature} that utilizes the specified
     *         algorithm from the specified provider.
     * @throws NoSuchAlgorithmException
     *             if the specified algorithm is not available.
     * @throws NoSuchProviderException
     *             if the specified provider is not available.
     * @throws NullPointerException
     *             if {@code algorithm} is {@code null}.
     * @throws IllegalArgumentException if {@code provider == null || provider.isEmpty()}
     */
    public static Signature getInstance(String algorithm, String provider)
            throws NoSuchAlgorithmException, NoSuchProviderException {
        if (algorithm == null) {
            throw new NullPointerException("algorithm == null");
        }
        if (provider == null || provider.isEmpty()) {
            throw new IllegalArgumentException();
        }
        Provider p = Security.getProvider(provider);
        if (p == null) {
            throw new NoSuchProviderException(provider);
        }
        return getSignatureInstance(algorithm, p);
    }

    /**
     * Returns a new instance of {@code Signature} that utilizes the specified
     * algorithm from the specified provider.
     *
     * @param algorithm
     *            the name of the algorithm to use.
     * @param provider
     *            the security provider.
     * @return a new instance of {@code Signature} that utilizes the specified
     *         algorithm from the specified provider.
     * @throws NoSuchAlgorithmException
     *             if the specified algorithm is not available.
     * @throws NullPointerException
     *             if {@code algorithm} is {@code null}.
     * @throws IllegalArgumentException if {@code provider == null}
     */
    public static Signature getInstance(String algorithm, Provider provider)
            throws NoSuchAlgorithmException {
        if (algorithm == null) {
            throw new NullPointerException("algorithm == null");
        }
        if (provider == null) {
            throw new IllegalArgumentException("provider == null");
        }
        return getSignatureInstance(algorithm, provider);
    }

    private static Signature getSignatureInstance(String algorithm,
            Provider provider) throws NoSuchAlgorithmException {
        Object spi = ENGINE.getInstance(algorithm, provider, null);
        if (spi instanceof Signature) {
            Signature result = (Signature) spi;
            result.algorithm = algorithm;
            result.provider = provider;
            return result;
        }
        return new SignatureImpl((SignatureSpi) spi, provider, algorithm);
    }

    /**
     * Returns the provider associated with this {@code Signature}.
     *
     * @return the provider associated with this {@code Signature}.
     */
    public final Provider getProvider() {
        return provider;
    }

    /**
     * Returns the name of the algorithm of this {@code Signature}.
     *
     * @return the name of the algorithm of this {@code Signature}.
     */
    public final String getAlgorithm() {
        return algorithm;
    }

    /**
     * Initializes this {@code Signature} instance for signature verification,
     * using the public key of the identity whose signature is going to be
     * verified.
     *
     * @param publicKey
     *            the public key.
     * @throws InvalidKeyException
     *             if {@code publicKey} is not valid.
     */
    public final void initVerify(PublicKey publicKey)
            throws InvalidKeyException {
        engineInitVerify(publicKey);
        state = VERIFY;
    }

    /**
     * Initializes this {@code Signature} instance for signature verification,
     * using the certificate of the identity whose signature is going to be
     * verified.
     * 

