OpenJDK 1.22 · sun.security.rsa.RSAPSSSignature · APIdia, the JavaDoc alternative

Modifier and Type	Field and Description
private static final boolean	DEBUG
private static final Hashtable<KnownOIDs, Integer>	DIGEST_LENGTHS
private boolean	digestReset
private static final byte[]	EIGHT_BYTES_OF_ZEROS
private MessageDigest	md
private RSAPrivateKey	privKey
private RSAPublicKey	pubKey
private SecureRandom	random
private PSSParameterSpec	sigParams

Access	Constructor and Description
public	RSAPSSSignature() Construct a new RSAPSSSignature with arbitrary digest algorithm

Method Summary

Modifier and Type	Method and Description
private static void	checkKeyLength(RSAKey key, int digestLen, int saltLen) Utility method for checking key length against digest length and salt length
private boolean	decodeSignature(byte[] mHash, byte[] em) Decode the signature data as under RFC8017 sec9.1.2 EMSA-PSS-VERIFY
private byte[]	encodeSignature(byte[] mHash) Encode the digest 'mHash', return the to-be-signed data.
protected Object	engineGetParameter(String the string name of the parameter. param) Implements abstract java.security.SignatureSpi.engineGetParameter. Deprecated Gets the value of the specified algorithm parameter.
protected AlgorithmParameters	engineGetParameters() Overrides java.security.SignatureSpi.engineGetParameters. Returns the parameters used with this `Signature` object.
protected void	engineInitSign(PrivateKey the private key of the identity whose signature will be generated. privateKey) Implements abstract java.security.SignatureSpi.engineInitSign. Initializes this `Signature` object with the specified private key for signing operations.
protected void	engineInitSign(PrivateKey the private key of the identity whose signature will be generated. privateKey, SecureRandom the source of randomness random) Overrides java.security.SignatureSpi.engineInitSign. Initializes this `Signature` object with the specified private key and source of randomness for signing operations.
protected void	engineInitVerify(PublicKey the public key of the identity whose signature is going to be verified. publicKey) Implements abstract java.security.SignatureSpi.engineInitVerify. Initializes this `Signature` object with the specified public key for verification operations.
protected void	engineSetParameter(String the string identifier of the parameter. param, Object the parameter value. value) Implements abstract java.security.SignatureSpi.engineSetParameter. Deprecated Sets the specified algorithm parameter to the specified value.
protected void	engineSetParameter(AlgorithmParameterSpec the parameters params) Overrides java.security.SignatureSpi.engineSetParameter. Initializes this `Signature` object with the specified parameter values.
protected byte[]	engineSign() Implements abstract java.security.SignatureSpi.engineSign. Returns the signature bytes of all the data updated so far.
protected void	engineUpdate(byte the byte to use for the update. b) Implements abstract java.security.SignatureSpi.engineUpdate. Updates the data to be signed or verified using the specified byte.
protected void	engineUpdate(byte[] the array of bytes b, int the offset to start from in the array of bytes off, int the number of bytes to use, starting at offset len) Implements abstract java.security.SignatureSpi.engineUpdate. Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.
protected void	engineUpdate(ByteBuffer the ByteBuffer b) Overrides java.security.SignatureSpi.engineUpdate. Updates the data to be signed or verified using the specified ByteBuffer.
protected boolean	engineVerify(byte[] the signature bytes to be verified. sigBytes) Implements abstract java.security.SignatureSpi.engineVerify. Verifies the passed-in signature.
private void	ensureInit() Ensure the object is initialized with key and parameters and reset digest
private byte[]	getDigestValue() Return the message digest value.
private static int	getKeyLengthInBits(RSAKey k)
private static boolean	isCompatible(AlgorithmParameterSpec keyParams, PSSParameterSpec sigParams) Utility method for checking the key PSS parameters against signature PSS parameters.
private boolean	isDigestEqual(String stdAlg, String givenAlg)
private void	isPrivateKeyValid(RSAPrivateKey prKey) Validate the specified RSAPrivateKey
private void	isPublicKeyValid(RSAPublicKey pKey) Validate the specified RSAPublicKey
private void	isValid(RSAKey rsaKey) Validate the specified RSAKey and its associated parameters against internal signature parameters.
private void	resetDigest() Reset the message digest if it is not already reset.
private PSSParameterSpec	validateSigParams(AlgorithmParameterSpec p) Validate the specified Signature PSS parameters.

