Top Description Fields Constructors Methods
sun.security.pkcs11

pack-priv final Class P11Signature

extends SignatureSpi
Class Inheritance
Imports
java.io.IOException, java.math.BigInteger, java.nio.ByteBuffer, java.security.*, java.security.interfaces.*, java.security.spec.AlgorithmParameterSpec, jdk.internal.access.JavaNioAccess, .SharedSecrets, sun.nio.ch.DirectBuffer, sun.security.util.*, .KeyUtil, sun.security.rsa.RSAUtil, .RSAPadding, sun.security.pkcs11.wrapper.*
Signature implementation class. This class currently supports the following algorithms: . DSA . NONEwithDSA (RawDSA) . SHA1withDSA . SHA224withDSA . SHA256withDSA . SHA384withDSA . SHA512withDSA . SHA3-224withDSA . SHA3-256withDSA . SHA3-384withDSA . SHA3-512withDSA . inP1363Format . RSA: . MD2withRSA . MD5withRSA . SHA1withRSA . SHA224withRSA . SHA256withRSA . SHA384withRSA . SHA512withRSA . SHA3-224withRSA . SHA3-256withRSA . SHA3-384withRSA . SHA3-512withRSA . ECDSA . NONEwithECDSA . SHA1withECDSA . SHA224withECDSA . SHA256withECDSA . SHA384withECDSA . SHA512withECDSA . SHA3_224withECDSA . SHA3_256withECDSA . SHA3_384withECDSA . SHA3_512withECDSA . inP1363Format Note that the underlying PKCS#11 token may support complete signature algorithm (e.g. CKM_DSA_SHA1, CKM_MD5_RSA_PKCS), or it may just implement the signature algorithm without hashing (e.g. CKM_DSA, CKM_PKCS), or it may only implement the raw public key operation (CKM_RSA_X_509). This class uses what is available and adds whatever extra processing is needed.
Author
Andreas Sterbenz
Since
1.5

Field Summary

Modifier and TypeField and Description
private final String
algorithm

private final byte[]
buffer

private int
bytesProcessed

private final ObjectIdentifier
digestOID

private boolean
initialized

private final String
keyAlgorithm

private static final int
M_SIGN

private static final int
M_VERIFY

private final MessageDigest
md

private final long
mechanism

private int
mode

private static final JavaNioAccess
NIO_ACCESS

private P11Key
p11Key

private boolean
p1363Format

private static final int
RAW_ECDSA_MAX

private Session
session

private int
sigLen

private static final int
T_DIGEST

private static final int
T_RAW

private static final int
T_UPDATE

private final Token
token

private final int
type

Inherited from java.security.SignatureSpi:
appRandom

Constructor Summary

AccessConstructor and Description
pack-priv
P11Signature(Token token, String algorithm, long mechanism)

Method Summary

Modifier and TypeMethod and Description
private static byte[]
asn1ToDSA(byte[] sig, int sigLen)

private static byte[]
asn1ToECDSA(byte[] sig)

private void
cancelOperation()

private void
checkKeySize(String keyAlgo, Key key)

private void
checkRSAKeyLength(int len)

private static byte[]
dsaToASN1(byte[] signature)

private byte[]
encodeSignature(byte[] digest)

protected Object
engineGetParameter(String
the string name of the parameter.
param)

Implements abstract java.security.SignatureSpi.engineGetParameter.

Gets the value of the specified algorithm parameter.

protected AlgorithmParameters
engineGetParameters()

Overrides java.security.SignatureSpi.engineGetParameters.

Returns the parameters used with this Signature object.

protected void
engineInitSign(PrivateKey
the private key of the identity whose signature will be generated.
privateKey)

Implements abstract java.security.SignatureSpi.engineInitSign.

Initializes this Signature object with the specified private key for signing operations.

protected void
engineInitVerify(PublicKey
the public key of the identity whose signature is going to be verified.
publicKey)

Implements abstract java.security.SignatureSpi.engineInitVerify.

Initializes this Signature object with the specified public key for verification operations.

protected void
engineSetParameter(String
the string identifier of the parameter.
param, Object
the parameter value.
value)

Implements abstract java.security.SignatureSpi.engineSetParameter.

Sets the specified algorithm parameter to the specified value.

protected void
engineSetParameter(AlgorithmParameterSpec
the parameters
params)

Overrides java.security.SignatureSpi.engineSetParameter.

Initializes this Signature object with the specified parameter values.

protected byte[]
engineSign()

Implements abstract java.security.SignatureSpi.engineSign.

