-
CSignature
-
keyAlgorithm: String
-
messageDigest: MessageDigest
-
messageDigestAlgorithm: String
-
needsReset: boolean
-
privateKey: CPrivateKey
-
publicKey: CPublicKey
-
CSignature(String, String): void
-
RSA
-
NONEwithRSA
-
SHA1withRSA
-
SHA256withRSA
-
SHA384withRSA
-
SHA512withRSA
-
MD5withRSA
-
MD2withRSA
-
SHA1withECDSA
-
SHA224withECDSA
-
SHA256withECDSA
-
SHA384withECDSA
-
SHA512withECDSA
-
ECDSA
-
PSS
-
pssParams: PSSParameterSpec
-
fallbackSignature: Signature
-
PSS(): void
-
engineInitSign(PrivateKey): void
-
engineInitVerify(PublicKey): void
-
engineUpdate(byte): void
-
engineUpdate(byte[], int, int): void
-
engineUpdate(ByteBuffer): void
-
engineSign(): byte[]
-
engineVerify(byte[]): boolean
-
engineSetParameter(AlgorithmParameterSpec): void
-
engineGetParameters(): AlgorithmParameters
-
ensureInit(): void
-
validateSigParams(AlgorithmParameterSpec): PSSParameterSpec
-
-
signCngHash(int, byte[], int, int, String, long, long): byte[]
-
verifyCngSignedHash(int, byte[], int, byte[], int, int, String, long, long): boolean
-
resetDigest(): void
-
getDigestValue(): byte[]
-
setDigestName(String): void
-
engineUpdate(byte): void
-
engineUpdate(byte[], int, int): void
-
engineUpdate(ByteBuffer): void
-
convertEndianArray(byte[]): byte[]
-
signHash(boolean, byte[], int, String, long, long): byte[]
-
verifySignedHash(byte[], int, String, byte[], int, long, long): boolean
-
engineSetParameter(String, Object): void
-
engineSetParameter(AlgorithmParameterSpec): void
-
engineGetParameter(String): Object
-
engineGetParameters(): AlgorithmParameters
-
importPublicKey(String, byte[], int): CPublicKey
-
importECPublicKey(String, byte[], int): CPublicKey
-
/*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.mscapi;
import java.nio.ByteBuffer;
import java.security.*;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.math.BigInteger;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Locale;
import sun.security.rsa.RSAKeyFactory;
import sun.security.util.ECUtil;
import sun.security.util.KeyUtil;
Signature implementation.
Objects should be instantiated by calling Signature.getInstance() using the
following algorithm names:
. "NONEwithRSA"
. "SHA1withRSA"
. "SHA256withRSA"
. "SHA384withRSA"
. "SHA512withRSA"
. "MD5withRSA"
. "MD2withRSA"
. "RSASSA-PSS"
. "SHA1withECDSA"
. "SHA224withECDSA"
. "SHA256withECDSA"
. "SHA384withECDSA"
. "SHA512withECDSA"
NOTE: RSA keys must be at least 512 bits long.
NOTE: NONEwithRSA must be supplied with a pre-computed message digest.
Only the following digest algorithms are supported: MD5, SHA-1,
SHA-256, SHA-384, SHA-512 and a special-purpose digest
algorithm which is a concatenation of SHA-1 and MD5 digests.
Author: Stanley Man-Kit Ho Since: 1.6
/**
* Signature implementation.
*
* Objects should be instantiated by calling Signature.getInstance() using the
* following algorithm names:
*
* . "NONEwithRSA"
* . "SHA1withRSA"
* . "SHA256withRSA"
* . "SHA384withRSA"
* . "SHA512withRSA"
* . "MD5withRSA"
* . "MD2withRSA"
* . "RSASSA-PSS"
* . "SHA1withECDSA"
* . "SHA224withECDSA"
* . "SHA256withECDSA"
* . "SHA384withECDSA"
* . "SHA512withECDSA"
*
* NOTE: RSA keys must be at least 512 bits long.
*
* NOTE: NONEwithRSA must be supplied with a pre-computed message digest.
* Only the following digest algorithms are supported: MD5, SHA-1,
* SHA-256, SHA-384, SHA-512 and a special-purpose digest
* algorithm which is a concatenation of SHA-1 and MD5 digests.
