Save This Page
Home » openjdk-7 » java » security » [javadoc | source]
    1   /*
    2    * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
    3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
    4    *
    5    * This code is free software; you can redistribute it and/or modify it
    6    * under the terms of the GNU General Public License version 2 only, as
    7    * published by the Free Software Foundation.  Oracle designates this
    8    * particular file as subject to the "Classpath" exception as provided
    9    * by Oracle in the LICENSE file that accompanied this code.
   10    *
   11    * This code is distributed in the hope that it will be useful, but WITHOUT
   12    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
   13    * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   14    * version 2 for more details (a copy is included in the LICENSE file that
   15    * accompanied this code).
   16    *
   17    * You should have received a copy of the GNU General Public License version
   18    * 2 along with this work; if not, write to the Free Software Foundation,
   19    * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   20    *
   21    * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
   22    * or visit www.oracle.com if you need additional information or have any
   23    * questions.
   24    */
   25   
   26   package java.security;
   27   
   28   import java.security.spec.AlgorithmParameterSpec;
   29   import java.util;
   30   import java.io;
   31   
   32   import java.nio.ByteBuffer;
   33   
   34   import sun.security.jca.JCAUtil;
   35   
   36   /**
   37    * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
   38    * for the <code>Signature</code> class, which is used to provide the
   39    * functionality of a digital signature algorithm. Digital signatures are used
   40    * for authentication and integrity assurance of digital data.
   41    *.
   42    * <p> All the abstract methods in this class must be implemented by each
   43    * cryptographic service provider who wishes to supply the implementation
   44    * of a particular signature algorithm.
   45    *
   46    * @author Benjamin Renaud
   47    *
   48    *
   49    * @see Signature
   50    */
   51   
   52   public abstract class SignatureSpi {
   53   
   54       /**
   55        * Application-specified source of randomness.
   56        */
   57       protected SecureRandom appRandom = null;
   58   
   59       /**
   60        * Initializes this signature object with the specified
   61        * public key for verification operations.
   62        *
   63        * @param publicKey the public key of the identity whose signature is
   64        * going to be verified.
   65        *
   66        * @exception InvalidKeyException if the key is improperly
   67        * encoded, parameters are missing, and so on.
   68        */
   69       protected abstract void engineInitVerify(PublicKey publicKey)
   70           throws InvalidKeyException;
   71   
   72       /**
   73        * Initializes this signature object with the specified
   74        * private key for signing operations.
   75        *
   76        * @param privateKey the private key of the identity whose signature
   77        * will be generated.
   78        *
   79        * @exception InvalidKeyException if the key is improperly
   80        * encoded, parameters are missing, and so on.
   81        */
   82       protected abstract void engineInitSign(PrivateKey privateKey)
   83           throws InvalidKeyException;
   84   
   85       /**
   86        * Initializes this signature object with the specified
   87        * private key and source of randomness for signing operations.
   88        *
   89        * <p>This concrete method has been added to this previously-defined
   90        * abstract class. (For backwards compatibility, it cannot be abstract.)
   91        *
   92        * @param privateKey the private key of the identity whose signature
   93        * will be generated.
   94        * @param random the source of randomness
   95        *
   96        * @exception InvalidKeyException if the key is improperly
   97        * encoded, parameters are missing, and so on.
   98        */
   99       protected void engineInitSign(PrivateKey privateKey,
  100                                     SecureRandom random)
  101           throws InvalidKeyException {
  102               this.appRandom = random;
  103               engineInitSign(privateKey);
  104       }
  105   
  106       /**
  107        * Updates the data to be signed or verified
  108        * using the specified byte.
  109        *
  110        * @param b the byte to use for the update.
  111        *
  112        * @exception SignatureException if the engine is not initialized
  113        * properly.
  114        */
  115       protected abstract void engineUpdate(byte b) throws SignatureException;
  116   
  117       /**
  118        * Updates the data to be signed or verified, using the
  119        * specified array of bytes, starting at the specified offset.
  120        *
  121        * @param b the array of bytes
  122        * @param off the offset to start from in the array of bytes
  123        * @param len the number of bytes to use, starting at offset
  124        *
  125        * @exception SignatureException if the engine is not initialized
  126        * properly
  127        */
  128       protected abstract void engineUpdate(byte[] b, int off, int len)
  129           throws SignatureException;
  130   
  131       /**
  132        * Updates the data to be signed or verified using the specified
  133        * ByteBuffer. Processes the <code>data.remaining()</code> bytes
  134        * starting at at <code>data.position()</code>.
  135        * Upon return, the buffer's position will be equal to its limit;
  136        * its limit will not have changed.
  137        *
  138        * @param input the ByteBuffer
  139        * @since 1.5
  140        */
  141       protected void engineUpdate(ByteBuffer input) {
  142           if (input.hasRemaining() == false) {
  143               return;
  144           }
  145           try {
  146               if (input.hasArray()) {
  147                   byte[] b = input.array();
  148                   int ofs = input.arrayOffset();
  149                   int pos = input.position();
  150                   int lim = input.limit();
  151                   engineUpdate(b, ofs + pos, lim - pos);
  152                   input.position(lim);
  153               } else {
  154                   int len = input.remaining();
  155                   byte[] b = new byte[JCAUtil.getTempArraySize(len)];
  156                   while (len > 0) {
  157                       int chunk = Math.min(len, b.length);
  158                       input.get(b, 0, chunk);
  159                       engineUpdate(b, 0, chunk);
  160                       len -= chunk;
  161                   }
  162               }
  163           } catch (SignatureException e) {
  164               // is specified to only occur when the engine is not initialized
  165               // this case should never occur as it is caught in Signature.java
  166               throw new ProviderException("update() failed", e);
  167           }
  168       }
  169   
  170       /**
  171        * Returns the signature bytes of all the data
  172        * updated so far.
  173        * The format of the signature depends on the underlying
  174        * signature scheme.
  175        *
  176        * @return the signature bytes of the signing operation's result.
  177        *
  178        * @exception SignatureException if the engine is not
  179        * initialized properly or if this signature algorithm is unable to
  180        * process the input data provided.
  181        */
  182       protected abstract byte[] engineSign() throws SignatureException;
  183   
  184       /**
  185        * Finishes this signature operation and stores the resulting signature
  186        * bytes in the provided buffer <code>outbuf</code>, starting at
  187        * <code>offset</code>.
  188        * The format of the signature depends on the underlying
  189        * signature scheme.
  190        *
  191        * <p>The signature implementation is reset to its initial state
  192        * (the state it was in after a call to one of the
  193        * <code>engineInitSign</code> methods)
  194        * and can be reused to generate further signatures with the same private
  195        * key.
  196        *
  197        * This method should be abstract, but we leave it concrete for
  198        * binary compatibility.  Knowledgeable providers should override this
  199        * method.
  200        *
  201        * @param outbuf buffer for the signature result.
  202        *
  203        * @param offset offset into <code>outbuf</code> where the signature is
  204        * stored.
  205        *
  206        * @param len number of bytes within <code>outbuf</code> allotted for the
  207        * signature.
  208        * Both this default implementation and the SUN provider do not
  209        * return partial digests. If the value of this parameter is less
  210        * than the actual signature length, this method will throw a
  211        * SignatureException.
  212        * This parameter is ignored if its value is greater than or equal to
  213        * the actual signature length.
  214        *
  215        * @return the number of bytes placed into <code>outbuf</code>
  216        *
  217        * @exception SignatureException if the engine is not
  218        * initialized properly, if this signature algorithm is unable to
  219        * process the input data provided, or if <code>len</code> is less
  220        * than the actual signature length.
  221        *
  222        * @since 1.2
  223        */
  224       protected int engineSign(byte[] outbuf, int offset, int len)
  225                           throws SignatureException {
  226           byte[] sig = engineSign();
  227           if (len < sig.length) {
  228                   throw new SignatureException
  229                       ("partial signatures not returned");
  230           }
  231           if (outbuf.length - offset < sig.length) {
  232                   throw new SignatureException
  233                       ("insufficient space in the output buffer to store the "
  234                        + "signature");
  235           }
  236           System.arraycopy(sig, 0, outbuf, offset, sig.length);
  237           return sig.length;
  238       }
  239   
  240       /**
  241        * Verifies the passed-in signature.
  242        *
  243        * @param sigBytes the signature bytes to be verified.
  244        *
  245        * @return true if the signature was verified, false if not.
  246        *
  247        * @exception SignatureException if the engine is not
  248        * initialized properly, the passed-in signature is improperly
  249        * encoded or of the wrong type, if this signature algorithm is unable to
  250        * process the input data provided, etc.
  251        */
  252       protected abstract boolean engineVerify(byte[] sigBytes)
  253           throws SignatureException;
  254   
  255       /**
  256        * Verifies the passed-in signature in the specified array
  257        * of bytes, starting at the specified offset.
  258        *
  259        * <p> Note: Subclasses should overwrite the default implementation.
  260        *
  261        *
  262        * @param sigBytes the signature bytes to be verified.
  263        * @param offset the offset to start from in the array of bytes.
  264        * @param length the number of bytes to use, starting at offset.
  265        *
  266        * @return true if the signature was verified, false if not.
