/**
* Verifies the signature on this CertificationRequest, using the given public key and
* CryptoToken. Does not indicate the CertificationRequest is valid at any specific time.
*/
public void verify(PublicKey key, CryptoToken token)
throws NoSuchAlgorithmException, CertificateException, TokenException, SignatureException,
InvalidKeyException {
Signature sig = token.getSignatureContext(SignatureAlgorithm.fromOID(algId.getOID()));
sig.initVerify(key);
sig.update(infoEncoding);
if (!sig.verify(signature)) {
throw new CertificateException("Signature is invalid");
}
}
/**
* Creates and signs an X.509 CertificationRequest.
*
* @param info A CertificationRequestInfo (TBSCertificationRequest), which specifies the actual
* information of the CertificationRequest.
* @param privKey The private key with which to sign the certificat.
* @param signingAlg The algorithm to use to sign the CertificationRequest. It must match the
* algorithm specified in the CertificationRequestInfo.
* @exception IOException If an error occurred while encoding the CertificationRequest.
* @exception CryptoManager.NotInitializedException Because this operation involves cryptography
* (signing), CryptoManager must be initialized before calling it.
* @exception TokenException If an error occurs on a PKCS #11 token.
* @exception NoSuchAlgorithmException If the OID for the signing algorithm cannot be located.
* @exception CertificateException If the signing algorithm specified as a parameter does not
* match the one in the CertificationRequest info.
* @exception InvalidKeyException If the key does not match the signing algorithm.
* @exception SignatureException If an error occurs while signing the CertificationRequest.
*/
public CertificationRequest(
CertificationRequestInfo info,
java.security.PrivateKey privKey,
SignatureAlgorithm signingAlg)
throws IOException, CryptoManager.NotInitializedException, TokenException,
NoSuchAlgorithmException, CertificateException, InvalidKeyException, SignatureException {
// make sure key is a Ninja private key
if (!(privKey instanceof PrivateKey)) {
throw new InvalidKeyException("Private Key is does not belong to" + " this provider");
}
PrivateKey priv = (PrivateKey) privKey;
// create algId
if (signingAlg.getSigningAlg() == SignatureAlgorithm.RSASignature) {
algId = new AlgorithmIdentifier(signingAlg.toOID(), null);
} else {
algId = new AlgorithmIdentifier(signingAlg.toOID());
}
// encode the cert info
this.info = info;
infoEncoding = ASN1Util.encode(info);
// sign the info encoding
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = priv.getOwningToken();
Signature sig = token.getSignatureContext(signingAlg);
sig.initSign(priv);
sig.update(infoEncoding);
signature = sig.sign();
// bundle everything into a SEQUENCE
sequence = new SEQUENCE();
sequence.addElement(info);
sequence.addElement(algId);
sequence.addElement(new BIT_STRING(signature, 0));
}