Inherited from java.security.SignatureSpi:: clone engineSign engineVerify

DEBUG	back to summary
private static final boolean DEBUG

DIGEST_LENGTHS	back to summary
private static final Hashtable<KnownOIDs, Integer> DIGEST_LENGTHS

digestReset	back to summary
private boolean digestReset

EIGHT_BYTES_OF_ZEROS	back to summary
private static final byte[] EIGHT_BYTES_OF_ZEROS

md	back to summary
private MessageDigest md

privKey	back to summary
private RSAPrivateKey privKey

pubKey	back to summary
private RSAPublicKey pubKey

random	back to summary
private SecureRandom random

sigParams	back to summary
private PSSParameterSpec sigParams

RSAPSSSignature	back to summary
public RSAPSSSignature() Construct a new RSAPSSSignature with arbitrary digest algorithm

Method Detail

checkKeyLength	back to summary
private static void checkKeyLength(RSAKey key, int digestLen, int saltLen) throws InvalidKeyException Utility method for checking key length against digest length and salt length

decodeSignature	back to summary
private boolean decodeSignature(byte[] mHash, byte[] em) throws IOException Decode the signature data as under RFC8017 sec9.1.2 EMSA-PSS-VERIFY

encodeSignature	back to summary
private byte[] encodeSignature(byte[] mHash) throws IOException, DigestException Encode the digest 'mHash', return the to-be-signed data. Also used by the PKCS#11 provider.

engineGetParameter back to summary

engineGetParameter	back to summary
protected Object engineGetParameter(String param) throws InvalidParameterException Implements abstract java.security.SignatureSpi.engineGetParameter. Doc from java.security.SignatureSpi.engineGetParameter. Deprecated Gets the value of the specified algorithm parameter. This method supplies a general-purpose mechanism through which it is possible to get the various parameters of this object. A parameter may be any settable parameter for the algorithm, such as a parameter size, or a source of random bits for signature generation (if appropriate), or an indication of whether to perform a specific but optional computation. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time. Parameters param:String the string name of the parameter. Returns:Object the object that represents the parameter value, or `null` if there is none. Annotations @Deprecated @Override Exceptions InvalidParameterException: if `param` is an invalid parameter for this engine, or another exception occurs while trying to get this parameter.

protected Object engineGetParameter(String param) throws InvalidParameterException

Implements abstract java.security.SignatureSpi.engineGetParameter.

Doc from java.security.SignatureSpi.engineGetParameter.

Deprecated

Gets the value of the specified algorithm parameter. This method supplies a general-purpose mechanism through which it is possible to get the various parameters of this object. A parameter may be any settable parameter for the algorithm, such as a parameter size, or a source of random bits for signature generation (if appropriate), or an indication of whether to perform a specific but optional computation. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time.

Parameters

param:String: the string name of the parameter.

Returns:Object

the object that represents the parameter value, or null if there is none.

Annotations

@Deprecated
@Override

Exceptions

InvalidParameterException:: if param is an invalid parameter for this engine, or another exception occurs while trying to get this parameter.

engineGetParameters back to summary

engineGetParameters	back to summary
protected AlgorithmParameters engineGetParameters() Overrides java.security.SignatureSpi.engineGetParameters. Doc from java.security.SignatureSpi.engineGetParameters. Returns the parameters used with this `Signature` object. The returned parameters may be the same that were used to initialize this `Signature` object, or may contain additional default or random parameter values used by the underlying signature scheme. If the required parameters were not supplied and can be generated by the `Signature` object, the generated parameters are returned; otherwise `null` is returned. However, if the signature scheme does not support returning the parameters as `AlgorithmParameters`, `null` is always returned. Returns:AlgorithmParameters the parameters used with this `Signature` object, or `null` Annotations @Override

protected AlgorithmParameters engineGetParameters()

Overrides java.security.SignatureSpi.engineGetParameters.