* If the given certificate is an instance of {@link X509Certificate} and * has a key usage parameter that indicates, that this certificate is not to * be used for signing, an {@code InvalidKeyException} is thrown. * * @param certificate * the certificate used to verify a signature. * @throws InvalidKeyException * if the publicKey in the certificate is not valid or not to be * used for signing. */ public final void initVerify(Certificate certificate) throws InvalidKeyException { if (certificate instanceof X509Certificate) { Set ce = ((X509Certificate) certificate).getCriticalExtensionOIDs(); boolean critical = false; if (ce != null && !ce.isEmpty()) { for (Iterator i = ce.iterator(); i.hasNext();) { if ("2.5.29.15".equals(i.next())) { //KeyUsage OID = 2.5.29.15 critical = true; break; } } if (critical) { boolean[] keyUsage = ((X509Certificate) certificate) .getKeyUsage(); // As specified in RFC 3280 - // Internet X.509 Public Key Infrastructure // Certificate and Certificate Revocation List (CRL) Profile. // (http://www.ietf.org/rfc/rfc3280.txt) // // KeyUsage ::= BIT STRING { digitalSignature (0), } if ((keyUsage != null) && (!keyUsage[0])) { // digitalSignature throw new InvalidKeyException("The public key in the certificate cannot be used for digital signature purposes"); } } } } engineInitVerify(certificate.getPublicKey()); state = VERIFY; } /** * Initializes this {@code Signature} instance for signing, using the * private key of the identity whose signature is going to be generated. * * @param privateKey * the private key. * @throws InvalidKeyException * if {@code privateKey} is not valid. */ public final void initSign(PrivateKey privateKey) throws InvalidKeyException { engineInitSign(privateKey); state = SIGN; } /** * Initializes this {@code Signature} instance for signing, using the * private key of the identity whose signature is going to be generated and * the specified source of randomness. * * @param privateKey * the private key. * @param random * the {@code SecureRandom} to use. * @throws InvalidKeyException * if {@code privateKey} is not valid. */ public final void initSign(PrivateKey privateKey, SecureRandom random) throws InvalidKeyException { engineInitSign(privateKey, random); state = SIGN; } /** * Generates and returns the signature of all updated data. *

* This {@code Signature} instance is reset to the state of its last * initialization for signing and thus can be used for another signature * from the same identity. * * @return the signature of all updated data. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final byte[] sign() throws SignatureException { if (state != SIGN) { throw new SignatureException("Signature object is not initialized properly"); } return engineSign(); } /** * Generates and stores the signature of all updated data in the provided * {@code byte[]} at the specified position with the specified length. *

* This {@code Signature} instance is reset to the state of its last * initialization for signing and thus can be used for another signature * from the same identity. * * @param outbuf * the buffer to store the signature. * @param offset * the index of the first byte in {@code outbuf} to store. * @param len * the number of bytes allocated for the signature. * @return the number of bytes stored in {@code outbuf}. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. * @throws IllegalArgumentException * if {@code offset} or {@code len} are not valid in respect to * {@code outbuf}. */ public final int sign(byte[] outbuf, int offset, int len) throws SignatureException { if (outbuf == null || offset < 0 || len < 0 || offset + len > outbuf.length) { throw new IllegalArgumentException(); } if (state != SIGN) { throw new SignatureException("Signature object is not initialized properly"); } return engineSign(outbuf, offset, len); } /** * Indicates whether the given {@code signature} can be verified using the * public key or a certificate of the signer. *

* This {@code Signature} instance is reset to the state of its last * initialization for verifying and thus can be used to verify another * signature of the same signer. * * @param signature * the signature to verify. * @return {@code true} if the signature was verified, {@code false} * otherwise. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final boolean verify(byte[] signature) throws SignatureException { if (state != VERIFY) { throw new SignatureException("Signature object is not initialized properly"); } return engineVerify(signature); } /** * Indicates whether the given {@code signature} starting at index {@code * offset} with {@code length} bytes can be verified using the public key or * a certificate of the signer. *