Returns the signature bytes of all the data updated so far.

protected void
engineUpdate(byte
the byte to use for the update.
b)

Implements abstract java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified using the specified byte.

protected void
engineUpdate(byte[]
the array of bytes
b, int
the offset to start from in the array of bytes
ofs, int
the number of bytes to use, starting at offset
len)

Implements abstract java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.

protected void
engineUpdate(ByteBuffer
the ByteBuffer
byteBuffer)

Overrides java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified using the specified ByteBuffer.

protected boolean
engineVerify(byte[]
the signature bytes to be verified.
signature)

Implements abstract java.security.SignatureSpi.engineVerify.

Verifies the passed-in signature.

private void
ensureInitialized()

private static KnownOIDs
getDigestEnum(String algorithm)

private void
initialize()

private byte[]
pkcs1Pad(byte[] data)

private void
reset(boolean doCancel)

private static byte[]
toByteArray(BigInteger bi, int len)

Inherited from java.security.SignatureSpi:
cloneengineInitSignengineSignengineVerify

Field Detail

algorithmback to summary
private final String algorithm
bufferback to summary
private final byte[] buffer
bytesProcessedback to summary
private int bytesProcessed
digestOIDback to summary
private final ObjectIdentifier digestOID
initializedback to summary
private boolean initialized
keyAlgorithmback to summary
private final String keyAlgorithm
M_SIGNback to summary
private static final int M_SIGN
M_VERIFYback to summary
private static final int M_VERIFY
mdback to summary
private final MessageDigest md
mechanismback to summary
private final long mechanism
modeback to summary
private int mode
NIO_ACCESSback to summary
private static final JavaNioAccess NIO_ACCESS
p11Keyback to summary
private P11Key p11Key
p1363Formatback to summary
private boolean p1363Format
RAW_ECDSA_MAXback to summary
private static final int RAW_ECDSA_MAX
sessionback to summary
private Session session
sigLenback to summary
private int sigLen
T_DIGESTback to summary
private static final int T_DIGEST
T_RAWback to summary
private static final int T_RAW
T_UPDATEback to summary
private static final int T_UPDATE
tokenback to summary
private final Token token
typeback to summary
private final int type

Constructor Detail

P11Signatureback to summary
pack-priv P11Signature(Token token, String algorithm, long mechanism) throws NoSuchAlgorithmException, PKCS11Exception

Method Detail

asn1ToDSAback to summary
private static byte[] asn1ToDSA(byte[] sig, int sigLen) throws SignatureException
asn1ToECDSAback to summary
private static byte[] asn1ToECDSA(byte[] sig) throws SignatureException
cancelOperationback to summary
private void cancelOperation()
checkKeySizeback to summary
private void checkKeySize(String keyAlgo, Key key) throws InvalidKeyException
checkRSAKeyLengthback to summary
private void checkRSAKeyLength(int len) throws InvalidKeyException
dsaToASN1back to summary
private static byte[] dsaToASN1(byte[] signature)
encodeSignatureback to summary
private byte[] encodeSignature(byte[] digest) throws SignatureException
engineGetParameterback to summary
protected Object engineGetParameter(String param) throws InvalidParameterException

Implements abstract java.security.SignatureSpi.engineGetParameter.

Doc from java.security.SignatureSpi.engineGetParameter.

Gets the value of the specified algorithm parameter. This method supplies a general-purpose mechanism through which it is possible to get the various parameters of this object. A parameter may be any settable parameter for the algorithm, such as a parameter size, or a source of random bits for signature generation (if appropriate), or an indication of whether to perform a specific but optional computation. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time.

Parameters
param:String

the string name of the parameter.

Returns:Object

the object that represents the parameter value, or null if there is none.

Annotations
@SuppressWarnings:deprecation
@Override
Exceptions
InvalidParameterException:
if param is an invalid parameter for this engine, or another exception occurs while trying to get this parameter.
engineGetParametersback to summary
protected AlgorithmParameters engineGetParameters()

Overrides java.security.SignatureSpi.engineGetParameters.

Doc from java.security.SignatureSpi.engineGetParameters.

Returns the parameters used with this Signature object.

The returned parameters may be the same that were used to initialize this Signature object, or may contain additional default or random parameter values used by the underlying signature scheme. If the required parameters were not supplied and can be generated by the Signature object, the generated parameters are returned; otherwise null is returned.

However, if the signature scheme does not support returning the parameters as AlgorithmParameters, null is always returned.

Returns:AlgorithmParameters

the parameters used with this Signature object, or null

Annotations
@Override
engineInitSignback to summary
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException

Implements abstract java.security.SignatureSpi.engineInitSign.

Doc from java.security.SignatureSpi.engineInitSign.

Initializes this Signature object with the specified private key for signing operations.

