1/*
2 * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26
27package sun.security.ssl;
28
29import java.util.Arrays;
30
31import java.security.*;
32
33/**
34 * Signature implementation for the SSL/TLS RSA Signature variant with both
35 * MD5 and SHA-1 MessageDigests. Used for explicit RSA server authentication
36 * (RSA signed server key exchange for RSA_EXPORT and DHE_RSA) and RSA client
37 * authentication (RSA signed certificate verify message).
38 *
39 * It conforms to the standard JCA Signature API. It is registered in the
40 * SunJSSE provider to avoid more complicated getInstance() code and
41 * negative interaction with the JCA mechanisms for hardware providers.
42 *
43 * The class should be instantiated via the getInstance() method in this class,
44 * which returns the implementation from the prefered provider. The internal
45 * implementation allows the hashes to be explicitly set, which is required
46 * for RSA client authentication. It can be obtained via the
47 * getInternalInstance() method.
48 *
49 * This class is not thread safe.
50 *
51 */
52public final class RSASignature extends SignatureSpi {
53
54    private final Signature rawRsa;
55    private MessageDigest md5, sha;
56
57    // flag indicating if the MessageDigests are in reset state
58    private boolean isReset;
59
60    public RSASignature() throws NoSuchAlgorithmException {
61        super();
62        rawRsa = JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
63        isReset = true;
64    }
65
66    /**
67     * Get an implementation for the RSA signature. Follows the standard
68     * JCA getInstance() model, so it return the implementation from the
69     * provider with the highest precedence, which may be this class.
70     */
71    static Signature getInstance() throws NoSuchAlgorithmException {
72        return JsseJce.getSignature(JsseJce.SIGNATURE_SSLRSA);
73    }
74
75    /**
76     * Get an internal implementation for the RSA signature. Used for RSA
77     * client authentication, which needs the ability to set the digests
78     * to externally provided values via the setHashes() method.
79     */
80    static Signature getInternalInstance()
81            throws NoSuchAlgorithmException, NoSuchProviderException {
82        return Signature.getInstance(JsseJce.SIGNATURE_SSLRSA, "SunJSSE");
83    }
84
85    /**
86     * Set the MD5 and SHA hashes to the provided objects.
87     */
88    static void setHashes(Signature sig, MessageDigest md5, MessageDigest sha) {
89        sig.setParameter("hashes", new MessageDigest[] {md5, sha});
90    }
91
92    /**
93     * Reset the MessageDigests unless they are already reset.
94     */
95    private void reset() {
96        if (isReset == false) {
97            md5.reset();
98            sha.reset();
99            isReset = true;
100        }
101    }
102
103    private static void checkNull(Key key) throws InvalidKeyException {
104        if (key == null) {
105            throw new InvalidKeyException("Key must not be null");
106        }
107    }
108
109    protected void engineInitVerify(PublicKey publicKey)
110            throws InvalidKeyException {
111        checkNull(publicKey);
112        reset();
113        rawRsa.initVerify(publicKey);
114    }
115
116    protected void engineInitSign(PrivateKey privateKey)
117            throws InvalidKeyException {
118        engineInitSign(privateKey, null);
119    }
120
121    protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
122            throws InvalidKeyException {
123        checkNull(privateKey);
124        reset();
125        rawRsa.initSign(privateKey, random);
126    }
127
128    // lazily initialize the MessageDigests
129    private void initDigests() {
130        if (md5 == null) {
131            md5 = JsseJce.getMD5();
132            sha = JsseJce.getSHA();
133        }
134    }
135
136    protected void engineUpdate(byte b) {
137        initDigests();
138        isReset = false;
139        md5.update(b);
140        sha.update(b);
141    }
142
143    protected void engineUpdate(byte[] b, int off, int len) {
144        initDigests();
145        isReset = false;
146        md5.update(b, off, len);
147        sha.update(b, off, len);
148    }
149
150    private byte[] getDigest() throws SignatureException {
151        try {
152            initDigests();
153            byte[] data = new byte[36];
154            md5.digest(data, 0, 16);
155            sha.digest(data, 16, 20);
156            isReset = true;
157            return data;
158        } catch (DigestException e) {
159            // should never occur
160            throw new SignatureException(e);
161        }
162    }
163
164    protected byte[] engineSign() throws SignatureException {
165        rawRsa.update(getDigest());
166        return rawRsa.sign();
167    }
168
169    protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
170        return engineVerify(sigBytes, 0, sigBytes.length);
171    }
172
173    protected boolean engineVerify(byte[] sigBytes, int offset, int length)
174            throws SignatureException {
175        rawRsa.update(getDigest());
176        return rawRsa.verify(sigBytes, offset, length);
177    }
178
179    protected void engineSetParameter(String param, Object value)
180            throws InvalidParameterException {
181        if (param.equals("hashes") == false) {
182            throw new InvalidParameterException
183                ("Parameter not supported: " + param);
184        }
185        if (value instanceof MessageDigest[] == false) {
186            throw new InvalidParameterException
187                ("value must be MessageDigest[]");
188        }
189        MessageDigest[] digests = (MessageDigest[])value;
190        md5 = digests[0];
191        sha = digests[1];
192    }
193
194    protected Object engineGetParameter(String param)
195            throws InvalidParameterException {
196        throw new InvalidParameterException("Parameters not supported");
197    }
198
199}
200