*
* @since 1.6
* @author Stanley Man-Kit Ho
*/
abstract class CSignature extends SignatureSpi {
// private key algorithm name
protected String keyAlgorithm;
// message digest implementation we use
protected MessageDigest messageDigest;
// message digest name
protected String messageDigestAlgorithm;
// flag indicating whether the digest has been reset
protected boolean needsReset;
// the signing key
protected CPrivateKey privateKey = null;
// the verification key
protected CPublicKey publicKey = null;
Constructs a new CSignature. Used by subclasses.
/**
* Constructs a new CSignature. Used by subclasses.
*/
CSignature(String keyName, String digestName) {
this.keyAlgorithm = keyName;
if (digestName != null) {
try {
messageDigest = MessageDigest.getInstance(digestName);
// Get the digest's canonical name
messageDigestAlgorithm = messageDigest.getAlgorithm();
} catch (NoSuchAlgorithmException e) {
throw new ProviderException(e);
}
} else {
messageDigest = null;
messageDigestAlgorithm = null;
}
needsReset = false;
}
static class RSA extends CSignature {
public RSA(String digestAlgorithm) {
super("RSA", digestAlgorithm);
}
// initialize for signing. See JCA doc
@Override
protected void engineInitSign(PrivateKey key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("Key cannot be null");
}
if ((key instanceof CPrivateKey) == false
|| !key.getAlgorithm().equalsIgnoreCase("RSA")) {
throw new InvalidKeyException("Key type not supported: "
+ key.getClass() + " " + key.getAlgorithm());
}
privateKey = (CPrivateKey) key;
// Check against the local and global values to make sure
// the sizes are ok. Round up to nearest byte.
RSAKeyFactory.checkKeyLengths(((privateKey.length() + 7) & ~7),
null, CKeyPairGenerator.RSA.KEY_SIZE_MIN,
CKeyPairGenerator.RSA.KEY_SIZE_MAX);
this.publicKey = null;
resetDigest();
}
// initialize for signing. See JCA doc
@Override
protected void engineInitVerify(PublicKey key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("Key cannot be null");
}
// This signature accepts only RSAPublicKey
if ((key instanceof RSAPublicKey) == false) {
throw new InvalidKeyException("Key type not supported: "
+ key.getClass());
}
if ((key instanceof CPublicKey) == false) {
// convert key to MSCAPI format
java.security.interfaces.RSAPublicKey rsaKey =
(java.security.interfaces.RSAPublicKey) key;
BigInteger modulus = rsaKey.getModulus();
BigInteger exponent = rsaKey.getPublicExponent();
// Check against the local and global values to make sure
// the sizes are ok. Round up to the nearest byte.
RSAKeyFactory.checkKeyLengths(((modulus.bitLength() + 7) & ~7),
exponent, -1, CKeyPairGenerator.RSA.KEY_SIZE_MAX);
byte[] modulusBytes = modulus.toByteArray();
byte[] exponentBytes = exponent.toByteArray();
// Adjust key length due to sign bit
int keyBitLength = (modulusBytes[0] == 0)
? (modulusBytes.length - 1) * 8
: modulusBytes.length * 8;
byte[] keyBlob = generatePublicKeyBlob(
keyBitLength, modulusBytes, exponentBytes);
try {
publicKey = importPublicKey("RSA", keyBlob, keyBitLength);
} catch (KeyStoreException e) {
throw new InvalidKeyException(e);
}
} else {
publicKey = (CPublicKey) key;
}
this.privateKey = null;
resetDigest();
}
Returns the signature bytes of all the data
updated so far.
The format of the signature depends on the underlying
signature scheme.
Throws: - SignatureException – if the engine is not
initialized properly or if this signature algorithm is unable to
process the input data provided.
Returns: the signature bytes of the signing operation's result.
/**
* Returns the signature bytes of all the data
* updated so far.
* The format of the signature depends on the underlying
* signature scheme.
*
* @return the signature bytes of the signing operation's result.
*
* @exception SignatureException if the engine is not
* initialized properly or if this signature algorithm is unable to
* process the input data provided.
*/
@Override
protected byte[] engineSign() throws SignatureException {
byte[] hash = getDigestValue();
if (privateKey.getHCryptKey() == 0) {
return signCngHash(1, hash, hash.length,
0,
this instanceof NONEwithRSA ? null : messageDigestAlgorithm,
privateKey.getHCryptProvider(), 0);
} else {
// Omit the hash OID when generating a NONEwithRSA signature
boolean noHashOID = this instanceof NONEwithRSA;
// Sign hash using MS Crypto APIs
byte[] result = signHash(noHashOID, hash, hash.length,
messageDigestAlgorithm, privateKey.getHCryptProvider(),
privateKey.getHCryptKey());
// Convert signature array from little endian to big endian
return convertEndianArray(result);
}
}
Verifies the passed-in signature.
Params: - sigBytes – the signature bytes to be verified.
Throws: - SignatureException – if the engine is not
initialized properly, the passed-in signature is improperly
encoded or of the wrong type, if this signature algorithm is unable to
process the input data provided, etc.
Returns: true if the signature was verified, false if not.
/**
* Verifies the passed-in signature.
*
* @param sigBytes the signature bytes to be verified.
*
* @return true if the signature was verified, false if not.
*
* @exception SignatureException if the engine is not
* initialized properly, the passed-in signature is improperly
* encoded or of the wrong type, if this signature algorithm is unable to
* process the input data provided, etc.
*/
@Override
protected boolean engineVerify(byte[] sigBytes)
throws SignatureException {
byte[] hash = getDigestValue();
if (publicKey.getHCryptKey() == 0) {
return verifyCngSignedHash(
1, hash, hash.length,
sigBytes, sigBytes.length,
0,
messageDigestAlgorithm,
publicKey.getHCryptProvider(),
0);
} else {
return verifySignedHash(hash, hash.length,
messageDigestAlgorithm, convertEndianArray(sigBytes),
sigBytes.length, publicKey.getHCryptProvider(),
publicKey.getHCryptKey());
}
}
Generates a public-key BLOB from a key's components.
/**
* Generates a public-key BLOB from a key's components.
*/
// used by CRSACipher
static native byte[] generatePublicKeyBlob(
int keyBitLength, byte[] modulus, byte[] publicExponent)
throws InvalidKeyException;
}
// Nested class for NONEwithRSA signatures
public static final class NONEwithRSA extends RSA {
// the longest supported digest is 512 bits (SHA-512)
private static final int RAW_RSA_MAX = 64;
private final byte[] precomputedDigest;
private int offset = 0;
public NONEwithRSA() {
super(null);
precomputedDigest = new byte[RAW_RSA_MAX];
}
// Stores the precomputed message digest value.
@Override
protected void engineUpdate(byte b) throws SignatureException {
if (offset >= precomputedDigest.length) {
offset = RAW_RSA_MAX + 1;
return;
}
precomputedDigest[offset++] = b;
}
// Stores the precomputed message digest value.
@Override
protected void engineUpdate(byte[] b, int off, int len)
throws SignatureException {
if (len > (precomputedDigest.length - offset)) {
offset = RAW_RSA_MAX + 1;
return;
}
System.arraycopy(b, off, precomputedDigest, offset, len);
offset += len;
}
// Stores the precomputed message digest value.
@Override
protected void engineUpdate(ByteBuffer byteBuffer) {
int len = byteBuffer.remaining();
if (len <= 0) {
return;
}
if (len > (precomputedDigest.length - offset)) {
offset = RAW_RSA_MAX + 1;
return;
}
byteBuffer.get(precomputedDigest, offset, len);
offset += len;
}
@Override
protected void resetDigest(){
offset = 0;
}
// Returns the precomputed message digest value.
@Override
protected byte[] getDigestValue() throws SignatureException {
if (offset > RAW_RSA_MAX) {
throw new SignatureException("Message digest is too long");
}
// Determine the digest algorithm from the digest length
if (offset == 20) {
setDigestName("SHA1");
} else if (offset == 36) {
setDigestName("SHA1+MD5");
} else if (offset == 32) {
setDigestName("SHA-256");
} else if (offset == 48) {
setDigestName("SHA-384");
} else if (offset == 64) {
setDigestName("SHA-512");
} else if (offset == 16) {
setDigestName("MD5");
} else {
throw new SignatureException(
"Message digest length is not supported");
}
byte[] result = new byte[offset];
System.arraycopy(precomputedDigest, 0, result, 0, offset);
offset = 0;
return result;
}
}
public static final class SHA1withRSA extends RSA {
public SHA1withRSA() {
super("SHA1");
}
}
public static final class SHA256withRSA extends RSA {
public SHA256withRSA() {
super("SHA-256");
}
}
public static final class SHA384withRSA extends RSA {
public SHA384withRSA() {
super("SHA-384");
}
}
public static final class SHA512withRSA extends RSA {
public SHA512withRSA() {
super("SHA-512");
}
}
public static final class MD5withRSA extends RSA {
public MD5withRSA() {
super("MD5");
}
}
public static final class MD2withRSA extends RSA {
public MD2withRSA() {
super("MD2");
}
}
public static final class SHA1withECDSA extends ECDSA {
public SHA1withECDSA() {
super("SHA-1");
}
}
public static final class SHA224withECDSA extends ECDSA {
public SHA224withECDSA() {
super("SHA-224");
}
}
public static final class SHA256withECDSA extends ECDSA {
public SHA256withECDSA() {
super("SHA-256");
}
}
public static final class SHA384withECDSA extends ECDSA {
public SHA384withECDSA() {
super("SHA-384");
}
}
public static final class SHA512withECDSA extends ECDSA {
public SHA512withECDSA() {
super("SHA-512");
}
}
static class ECDSA extends CSignature {
public ECDSA(String messageDigestAlgorithm) {
super("EC", messageDigestAlgorithm);
}
// initialize for signing. See JCA doc
@Override
protected void engineInitSign(PrivateKey key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("Key cannot be null");
}
if ((key instanceof CPrivateKey) == false
|| !key.getAlgorithm().equalsIgnoreCase("EC")) {
throw new InvalidKeyException("Key type not supported: "
+ key.getClass() + " " + key.getAlgorithm());
}
privateKey = (CPrivateKey) key;
this.publicKey = null;
resetDigest();
}
// initialize for signing. See JCA doc
@Override
protected void engineInitVerify(PublicKey key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("Key cannot be null");
}
// This signature accepts only ECPublicKey
if ((key instanceof ECPublicKey) == false) {
throw new InvalidKeyException("Key type not supported: "
+ key.getClass());
}
if ((key instanceof CPublicKey) == false) {
try {
publicKey = importECPublicKey("EC",
CKey.generateECBlob(key),
KeyUtil.getKeySize(key));
} catch (KeyStoreException e) {
throw new InvalidKeyException(e);
}
} else {
publicKey = (CPublicKey) key;
}
this.privateKey = null;
resetDigest();
}
@Override
protected byte[] engineSign() throws SignatureException {
byte[] hash = getDigestValue();
byte[] raw = signCngHash(0, hash, hash.length,
0,
null,
privateKey.getHCryptProvider(), 0);
return ECUtil.encodeSignature(raw);
}
@Override
protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
byte[] hash = getDigestValue();
sigBytes = ECUtil.decodeSignature(sigBytes);
return verifyCngSignedHash(
0,
hash, hash.length,
sigBytes, sigBytes.length,
0,
null,
publicKey.getHCryptProvider(),
0
);
}
}
public static final class PSS extends RSA {
private PSSParameterSpec pssParams = null;
// Workaround: Cannot import raw public key to CNG. This signature
// will be used for verification if key is not from MSCAPI.
private Signature fallbackSignature;
public PSS() {
super(null);
}
@Override
protected void engineInitSign(PrivateKey key) throws InvalidKeyException {
super.engineInitSign(key);
fallbackSignature = null;
}
@Override
protected void engineInitVerify(PublicKey key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("Key cannot be null");
}
// This signature accepts only RSAPublicKey
if ((key instanceof java.security.interfaces.RSAPublicKey) == false) {
throw new InvalidKeyException("Key type not supported: "
+ key.getClass());
}
this.privateKey = null;
if (key instanceof CPublicKey) {
fallbackSignature = null;
publicKey = (CPublicKey) key;
} else {
if (fallbackSignature == null) {
try {
fallbackSignature = Signature.getInstance(
"RSASSA-PSS", "SunRsaSign");
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new InvalidKeyException("Invalid key", e);
}
}
fallbackSignature.initVerify(key);
if (pssParams != null) {
try {
fallbackSignature.setParameter(pssParams);
} catch (InvalidAlgorithmParameterException e) {
throw new InvalidKeyException("Invalid params", e);
}
}
publicKey = null;
}
resetDigest();
}
@Override
protected void engineUpdate(byte b) throws SignatureException {
ensureInit();
if (fallbackSignature != null) {
fallbackSignature.update(b);
} else {
messageDigest.update(b);
}
needsReset = true;
}
@Override
protected void engineUpdate(byte[] b, int off, int len) throws SignatureException {
ensureInit();
if (fallbackSignature != null) {
fallbackSignature.update(b, off, len);
} else {
messageDigest.update(b, off, len);
}
needsReset = true;
}
@Override
protected void engineUpdate(ByteBuffer input) {
try {
ensureInit();
} catch (SignatureException se) {
// hack for working around API bug
throw new RuntimeException(se.getMessage());
}
if (fallbackSignature != null) {
try {
fallbackSignature.update(input);
} catch (SignatureException se) {
// hack for working around API bug
throw new RuntimeException(se.getMessage());
}
} else {
messageDigest.update(input);
}
needsReset = true;
}
@Override
protected byte[] engineSign() throws SignatureException {
ensureInit();
byte[] hash = getDigestValue();
return signCngHash(2, hash, hash.length,
pssParams.getSaltLength(),
((MGF1ParameterSpec)
pssParams.getMGFParameters()).getDigestAlgorithm(),
privateKey.getHCryptProvider(), privateKey.getHCryptKey());
}
@Override
protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
ensureInit();
if (fallbackSignature != null) {
needsReset = false;
return fallbackSignature.verify(sigBytes);
} else {
byte[] hash = getDigestValue();
return verifyCngSignedHash(
2, hash, hash.length,
sigBytes, sigBytes.length,
pssParams.getSaltLength(),
((MGF1ParameterSpec)
pssParams.getMGFParameters()).getDigestAlgorithm(),
publicKey.getHCryptProvider(),
publicKey.getHCryptKey()
);
}
}
@Override
protected void engineSetParameter(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
if (needsReset) {
throw new ProviderException
("Cannot set parameters during operations");
}
this.pssParams = validateSigParams(params);
if (fallbackSignature != null) {
fallbackSignature.setParameter(params);
}
}
@Override
protected AlgorithmParameters engineGetParameters() {
AlgorithmParameters ap = null;
if (this.pssParams != null) {
try {
ap = AlgorithmParameters.getInstance("RSASSA-PSS");
ap.init(this.pssParams);
} catch (GeneralSecurityException gse) {
throw new ProviderException(gse.getMessage());
}
}
return ap;
}
private void ensureInit() throws SignatureException {
if (this.privateKey == null && this.publicKey == null
&& fallbackSignature == null) {
throw new SignatureException("Missing key");
}
if (this.pssParams == null) {
// Parameters are required for signature verification
throw new SignatureException
("Parameters required for RSASSA-PSS signatures");
}
if (fallbackSignature == null && messageDigest == null) {
// This could happen if initVerify(softKey), setParameter(),
// and initSign() were called. No messageDigest. Create it.
try {
messageDigest = MessageDigest
.getInstance(pssParams.getDigestAlgorithm());
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
}
}
}
Validate the specified Signature PSS parameters.
/**
* Validate the specified Signature PSS parameters.
*/
private PSSParameterSpec validateSigParams(AlgorithmParameterSpec p)
throws InvalidAlgorithmParameterException {
if (p == null) {
throw new InvalidAlgorithmParameterException
("Parameters cannot be null");
}
if (!(p instanceof PSSParameterSpec)) {
throw new InvalidAlgorithmParameterException
("parameters must be type PSSParameterSpec");
}
// no need to validate again if same as current signature parameters
PSSParameterSpec params = (PSSParameterSpec) p;
if (params == this.pssParams) return params;
// now sanity check the parameter values
if (!(params.getMGFAlgorithm().equalsIgnoreCase("MGF1"))) {
throw new InvalidAlgorithmParameterException("Only supports MGF1");
}
if (params.getTrailerField() != PSSParameterSpec.TRAILER_FIELD_BC) {
throw new InvalidAlgorithmParameterException
("Only supports TrailerFieldBC(1)");
}
AlgorithmParameterSpec algSpec = params.getMGFParameters();
if (!(algSpec instanceof MGF1ParameterSpec)) {
throw new InvalidAlgorithmParameterException
("Only support MGF1ParameterSpec");
}
MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)algSpec;
String msgHashAlg = params.getDigestAlgorithm()
.toLowerCase(Locale.ROOT).replaceAll("-", "");
if (msgHashAlg.equals("sha")) {
msgHashAlg = "sha1";
}
String mgf1HashAlg = mgfSpec.getDigestAlgorithm()
.toLowerCase(Locale.ROOT).replaceAll("-", "");
if (mgf1HashAlg.equals("sha")) {
mgf1HashAlg = "sha1";
}
if (!mgf1HashAlg.equals(msgHashAlg)) {
throw new InvalidAlgorithmParameterException
("MGF1 hash must be the same as message hash");
}
return params;
}
}
Sign hash using CNG API with HCRYPTKEY.