  267        *
  268        * @exception SignatureException if the engine is not
  269        * initialized properly, the passed-in signature is improperly
  270        * encoded or of the wrong type, if this signature algorithm is unable to
  271        * process the input data provided, etc.
  272        * @since 1.4
  273        */
  274       protected boolean engineVerify(byte[] sigBytes, int offset, int length)
  275           throws SignatureException {
  276           byte[] sigBytesCopy = new byte[length];
  277           System.arraycopy(sigBytes, offset, sigBytesCopy, 0, length);
  278           return engineVerify(sigBytesCopy);
  279       }
  280   
  281       /**
  282        * Sets the specified algorithm parameter to the specified
  283        * value. This method supplies a general-purpose mechanism through
  284        * which it is possible to set the various parameters of this object.
  285        * A parameter may be any settable parameter for the algorithm, such as
  286        * a parameter size, or a source of random bits for signature generation
  287        * (if appropriate), or an indication of whether or not to perform
  288        * a specific but optional computation. A uniform algorithm-specific
  289        * naming scheme for each parameter is desirable but left unspecified
  290        * at this time.
  291        *
  292        * @param param the string identifier of the parameter.
  293        *
  294        * @param value the parameter value.
  295        *
  296        * @exception InvalidParameterException if <code>param</code> is an
  297        * invalid parameter for this signature algorithm engine,
  298        * the parameter is already set
  299        * and cannot be set again, a security exception occurs, and so on.
  300        *
  301        * @deprecated Replaced by {@link
  302        * #engineSetParameter(java.security.spec.AlgorithmParameterSpec)
  303        * engineSetParameter}.
  304        */
  305       @Deprecated
  306       protected abstract void engineSetParameter(String param, Object value)
  307           throws InvalidParameterException;
  308   
  309       /**
  310        * <p>This method is overridden by providers to initialize
  311        * this signature engine with the specified parameter set.
  312        *
  313        * @param params the parameters
  314        *
  315        * @exception UnsupportedOperationException if this method is not
  316        * overridden by a provider
  317        *
  318        * @exception InvalidAlgorithmParameterException if this method is
  319        * overridden by a provider and the given parameters
  320        * are inappropriate for this signature engine
  321        */
  322       protected void engineSetParameter(AlgorithmParameterSpec params)
  323           throws InvalidAlgorithmParameterException {
  324               throw new UnsupportedOperationException();
  325       }
  326   
  327       /**
  328        * <p>This method is overridden by providers to return the
  329        * parameters used with this signature engine, or null
  330        * if this signature engine does not use any parameters.
  331        *
  332        * <p>The returned parameters may be the same that were used to initialize
  333        * this signature engine, or may contain a combination of default and
  334        * randomly generated parameter values used by the underlying signature
  335        * implementation if this signature engine requires algorithm parameters
  336        * but was not initialized with any.
  337        *
  338        * @return the parameters used with this signature engine, or null if this
  339        * signature engine does not use any parameters
  340        *
  341        * @exception UnsupportedOperationException if this method is
  342        * not overridden by a provider
  343        * @since 1.4
  344        */
  345       protected AlgorithmParameters engineGetParameters() {
  346           throw new UnsupportedOperationException();
  347       }
  348   
  349       /**
  350        * Gets the value of the specified algorithm parameter.
  351        * This method supplies a general-purpose mechanism through which it
  352        * is possible to get the various parameters of this object. A parameter
  353        * may be any settable parameter for the algorithm, such as a parameter
  354        * size, or  a source of random bits for signature generation (if
  355        * appropriate), or an indication of whether or not to perform a
  356        * specific but optional computation. A uniform algorithm-specific
  357        * naming scheme for each parameter is desirable but left unspecified
  358        * at this time.
  359        *
  360        * @param param the string name of the parameter.
  361        *
  362        * @return the object that represents the parameter value, or null if
  363        * there is none.
  364        *
  365        * @exception InvalidParameterException if <code>param</code> is an
  366        * invalid parameter for this engine, or another exception occurs while
  367        * trying to get this parameter.
  368        *
  369        * @deprecated
  370        */
  371       @Deprecated
  372       protected abstract Object engineGetParameter(String param)
  373           throws InvalidParameterException;
  374   
  375       /**
  376        * Returns a clone if the implementation is cloneable.
  377        *
  378        * @return a clone if the implementation is cloneable.
  379        *
  380        * @exception CloneNotSupportedException if this is called
  381        * on an implementation that does not support <code>Cloneable</code>.
  382        */
  383       public Object clone() throws CloneNotSupportedException {
  384           if (this instanceof Cloneable) {
  385               return super.clone();
  386           } else {
  387               throw new CloneNotSupportedException();
  388           }
  389       }
  390   }

Save This Page
Home » openjdk-7 » java » security » [javadoc | source]