1/* 2 * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 27package sun.security.ssl; 28 29import java.util.Arrays; 30 31import java.security.*; 32 33/** 34 * Signature implementation for the SSL/TLS RSA Signature variant with both 35 * MD5 and SHA-1 MessageDigests. Used for explicit RSA server authentication 36 * (RSA signed server key exchange for RSA_EXPORT and DHE_RSA) and RSA client 37 * authentication (RSA signed certificate verify message). 38 * 39 * It conforms to the standard JCA Signature API. It is registered in the 40 * SunJSSE provider to avoid more complicated getInstance() code and 41 * negative interaction with the JCA mechanisms for hardware providers. 42 * 43 * The class should be instantiated via the getInstance() method in this class, 44 * which returns the implementation from the prefered provider. The internal 45 * implementation allows the hashes to be explicitly set, which is required 46 * for RSA client authentication. It can be obtained via the 47 * getInternalInstance() method. 48 * 49 * This class is not thread safe. 50 * 51 */ 52public final class RSASignature extends SignatureSpi { 53 54 private final Signature rawRsa; 55 private MessageDigest md5, sha; 56 57 // flag indicating if the MessageDigests are in reset state 58 private boolean isReset; 59 60 public RSASignature() throws NoSuchAlgorithmException { 61 super(); 62 rawRsa = JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA); 63 isReset = true; 64 } 65 66 /** 67 * Get an implementation for the RSA signature. Follows the standard 68 * JCA getInstance() model, so it return the implementation from the 69 * provider with the highest precedence, which may be this class. 70 */ 71 static Signature getInstance() throws NoSuchAlgorithmException { 72 return JsseJce.getSignature(JsseJce.SIGNATURE_SSLRSA); 73 } 74 75 /** 76 * Get an internal implementation for the RSA signature. Used for RSA 77 * client authentication, which needs the ability to set the digests 78 * to externally provided values via the setHashes() method. 79 */ 80 static Signature getInternalInstance() 81 throws NoSuchAlgorithmException, NoSuchProviderException { 82 return Signature.getInstance(JsseJce.SIGNATURE_SSLRSA, "SunJSSE"); 83 } 84 85 /** 86 * Set the MD5 and SHA hashes to the provided objects. 87 */ 88 static void setHashes(Signature sig, MessageDigest md5, MessageDigest sha) { 89 sig.setParameter("hashes", new MessageDigest[] {md5, sha}); 90 } 91 92 /** 93 * Reset the MessageDigests unless they are already reset. 94 */ 95 private void reset() { 96 if (isReset == false) { 97 md5.reset(); 98 sha.reset(); 99 isReset = true; 100 } 101 } 102 103 private static void checkNull(Key key) throws InvalidKeyException { 104 if (key == null) { 105 throw new InvalidKeyException("Key must not be null"); 106 } 107 } 108 109 protected void engineInitVerify(PublicKey publicKey) 110 throws InvalidKeyException { 111 checkNull(publicKey); 112 reset(); 113 rawRsa.initVerify(publicKey); 114 } 115 116 protected void engineInitSign(PrivateKey privateKey) 117 throws InvalidKeyException { 118 engineInitSign(privateKey, null); 119 } 120 121 protected void engineInitSign(PrivateKey privateKey, SecureRandom random) 122 throws InvalidKeyException { 123 checkNull(privateKey); 124 reset(); 125 rawRsa.initSign(privateKey, random); 126 } 127 128 // lazily initialize the MessageDigests 129 private void initDigests() { 130 if (md5 == null) { 131 md5 = JsseJce.getMD5(); 132 sha = JsseJce.getSHA(); 133 } 134 } 135 136 protected void engineUpdate(byte b) { 137 initDigests(); 138 isReset = false; 139 md5.update(b); 140 sha.update(b); 141 } 142 143 protected void engineUpdate(byte[] b, int off, int len) { 144 initDigests(); 145 isReset = false; 146 md5.update(b, off, len); 147 sha.update(b, off, len); 148 } 149 150 private byte[] getDigest() throws SignatureException { 151 try { 152 initDigests(); 153 byte[] data = new byte[36]; 154 md5.digest(data, 0, 16); 155 sha.digest(data, 16, 20); 156 isReset = true; 157 return data; 158 } catch (DigestException e) { 159 // should never occur 160 throw new SignatureException(e); 161 } 162 } 163 164 protected byte[] engineSign() throws SignatureException { 165 rawRsa.update(getDigest()); 166 return rawRsa.sign(); 167 } 168 169 protected boolean engineVerify(byte[] sigBytes) throws SignatureException { 170 return engineVerify(sigBytes, 0, sigBytes.length); 171 } 172 173 protected boolean engineVerify(byte[] sigBytes, int offset, int length) 174 throws SignatureException { 175 rawRsa.update(getDigest()); 176 return rawRsa.verify(sigBytes, offset, length); 177 } 178 179 protected void engineSetParameter(String param, Object value) 180 throws InvalidParameterException { 181 if (param.equals("hashes") == false) { 182 throw new InvalidParameterException 183 ("Parameter not supported: " + param); 184 } 185 if (value instanceof MessageDigest[] == false) { 186 throw new InvalidParameterException 187 ("value must be MessageDigest[]"); 188 } 189 MessageDigest[] digests = (MessageDigest[])value; 190 md5 = digests[0]; 191 sha = digests[1]; 192 } 193 194 protected Object engineGetParameter(String param) 195 throws InvalidParameterException { 196 throw new InvalidParameterException("Parameters not supported"); 197 } 198 199} 200