iaik.pkcs.pkcs11.provider.signatures

Class PKCS11BufferingSignature

java.lang.Object

java.security.SignatureSpi

iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

iaik.pkcs.pkcs11.provider.signatures.PKCS11BufferingSignature

All Implemented Interfaces:

PKCS11EngineClass

Direct Known Subclasses:

DsaSignature, RsaIso9796Signature, RsaPkcs1Signature, RsaPssSignature, RsaSignature, RsaX931Signature, UnwrappedEcdsaSignature

public abstract class PKCS11BufferingSignature
extends PKCS11Signature

This is an implementation of a Signature class that uses the IAIK PKCS#11 wrapper to access the token. It only works with IAIKPKCS11PrivateKey and IAIKPKCS11PublicKey. It is the base class for the versions that do internal or external hashing. Moreover, this implementation buffers the input data and sends all data with a single call to C_Sign, when the application finishes the signing operation using engineSign(). It behaves analogous for verification.

Author:

Karl Scheibelhofer

Field Summary

Fields

Modifier and Type	Field and Description
protected java.io.ByteArrayOutputStream	buffer_ The buffer to collect all input.

Fields inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

currentKeyIsSoftwareKey_, initialized_, operationState_, pkcs11OperationInitialized_, privateKey_, publicKey_, session_, SIGN, softwareDelegate_, tokenManager_, usedMechanismInfos_, usedMechanisms_, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	PKCS11BufferingSignature() Default constructor.

Method Summary

Modifier and Type	Method and Description
protected abstract iaik.pkcs.pkcs11.Mechanism	getMechanism() Get the mechanism of this signature object.
protected void	pkcs11InitSign(java.security.PrivateKey privateKey) SPI: Initializes this Signature object with the given RSA private key for going to sign some data.
protected void	pkcs11InitVerify(java.security.PublicKey publicKey) SPI: Initializes this Signature object with the given RSA public key for performing a signature verification.
protected byte[]	pkcs11Sign() Sign the generated hash.
protected void	pkcs11Update(byte[] data, int offset, int length) SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array.
protected boolean	pkcs11Verify(byte[] signature) Verifies the given signature of a message according to PKCS#1.

Methods inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

engineGetParameter, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineUpdate, engineUpdate, engineVerify, finalize, finalizePkcs11Operation, getAlgorithmName, getUsedMechanismFeatures, getUsedMechanisms, initializePkcs11Operation, initializeSession, initializeSoftwareDelegate, isSupportedBy, pkcs11GetParameter, pkcs11SetParameter, pkcs11SetParameter, pkcs11Update

Methods inherited from class java.security.SignatureSpi

clone, engineGetParameters, engineInitSign, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

buffer_

protected java.io.ByteArrayOutputStream buffer_

The buffer to collect all input.

Constructor Detail

PKCS11BufferingSignature

protected PKCS11BufferingSignature()

Default constructor.

Method Detail

getMechanism

protected abstract iaik.pkcs.pkcs11.Mechanism getMechanism()

Get the mechanism of this signature object. This method can expect that the publicKey_ or privateKey_ object is already correctly set. For this key the method must return an appropriate mechanism.

Specified by:

getMechanism in class PKCS11Signature

Returns:

The mechanism this object uses for signing and/or verification.

Postconditions:

(result <> null)

pkcs11InitVerify

protected void pkcs11InitVerify(java.security.PublicKey publicKey)
                         throws java.security.InvalidKeyException

SPI: Initializes this Signature object with the given RSA public key for performing a signature verification.

Overrides:

pkcs11InitVerify in class PKCS11Signature

Parameters:

publicKey - The RSA public key belonging to the RSA private key that has been used for signing.

Throws:

java.security.InvalidKeyException - If a key encoding error occurs.

Preconditions:

(publicKey instanceof IAIKPKCS11PublicKey)

pkcs11InitSign

protected void pkcs11InitSign(java.security.PrivateKey privateKey)
                       throws java.security.InvalidKeyException

SPI: Initializes this Signature object with the given RSA private key for going to sign some data.

Overrides:

pkcs11InitSign in class PKCS11Signature

Parameters:

privateKey - The RSA private key to be used for signing.

Throws:

java.security.InvalidKeyException - If a key encoding error occurs.

Preconditions:

(publicKey instanceof IAIKPKCS11PrivateKey)

pkcs11Update

protected void pkcs11Update(byte[] data,
                            int offset,
                            int length)
                     throws java.security.SignatureException

SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array.

Overrides:

pkcs11Update in class PKCS11Signature

Parameters:

data - The byte array holding the data to be used for this update operation.

offset - The offset, indicating the start position within the given byte array.

length - The number of bytes to be obtained from the given byte array, starting at the given position.

Throws:

java.security.SignatureException - If updating the signature fails

Preconditions:

(initialized_ == true)

pkcs11Sign

protected byte[] pkcs11Sign()
                     throws java.security.SignatureException

Sign the generated hash.

Overrides:

pkcs11Sign in class PKCS11Signature

Returns:

A byte array holding the signature.

Throws:

java.security.SignatureException - If an error occurs when creating the signature.

Preconditions:

(operationState_ == SIGN) and (initialized_ == true)

pkcs11Verify

protected boolean pkcs11Verify(byte[] signature)
                        throws java.security.SignatureException

Verifies the given signature of a message according to PKCS#1.

Overrides:

pkcs11Verify in class PKCS11Signature

Parameters:

signature - The signature bytes to be verified.

Returns:

true if signature is OK, false otherwise.

Throws:

java.security.SignatureException - If an error occurs when verifying the signature.

Preconditions:

(operationState_ == VERIFY) and (initialized_ == true)