* This {@code Signature} instance is reset to the state of its last * initialization for verifying and thus can be used to verify another * signature of the same signer. * * @param signature * the {@code byte[]} containing the signature to verify. * @param offset * the start index in {@code signature} of the signature. * @param length * the number of bytes allocated for the signature. * @return {@code true} if the signature was verified, {@code false} * otherwise. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. * @throws IllegalArgumentException * if {@code offset} or {@code length} are not valid in respect * to {@code signature}. */ public final boolean verify(byte[] signature, int offset, int length) throws SignatureException { if (state != VERIFY) { throw new SignatureException("Signature object is not initialized properly"); } if (signature == null || offset < 0 || length < 0 || offset + length > signature.length) { throw new IllegalArgumentException(); } return engineVerify(signature, offset, length); } /** * Updates the data to be verified or to be signed, using the specified * {@code byte}. * * @param b * the byte to update with. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(byte b) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } engineUpdate(b); } /** * Updates the data to be verified or to be signed, using the specified * {@code byte[]}. * * @param data * the byte array to update with. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(byte[] data) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } engineUpdate(data, 0, data.length); } /** * Updates the data to be verified or to be signed, using the given {@code * byte[]}, starting form the specified index for the specified length. * * @param data * the byte array to update with. * @param off * the start index in {@code data} of the data. * @param len * the number of bytes to use. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(byte[] data, int off, int len) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } if (data == null || off < 0 || len < 0 || off + len > data.length) { throw new IllegalArgumentException(); } engineUpdate(data, off, len); } /** * Updates the data to be verified or to be signed, using the specified * {@code ByteBuffer}. * * @param data * the {@code ByteBuffer} to update with. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(ByteBuffer data) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } engineUpdate(data); } /** * Returns a string containing a concise, human-readable description of this * {@code Signature} including its algorithm and its state. * * @return a printable representation for this {@code Signature}. */ @Override public String toString() { return "SIGNATURE " + algorithm + " state: " + stateToString(state); } // Convert state to string private String stateToString(int state) { switch (state) { case UNINITIALIZED: return "UNINITIALIZED"; case SIGN: return "SIGN"; case VERIFY: return "VERIFY"; default: return ""; } } /** * Sets the specified parameter to the given value. * * @param param * the name of the parameter. * @param value * the parameter value. * @throws InvalidParameterException * if the parameter is invalid, already set or is not allowed to * be changed. * @deprecated Use {@link #setParameter(AlgorithmParameterSpec)} instead. */ @Deprecated public final void setParameter(String param, Object value) throws InvalidParameterException { engineSetParameter(param, value); } /** * Sets the specified {@code AlgorithmParameterSpec}. * * @param params * the parameter to set. * @throws InvalidAlgorithmParameterException * if the parameter is invalid, already set or is not allowed to * be changed. */ public final void setParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { engineSetParameter(params); } /** * Returns the {@code AlgorithmParameters} of this {@link Signature} * instance. * * @return the {@code AlgorithmParameters} of this {@link Signature} * instance, maybe {@code null}. */ public final AlgorithmParameters getParameters() { return engineGetParameters(); } /** * Returns the value of the parameter with the specified name. * * @param param * the name of the requested parameter value * @return the value of the parameter with the specified name, maybe {@code * null}. * @throws InvalidParameterException * if {@code param} is not a valid parameter for this {@code * Signature} or an other error occurs. * @deprecated There is no generally accepted parameter naming convention. */ @Deprecated public final Object getParameter(String param) throws InvalidParameterException { return engineGetParameter(param); } @Override public Object clone() throws CloneNotSupportedException { if (this instanceof Cloneable) { return super.clone(); } throw new CloneNotSupportedException(); } /** * * Internal Signature implementation * */ private static class SignatureImpl extends Signature { private SignatureSpi spiImpl; // Constructor public SignatureImpl(SignatureSpi signatureSpi, Provider provider, String algorithm) { super(algorithm); super.provider = provider; spiImpl = signatureSpi; } // engineSign() implementation @Override protected byte[] engineSign() throws SignatureException { return spiImpl.engineSign(); } // engineUpdate() implementation @Override protected void engineUpdate(byte arg0) throws SignatureException { spiImpl.engineUpdate(arg0); } // engineVerify() implementation @Override protected boolean engineVerify(byte[] arg0) throws SignatureException { return spiImpl.engineVerify(arg0); } // engineUpdate() implementation @Override protected void engineUpdate(byte[] arg0, int arg1, int arg2) throws SignatureException { spiImpl.engineUpdate(arg0, arg1, arg2); } // engineInitSign() implementation @Override protected void engineInitSign(PrivateKey arg0) throws InvalidKeyException { spiImpl.engineInitSign(arg0); } // engineInitVerify() implementation @Override protected void engineInitVerify(PublicKey arg0) throws InvalidKeyException { spiImpl.engineInitVerify(arg0); } // engineGetParameter() implementation @Override protected Object engineGetParameter(String arg0) throws InvalidParameterException { return spiImpl.engineGetParameter(arg0); } // engineSetParameter() implementation @Override protected void engineSetParameter(String arg0, Object arg1) throws InvalidParameterException { spiImpl.engineSetParameter(arg0, arg1); } // Returns a clone if the spiImpl is cloneable @Override public Object clone() throws CloneNotSupportedException { if (spiImpl instanceof Cloneable) { SignatureSpi spi = (SignatureSpi) spiImpl.clone(); return new SignatureImpl(spi, getProvider(), getAlgorithm()); } throw new CloneNotSupportedException(); } } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy