1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
/* * Copyright 2006 Sun Microsystems, Inc. All rights reserved. */ /* * $Id: DOMRSASignatureMethod.java,v 1.14 2005/09/15 14:29:04 mullan Exp $ */ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; import java.io.IOException; import java.security.InvalidKeyException; import java.security.Key; import java.security.PrivateKey; import java.security.PublicKey; import java.security.InvalidAlgorithmParameterException; import java.security.Signature; import java.security.SignatureException; import java.security.NoSuchAlgorithmException; import java.security.spec.AlgorithmParameterSpec; import java.util.logging.Level; import java.util.logging.Logger; import org.w3c.dom.Element; import org.jcp.xml.dsig.internal.SignerOutputStream; /** * DOM-based implementation of SignatureMethod for RSA algorithm. * Use DOMHMACSignatureMethod for HMAC algorithms. * * @author Sean Mullan */ public final class DOMRSASignatureMethod extends DOMSignatureMethod { private static Logger log = Logger.getLogger("org.jcp.xml.dsig.internal.dom"); private Signature signature; /** * Creates a <code>DOMRSASignatureMethod</code> for the specified * input parameters. * * @param params algorithm-specific parameters (may be null) * @throws InvalidAlgorithmParameterException if the parameters are not * appropriate for this signature method */ public DOMRSASignatureMethod(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { super(SignatureMethod.RSA_SHA1, params); } /** * Creates a <code>DOMRSASignatureMethod</code> from an element. * * @param smElem a SignatureMethod element */ public DOMRSASignatureMethod(Element smElem) throws MarshalException { super(smElem); } protected void checkParams(SignatureMethodParameterSpec params) throws InvalidAlgorithmParameterException { if (params != null) { throw new InvalidAlgorithmParameterException("no parameters " + "should be specified for RSA signature algorithm"); } } protected SignatureMethodParameterSpec unmarshalParams(Element paramsElem) throws MarshalException { throw new MarshalException("no parameters should " + "be specified for RSA signature algorithm"); } protected void marshalParams(Element parent, String dsPrefix) throws MarshalException { // should never get invoked throw new MarshalException("no parameters should " + "be specified for RSA signature algorithm"); } protected boolean paramsEqual(AlgorithmParameterSpec spec) { // params should always be null return (getParameterSpec() == spec); } public boolean verify(Key key, DOMSignedInfo si, byte[] sig, XMLValidateContext context) throws InvalidKeyException, SignatureException, XMLSignatureException { if (key == null || si == null || sig == null) { throw new NullPointerException ("key, signed info or signature cannot be null"); } if (!(key instanceof PublicKey)) { throw new InvalidKeyException("key must be PublicKey"); } if (signature == null) { try { // FIXME: do other hashes besides sha-1 signature = Signature.getInstance("SHA1withRSA"); } catch (NoSuchAlgorithmException nsae) { throw new SignatureException("SHA1withRSA Signature not found"); } } signature.initVerify((PublicKey) key); if (log.isLoggable(Level.FINE)) { log.log(Level.FINE, "Signature provider:"+ signature.getProvider()); log.log(Level.FINE, "verifying with key: " + key); } si.canonicalize(context, new SignerOutputStream(signature)); return signature.verify(sig); } public byte[] sign(Key key, DOMSignedInfo si, XMLSignContext context) throws InvalidKeyException, XMLSignatureException { if (key == null || si == null) { throw new NullPointerException(); } if (!(key instanceof PrivateKey)) { throw new InvalidKeyException("key must be PrivateKey"); } if (signature == null) { try { // FIXME: do other hashes besides sha-1 signature = Signature.getInstance("SHA1withRSA"); } catch (NoSuchAlgorithmException nsae) { throw new InvalidKeyException("SHA1withRSA Signature not found"); } } signature.initSign((PrivateKey) key); if (log.isLoggable(Level.FINE)) { log.log(Level.FINE, "Signature provider:" +signature.getProvider()); log.log(Level.FINE, "Signing with key: " + key); } si.canonicalize(context, new SignerOutputStream(signature)); try { return signature.sign(); } catch (SignatureException se) { // should never occur! throw new RuntimeException(se.getMessage()); } } }