Params: - type – 0 no padding, 1, pkcs1, 2, pss
/**
* Sign hash using CNG API with HCRYPTKEY.
* @param type 0 no padding, 1, pkcs1, 2, pss
*/
native static byte[] signCngHash(
int type, byte[] hash,
int hashSize, int saltLength, String hashAlgorithm,
long hCryptProv, long nCryptKey)
throws SignatureException;
Verify a signed hash using CNG API with HCRYPTKEY.
Params: - type – 0 no padding, 1, pkcs1, 2, pss
/**
* Verify a signed hash using CNG API with HCRYPTKEY.
* @param type 0 no padding, 1, pkcs1, 2, pss
*/
private native static boolean verifyCngSignedHash(
int type, byte[] hash, int hashSize,
byte[] signature, int signatureSize,
int saltLength, String hashAlgorithm,
long hCryptProv, long hKey) throws SignatureException;
Resets the message digest if needed.
/**
* Resets the message digest if needed.
*/
protected void resetDigest() {
if (needsReset) {
if (messageDigest != null) {
messageDigest.reset();
}
needsReset = false;
}
}
protected byte[] getDigestValue() throws SignatureException {
needsReset = false;
return messageDigest.digest();
}
protected void setDigestName(String name) {
messageDigestAlgorithm = name;
}
Updates the data to be signed or verified
using the specified byte.
Params: - b – the byte to use for the update.
Throws: - SignatureException – if the engine is not initialized
properly.
/**
* Updates the data to be signed or verified
* using the specified byte.
*
* @param b the byte to use for the update.
*
* @exception SignatureException if the engine is not initialized
* properly.
*/
@Override
protected void engineUpdate(byte b) throws SignatureException {
messageDigest.update(b);
needsReset = true;
}
Updates the data to be signed or verified, using the
specified array of bytes, starting at the specified offset.
Params: - b – the array of bytes
- off – the offset to start from in the array of bytes
- len – the number of bytes to use, starting at offset
Throws: - SignatureException – if the engine is not initialized
properly
/**
* Updates the data to be signed or verified, using the
* specified array of bytes, starting at the specified offset.
*
* @param b the array of bytes
* @param off the offset to start from in the array of bytes
* @param len the number of bytes to use, starting at offset
*
* @exception SignatureException if the engine is not initialized
* properly
*/
@Override
protected void engineUpdate(byte[] b, int off, int len)
throws SignatureException {
messageDigest.update(b, off, len);
needsReset = true;
}
Updates the data to be signed or verified, using the
specified ByteBuffer.
Params: - input – the ByteBuffer
/**
* Updates the data to be signed or verified, using the
* specified ByteBuffer.
*
* @param input the ByteBuffer
*/
@Override
protected void engineUpdate(ByteBuffer input) {
messageDigest.update(input);
needsReset = true;
}
Convert array from big endian to little endian, or vice versa.
/**
* Convert array from big endian to little endian, or vice versa.
*/
private static byte[] convertEndianArray(byte[] byteArray) {
if (byteArray == null || byteArray.length == 0)
return byteArray;
byte [] retval = new byte[byteArray.length];
// make it big endian
for (int i=0;i < byteArray.length;i++)
retval[i] = byteArray[byteArray.length - i - 1];
return retval;
}
Sign hash using Microsoft Crypto API with HCRYPTKEY.
The returned data is in little-endian.
/**
* Sign hash using Microsoft Crypto API with HCRYPTKEY.
* The returned data is in little-endian.
*/
private native static byte[] signHash(boolean noHashOID, byte[] hash,
int hashSize, String hashAlgorithm, long hCryptProv, long hCryptKey)
throws SignatureException;
Verify a signed hash using Microsoft Crypto API with HCRYPTKEY.
/**
* Verify a signed hash using Microsoft Crypto API with HCRYPTKEY.
*/
private native static boolean verifySignedHash(byte[] hash, int hashSize,
String hashAlgorithm, byte[] signature, int signatureSize,
long hCryptProv, long hCryptKey) throws SignatureException;
Sets the specified algorithm parameter to the specified
value. This method supplies a general-purpose mechanism through
which it is possible to set the various parameters of this object.