Doc from java.security.SignatureSpi.engineGetParameters.

Returns the parameters used with this Signature object.

The returned parameters may be the same that were used to initialize this Signature object, or may contain additional default or random parameter values used by the underlying signature scheme. If the required parameters were not supplied and can be generated by the Signature object, the generated parameters are returned; otherwise null is returned.

However, if the signature scheme does not support returning the parameters as AlgorithmParameters, null is always returned.

Returns:AlgorithmParameters

the parameters used with this Signature object, or null

Annotations

@Override

engineInitSign back to summary

engineInitSign	back to summary
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException Implements abstract java.security.SignatureSpi.engineInitSign. Doc from java.security.SignatureSpi.engineInitSign. Initializes this `Signature` object with the specified private key for signing operations. Parameters privateKey:PrivateKey the private key of the identity whose signature will be generated. Annotations @Override Exceptions InvalidKeyException: if the key is improperly encoded, parameters are missing, and so on.

protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException

Implements abstract java.security.SignatureSpi.engineInitSign.

Doc from java.security.SignatureSpi.engineInitSign.

Initializes this Signature object with the specified private key for signing operations.

Parameters

privateKey:PrivateKey: the private key of the identity whose signature will be generated.

Annotations

@Override

Exceptions

InvalidKeyException:: if the key is improperly encoded, parameters are missing, and so on.

engineInitSign back to summary

engineInitSign	back to summary
protected void engineInitSign(PrivateKey privateKey, SecureRandom random) throws InvalidKeyException Overrides java.security.SignatureSpi.engineInitSign. Doc from java.security.SignatureSpi.engineInitSign. Initializes this `Signature` object with the specified private key and source of randomness for signing operations. This concrete method has been added to this previously-defined abstract class. (For backwards compatibility, it cannot be abstract.) Parameters privateKey:PrivateKey the private key of the identity whose signature will be generated. random:SecureRandom the source of randomness Annotations @Override Exceptions InvalidKeyException: if the key is improperly encoded, parameters are missing, and so on.

protected void engineInitSign(PrivateKey privateKey, SecureRandom random) throws InvalidKeyException

Overrides java.security.SignatureSpi.engineInitSign.

Doc from java.security.SignatureSpi.engineInitSign.

Initializes this Signature object with the specified private key and source of randomness for signing operations.

This concrete method has been added to this previously-defined abstract class. (For backwards compatibility, it cannot be abstract.)

Parameters

privateKey:PrivateKey: the private key of the identity whose signature will be generated.
random:SecureRandom: the source of randomness

Annotations

@Override

Exceptions

InvalidKeyException:: if the key is improperly encoded, parameters are missing, and so on.

engineInitVerify back to summary

engineInitVerify	back to summary
protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException Implements abstract java.security.SignatureSpi.engineInitVerify. Doc from java.security.SignatureSpi.engineInitVerify. Initializes this `Signature` object with the specified public key for verification operations. Parameters publicKey:PublicKey the public key of the identity whose signature is going to be verified. Annotations @Override Exceptions InvalidKeyException: if the key is improperly encoded, parameters are missing, and so on.

protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException

Implements abstract java.security.SignatureSpi.engineInitVerify.

Doc from java.security.SignatureSpi.engineInitVerify.

Initializes this Signature object with the specified public key for verification operations.

Parameters

publicKey:PublicKey: the public key of the identity whose signature is going to be verified.