Parameters
privateKey:PrivateKey

the private key of the identity whose signature will be generated.

Annotations
@Override
Exceptions
InvalidKeyException:
if the key is improperly encoded, parameters are missing, and so on.
engineInitVerifyback to summary
protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException

Implements abstract java.security.SignatureSpi.engineInitVerify.

Doc from java.security.SignatureSpi.engineInitVerify.

Initializes this Signature object with the specified public key for verification operations.

Parameters
publicKey:PublicKey

the public key of the identity whose signature is going to be verified.

Annotations
@Override
Exceptions
InvalidKeyException:
if the key is improperly encoded, parameters are missing, and so on.
engineSetParameterback to summary
protected void engineSetParameter(String param, Object value) throws InvalidParameterException

Implements abstract java.security.SignatureSpi.engineSetParameter.

Doc from java.security.SignatureSpi.engineSetParameter.

Sets the specified algorithm parameter to the specified value. This method supplies a general-purpose mechanism through which it is possible to set the various parameters of this object. A parameter may be any settable parameter for the algorithm, such as a parameter size, or a source of random bits for signature generation (if appropriate), or an indication of whether to perform a specific but optional computation. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time.

Parameters
param:String

the string identifier of the parameter.

value:Object

the parameter value.

Annotations
@SuppressWarnings:deprecation
@Override
Exceptions
InvalidParameterException:
if param is an invalid parameter for this Signature object, the parameter is already set and cannot be set again, a security exception occurs, and so on.
engineSetParameterback to summary
protected void engineSetParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException

Overrides java.security.SignatureSpi.engineSetParameter.

Doc from java.security.SignatureSpi.engineSetParameter.

Initializes this Signature object with the specified parameter values.

Parameters
params:AlgorithmParameterSpec

the parameters

Annotations
@Override
Exceptions
InvalidAlgorithmParameterException:
if this method is overridden by a provider and the given parameters are inappropriate for this Signature object
engineSignback to summary
protected byte[] engineSign() throws SignatureException

Implements abstract java.security.SignatureSpi.engineSign.

Doc from java.security.SignatureSpi.engineSign.

Returns the signature bytes of all the data updated so far. The format of the signature depends on the underlying signature scheme.

Returns:byte[]

the signature bytes of the signing operation's result.

Annotations
@Override
Exceptions
SignatureException:
if the engine is not initialized properly or if this signature algorithm is unable to process the input data provided.
engineUpdateback to summary
protected void engineUpdate(byte b) throws SignatureException

Implements abstract java.security.SignatureSpi.engineUpdate.

Doc from java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified using the specified byte.

Parameters
b:byte

the byte to use for the update.

Annotations
@Override
Exceptions
SignatureException:
if the engine is not initialized properly.
engineUpdateback to summary
protected void engineUpdate(byte[] b, int ofs, int len) throws SignatureException

Implements abstract java.security.SignatureSpi.engineUpdate.

Doc from java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.

Parameters
b:byte[]

the array of bytes

ofs:int

the offset to start from in the array of bytes

len:int

the number of bytes to use, starting at offset

Annotations
@Override
Exceptions
SignatureException:
if the engine is not initialized properly
engineUpdateback to summary
protected void engineUpdate(ByteBuffer byteBuffer)

Overrides java.security.SignatureSpi.engineUpdate.

Doc from java.security.SignatureSpi.engineUpdate.

Updates the data to be signed or verified using the specified ByteBuffer. Processes the data.remaining() bytes starting at data.position(). Upon return, the buffer's position will be equal to its limit; its limit will not have changed.

Parameters
byteBuffer:ByteBuffer

the ByteBuffer

Annotations
@Override
engineVerifyback to summary
protected boolean engineVerify(byte[] signature) throws SignatureException

Implements abstract java.security.SignatureSpi.engineVerify.

Doc from java.security.SignatureSpi.engineVerify.

Verifies the passed-in signature.

Parameters
signature:byte[]

the signature bytes to be verified.

Returns:boolean

true if the signature was verified, false if not.

Annotations
@Override
Exceptions
SignatureException:
if the engine is not initialized properly, the passed-in signature is improperly encoded or of the wrong type, if this signature algorithm is unable to process the input data provided, etc.
ensureInitializedback to summary
private void ensureInitialized()
getDigestEnumback to summary
private static KnownOIDs getDigestEnum(String algorithm) throws NoSuchAlgorithmException
initializeback to summary
private void initialize()
pkcs1Padback to summary
private byte[] pkcs1Pad(byte[] data)
resetback to summary
private void reset(boolean doCancel)
toByteArrayback to summary
private static byte[] toByteArray(BigInteger bi, int len)