A parameter may be any settable parameter for the algorithm, such as
a parameter size, or a source of random bits for signature generation
(if appropriate), or an indication of whether or not to perform
a specific but optional computation. A uniform algorithm-specific
naming scheme for each parameter is desirable but left unspecified
at this time.
Params: - param – the string identifier of the parameter.
- value – the parameter value.
Throws: - InvalidParameterException – if
param is an
invalid parameter for this signature algorithm engine,
the parameter is already set
and cannot be set again, a security exception occurs, and so on.
Deprecated: Replaced by
engineSetParameter.
/**
* Sets the specified algorithm parameter to the specified
* value. This method supplies a general-purpose mechanism through
* which it is possible to set the various parameters of this object.
* A parameter may be any settable parameter for the algorithm, such as
* a parameter size, or a source of random bits for signature generation
* (if appropriate), or an indication of whether or not to perform
* a specific but optional computation. A uniform algorithm-specific
* naming scheme for each parameter is desirable but left unspecified
* at this time.
*
* @param param the string identifier of the parameter.
*
* @param value the parameter value.
*
* @exception InvalidParameterException if <code>param</code> is an
* invalid parameter for this signature algorithm engine,
* the parameter is already set
* and cannot be set again, a security exception occurs, and so on.
*
* @deprecated Replaced by {@link
* #engineSetParameter(java.security.spec.AlgorithmParameterSpec)
* engineSetParameter}.
*/
@Override
@Deprecated
protected void engineSetParameter(String param, Object value)
throws InvalidParameterException {
throw new InvalidParameterException("Parameter not supported");
}
Sets this signature engine with the specified algorithm parameter.
Params: - params – the parameters
Throws: - InvalidAlgorithmParameterException – if the given
parameter is invalid
/**
* Sets this signature engine with the specified algorithm parameter.
*
* @param params the parameters
*
* @exception InvalidAlgorithmParameterException if the given
* parameter is invalid
*/
@Override
protected void engineSetParameter(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
if (params != null) {
throw new InvalidAlgorithmParameterException("No parameter accepted");
}
}
Gets the value of the specified algorithm parameter.
This method supplies a general-purpose mechanism through which it
is possible to get the various parameters of this object. A parameter
may be any settable parameter for the algorithm, such as a parameter
size, or a source of random bits for signature generation (if
appropriate), or an indication of whether or not to perform a
specific but optional computation. A uniform algorithm-specific
naming scheme for each parameter is desirable but left unspecified
at this time.
Params: - param – the string name of the parameter.
Throws: - InvalidParameterException – if
param is an
invalid parameter for this engine, or another exception occurs while
trying to get this parameter.
Returns: the object that represents the parameter value, or null if
there is none. Deprecated:
/**
* Gets the value of the specified algorithm parameter.
* This method supplies a general-purpose mechanism through which it
* is possible to get the various parameters of this object. A parameter
* may be any settable parameter for the algorithm, such as a parameter
* size, or a source of random bits for signature generation (if
* appropriate), or an indication of whether or not to perform a
* specific but optional computation. A uniform algorithm-specific
* naming scheme for each parameter is desirable but left unspecified
* at this time.
*
* @param param the string name of the parameter.
*
* @return the object that represents the parameter value, or null if
* there is none.
*
* @exception InvalidParameterException if <code>param</code> is an
* invalid parameter for this engine, or another exception occurs while
* trying to get this parameter.
*
* @deprecated
*/
@Override
@Deprecated
protected Object engineGetParameter(String param)
throws InvalidParameterException {
throw new InvalidParameterException("Parameter not supported");
}
Gets the algorithm parameter from this signature engine.
Returns: the parameter, or null if no parameter is used.
/**
* Gets the algorithm parameter from this signature engine.
*
* @return the parameter, or null if no parameter is used.
*/
@Override
protected AlgorithmParameters engineGetParameters() {
return null;
}
Imports a public-key BLOB.
/**
* Imports a public-key BLOB.
*/
// used by CRSACipher
static native CPublicKey importPublicKey(
String alg, byte[] keyBlob, int keySize) throws KeyStoreException;
static native CPublicKey importECPublicKey(
String alg, byte[] keyBlob, int keySize) throws KeyStoreException;
}