Annotations

@Override

Exceptions

InvalidKeyException:: if the key is improperly encoded, parameters are missing, and so on.

engineSetParameter back to summary

engineSetParameter	back to summary
protected void engineSetParameter(String param, Object value) throws InvalidParameterException Implements abstract java.security.SignatureSpi.engineSetParameter. Doc from java.security.SignatureSpi.engineSetParameter. Deprecated Sets the specified algorithm parameter to the specified value. This method supplies a general-purpose mechanism through which it is possible to set the various parameters of this object. A parameter may be any settable parameter for the algorithm, such as a parameter size, or a source of random bits for signature generation (if appropriate), or an indication of whether to perform a specific but optional computation. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time. Parameters param:String the string identifier of the parameter. value:Object the parameter value. Annotations @Deprecated @Override Exceptions InvalidParameterException: if `param` is an invalid parameter for this `Signature` object, the parameter is already set and cannot be set again, a security exception occurs, and so on.

protected void engineSetParameter(String param, Object value) throws InvalidParameterException

Implements abstract java.security.SignatureSpi.engineSetParameter.

Doc from java.security.SignatureSpi.engineSetParameter.

Deprecated

Sets the specified algorithm parameter to the specified value. This method supplies a general-purpose mechanism through which it is possible to set the various parameters of this object. A parameter may be any settable parameter for the algorithm, such as a parameter size, or a source of random bits for signature generation (if appropriate), or an indication of whether to perform a specific but optional computation. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time.

Parameters

param:String: the string identifier of the parameter.
value:Object: the parameter value.

Annotations

@Deprecated
@Override

Exceptions

InvalidParameterException:: if param is an invalid parameter for this Signature object, the parameter is already set and cannot be set again, a security exception occurs, and so on.

engineSetParameter back to summary

engineSetParameter	back to summary
protected void engineSetParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException Overrides java.security.SignatureSpi.engineSetParameter. Doc from java.security.SignatureSpi.engineSetParameter. Initializes this `Signature` object with the specified parameter values. Parameters params:AlgorithmParameterSpec the parameters Annotations @Override Exceptions InvalidAlgorithmParameterException: if this method is overridden by a provider and the given parameters are inappropriate for this `Signature` object

protected void engineSetParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException

Overrides java.security.SignatureSpi.engineSetParameter.

Doc from java.security.SignatureSpi.engineSetParameter.

Initializes this Signature object with the specified parameter values.

Parameters

params:AlgorithmParameterSpec: the parameters

Annotations

@Override

Exceptions

InvalidAlgorithmParameterException:: if this method is overridden by a provider and the given parameters are inappropriate for this Signature object

engineSign	back to summary
protected byte[] engineSign() throws SignatureException Implements abstract java.security.SignatureSpi.engineSign. Doc from java.security.SignatureSpi.engineSign. Returns the signature bytes of all the data updated so far. The format of the signature depends on the underlying signature scheme. Returns:byte[] the signature bytes of the signing operation's result. Annotations @Override Exceptions SignatureException: if the engine is not initialized properly or if this signature algorithm is unable to process the input data provided.

engineSign

back to summary

protected byte[] engineSign() throws SignatureException

Implements abstract java.security.SignatureSpi.engineSign.

Doc from java.security.SignatureSpi.engineSign.

Returns the signature bytes of all the data updated so far. The format of the signature depends on the underlying signature scheme.

Returns:byte[]

the signature bytes of the signing operation's result.

Annotations

@Override

Exceptions

SignatureException:: if the engine is not initialized properly or if this signature algorithm is unable to process the input data provided.

engineUpdate	back to summary
protected void engineUpdate(byte b) throws SignatureException Implements abstract java.security.SignatureSpi.engineUpdate. Doc from java.security.SignatureSpi.engineUpdate. Updates the data to be signed or verified using the specified byte. Parameters b:byte the byte to use for the update. Annotations @Override Exceptions SignatureException: if the engine is not initialized properly.

engineUpdate

back to summary

protected void engineUpdate(byte b) throws SignatureException

Implements abstract java.security.SignatureSpi.engineUpdate.

Doc from java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified using the specified byte.

Parameters

b:byte: the byte to use for the update.

Annotations

@Override

Exceptions

SignatureException:: if the engine is not initialized properly.

engineUpdate	back to summary
protected void engineUpdate(byte[] b, int off, int len) throws SignatureException Implements abstract java.security.SignatureSpi.engineUpdate. Doc from java.security.SignatureSpi.engineUpdate. Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset. Parameters b:byte[] the array of bytes off:int the offset to start from in the array of bytes len:int the number of bytes to use, starting at offset Annotations @Override Exceptions SignatureException: if the engine is not initialized properly

engineUpdate

back to summary

protected void engineUpdate(byte[] b, int off, int len) throws SignatureException

Implements abstract java.security.SignatureSpi.engineUpdate.

Doc from java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.

Parameters

b:byte[]: the array of bytes
off:int: the offset to start from in the array of bytes
len:int: the number of bytes to use, starting at offset

Annotations

@Override

Exceptions

SignatureException:: if the engine is not initialized properly

engineUpdate back to summary

engineUpdate	back to summary
protected void engineUpdate(ByteBuffer b) Overrides java.security.SignatureSpi.engineUpdate. Doc from java.security.SignatureSpi.engineUpdate. Updates the data to be signed or verified using the specified ByteBuffer. Processes the `data.remaining()` bytes starting at `data.position()`. Upon return, the buffer's position will be equal to its limit; its limit will not have changed. Parameters b:ByteBuffer the ByteBuffer Annotations @Override

protected void engineUpdate(ByteBuffer b)

Overrides java.security.SignatureSpi.engineUpdate.

Doc from java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified using the specified ByteBuffer. Processes the data.remaining() bytes starting at data.position(). Upon return, the buffer's position will be equal to its limit; its limit will not have changed.

Parameters

b:ByteBuffer: the ByteBuffer

Annotations

@Override

engineVerify back to summary

engineVerify	back to summary
protected boolean engineVerify(byte[] sigBytes) throws SignatureException Implements abstract java.security.SignatureSpi.engineVerify. Doc from java.security.SignatureSpi.engineVerify. Verifies the passed-in signature. Parameters sigBytes:byte[] the signature bytes to be verified. Returns:boolean `true` if the signature was verified, `false` if not. Annotations @Override Exceptions SignatureException: if the engine is not initialized properly, the passed-in signature is improperly encoded or of the wrong type, if this signature algorithm is unable to process the input data provided, etc.

protected boolean engineVerify(byte[] sigBytes) throws SignatureException

Implements abstract java.security.SignatureSpi.engineVerify.

Doc from java.security.SignatureSpi.engineVerify.

Verifies the passed-in signature.

Parameters

sigBytes:byte[]: the signature bytes to be verified.

Returns:boolean

true if the signature was verified, false if not.

Annotations

@Override

Exceptions

SignatureException:: if the engine is not initialized properly, the passed-in signature is improperly encoded or of the wrong type, if this signature algorithm is unable to process the input data provided, etc.

ensureInit	back to summary
private void ensureInit() throws SignatureException Ensure the object is initialized with key and parameters and reset digest

getDigestValue	back to summary
private byte[] getDigestValue() Return the message digest value.

getKeyLengthInBits	back to summary
private static int getKeyLengthInBits(RSAKey k)

isCompatible	back to summary
private static boolean isCompatible(AlgorithmParameterSpec keyParams, PSSParameterSpec sigParams) Utility method for checking the key PSS parameters against signature PSS parameters. Returns false if any of the digest/MGF algorithms and trailerField values does not match or if the salt length in key parameters is larger than the value in signature parameters.

isDigestEqual	back to summary
private boolean isDigestEqual(String stdAlg, String givenAlg)

isPrivateKeyValid	back to summary
private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException Validate the specified RSAPrivateKey

isPublicKeyValid	back to summary
private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException Validate the specified RSAPublicKey

isValid	back to summary
private void isValid(RSAKey rsaKey) throws InvalidKeyException Validate the specified RSAKey and its associated parameters against internal signature parameters.

resetDigest	back to summary
private void resetDigest() Reset the message digest if it is not already reset.

validateSigParams	back to summary
private PSSParameterSpec validateSigParams(AlgorithmParameterSpec p) throws InvalidAlgorithmParameterException Validate the specified Signature PSS parameters.

public Class RSAPSSSignature

Field Summary

Constructor Summary

Method Summary

Field Detail

Constructor Detail

Method Detail