/* Signature.java --- Signature Class   Copyright (C) 1999, 2002, 2003, 2004  Free Software Foundation, Inc.This file is part of GNU Classpath.GNU Classpath is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 2, or (at your option)any later version.GNU Classpath is distributed in the hope that it will be useful, butWITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNUGeneral Public License for more details.You should have received a copy of the GNU General Public Licensealong with GNU Classpath; see the file COPYING.  If not, write to theFree Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA02110-1301 USA.Linking this library statically or dynamically with other modules ismaking a combined work based on this library.  Thus, the terms andconditions of the GNU General Public License cover the wholecombination.As a special exception, the copyright holders of this library give youpermission to link this library with independent modules to produce anexecutable, regardless of the license terms of these independentmodules, and to copy and distribute the resulting executable underterms of your choice, provided that you also meet, for each linkedindependent module, the terms and conditions of the license of thatmodule.  An independent module is a module which is not derived fromor based on this library.  If you modify this library, you may extendthis exception to your version of the library, but you are notobligated to do so.  If you do not wish to do so, delete thisexception statement from your version. */package java.security;import gnu.java.security.Engine;import java.security.cert.Certificate;import java.security.cert.X509Certificate;import java.security.spec.AlgorithmParameterSpec;/** * <p>This <code>Signature</code> class is used to provide applications the * functionality of a digital signature algorithm. Digital signatures are used * for authentication and integrity assurance of digital data.</p> * * <p>The signature algorithm can be, among others, the NIST standard <i>DSS</i>, * using <i>DSA</i> and <i>SHA-1</i>. The <i>DSA</i> algorithm using the * <i>SHA-1</i> message digest algorithm can be specified as <code>SHA1withDSA * </code>. In the case of <i>RSA</i>, there are multiple choices for the * message digest algorithm, so the signing algorithm could be specified as, for * example, <code>MD2withRSA</code>, <code>MD5withRSA</code>, or * <code>SHA1withRSA</code>. The algorithm name must be specified, as there is * no default.</p> * * <p>Like other algorithm-based classes in Java Security, <code>Signature</code> * provides implementation-independent algorithms, whereby a caller (application * code) requests a particular signature algorithm and is handed back a properly * initialized <code>Signature</code> object. It is also possible, if desired, * to request a particular algorithm from a particular provider. See the * <code>getInstance()</code> methods.</p> * * <p>Thus, there are two ways to request a <code>Signature</code> algorithm * object: by specifying either just an algorithm name, or both an algorithm * name and a package provider.</p> * * <p>If just an algorithm name is specified, the system will determine if there * is an implementation of the algorithm requested available in the environment, * and if there is more than one, if there is a preferred one.</p> * * <p>If both an algorithm name and a package provider are specified, the system * will determine if there is an implementation of the algorithm in the package * requested, and throw an exception if there is not.</p> * * <p>A <code>Signature</code> object can be used to generate and verify digital * signatures.</p> * * <p>There are three phases to the use of a <code>Signature</code> object for * either signing data or verifying a signature:</p> * * <ol> * <li>Initialization, with either *     <ul> *     <li>a public key, which initializes the signature for verification *         (see <code>initVerify()</code>), or</li> *     <li>a private key (and optionally a Secure Random Number Generator), *         which initializes the signature for signing (see *         {@link #initSign(PrivateKey)} and {@link #initSign(PrivateKey, SecureRandom)} *         ).</li> *     </ul></li> * <li>Updating<br/> *     Depending on the type of initialization, this will update the bytes to *     be signed or verified. See the update methods.<br/></li> * <li>Signing or Verifying a signature on all updated bytes. See the *     <code>sign()</code> methods and the <code>verify()</code> method.</li> *  </ol> * * <p>Note that this class is abstract and extends from {@link SignatureSpi} for * historical reasons. Application developers should only take notice of the * methods defined in this <code>Signature</code> class; all the methods in the * superclass are intended for cryptographic service providers who wish to * supply their own implementations of digital signature algorithms. * * @author Mark Benvenuto  (ivymccough@worldnet.att.net) */public abstract class Signature extends SignatureSpi{  /** Service name for signatures. */  private static final String SIGNATURE = "Signature";  /**   * Possible <code>state</code> value, signifying that this signature object   * has not yet been initialized.   */  protected static final int UNINITIALIZED = 0;  // Constructor.  // ------------------------------------------------------------------------  /**   * Possible <code>state</code> value, signifying that this signature object   * has been initialized for signing.   */  protected static final int SIGN = 2;  /**   * Possible <code>state</code> value, signifying that this signature object   * has been initialized for verification.   */  protected static final int VERIFY = 3;  /** Current state of this signature object. */  protected int state = UNINITIALIZED;  private String algorithm;  Provider provider;  /**   * Creates a <code>Signature</code> object for the specified algorithm.   *   * @param algorithm the standard string name of the algorithm. See Appendix A   * in the Java Cryptography Architecture API Specification &amp; Reference for   * information about standard algorithm names.   */  protected Signature(String algorithm)  {    this.algorithm = algorithm;    state = UNINITIALIZED;  }  /**   * Generates a <code>Signature</code> object that implements the specified   * digest algorithm. If the default provider package provides an   * implementation of the requested digest algorithm, an instance of   * <code>Signature</code> containing that implementation is returned. If the   * algorithm is not available in the default package, other packages are   * searched.   *   * @param algorithm the standard name of the algorithm requested. See Appendix   * A in the Java Cryptography Architecture API Specification &amp; Reference   * for information about standard algorithm names.   * @return the new Signature object.   * @throws NoSuchAlgorithmException if the algorithm is not available in the   * environment.   */  public static Signature getInstance(String algorithm)    throws NoSuchAlgorithmException  {    Provider[] p = Security.getProviders();    for (int i = 0; i < p.length; i++)      {        try          {            return getInstance(algorithm, p[i]);          }	catch (NoSuchAlgorithmException e)	  {	    // Ignored.	  }      }    throw new NoSuchAlgorithmException(algorithm);  }  /**   * Generates a <code>Signature</code> object implementing the specified   * algorithm, as supplied from the specified provider, if such an algorithm   * is available from the provider.   *   * @param algorithm the name of the algorithm requested. See Appendix A in   * the Java Cryptography Architecture API Specification &amp; Reference for   * information about standard algorithm names.   * @param provider the name of the provider.   * @return the new <code>Signature</code> object.   * @throws NoSuchAlgorithmException if the algorithm is not available in the   * package supplied by the requested provider.   * @throws NoSuchProviderException if the provider is not available in the   * environment.   * @throws IllegalArgumentException if the provider name is <code>null</code>   * or empty.   * @see Provider   */  public static Signature getInstance(String algorithm, String provider)    throws NoSuchAlgorithmException, NoSuchProviderException  {    if (provider == null || provider.length() == 0)      throw new IllegalArgumentException("Illegal provider");    Provider p = Security.getProvider(provider);    if (p == null)      throw new NoSuchProviderException(provider);    return getInstance(algorithm, p);  }  /**   * Generates a <code>Signature</code> object implementing the specified   * algorithm, as supplied from the specified provider, if such an algorithm   * is available from the provider. Note: the provider doesn't have to be   * registered.   *   * @param algorithm the name of the algorithm requested. See Appendix A in   * the Java Cryptography Architecture API Specification &amp; Reference for   * information about standard algorithm names.   * @param provider the provider.   * @return the new <code>Signature</code> object.   * @throws NoSuchAlgorithmException if the <code>algorithm</code> is not   * available in the package supplied by the requested <code>provider</code>.   * @throws IllegalArgumentException if the <code>provider</code> is   * <code>null</code>.   * @since 1.4   * @see Provider   */  public static Signature getInstance(String algorithm, Provider provider)    throws NoSuchAlgorithmException  {    if (provider == null)      throw new IllegalArgumentException("Illegal provider");    Signature result = null;    Object o = null;    try      {        o = Engine.getInstance(SIGNATURE, algorithm, provider);      }    catch (java.lang.reflect.InvocationTargetException ite)      {        throw new NoSuchAlgorithmException(algorithm);      }    if (o instanceof SignatureSpi)      {        result = new DummySignature((SignatureSpi) o, algorithm);      }    else if (o instanceof Signature)      {        result = (Signature) o;        result.algorithm = algorithm;      }    else      {        throw new NoSuchAlgorithmException(algorithm);      }    result.provider = provider;    return result;  }  /**   * Returns the provider of this signature object.   *   * @return the provider of this signature object.   */  public final Provider getProvider()  {    return provider;  }  /**   * Initializes this object for verification. If this method is called again   * with a different argument, it negates the effect of this call.   *   * @param publicKey the public key of the identity whose signature is going   * to be verified.   * @throws InvalidKeyException if the key is invalid.   */  public final void initVerify(PublicKey publicKey) throws InvalidKeyException  {    state = VERIFY;    engineInitVerify(publicKey);  }  /**   * <p>Initializes this object for verification, using the public key from the   * given certificate.</p>   *   * <p>If the certificate is of type <i>X.509</i> and has a <i>key usage</i>   * extension field marked as <i>critical</i>, and the value of the <i>key   * usage</i> extension field implies that the public key in the certificate   * and its corresponding private key are not supposed to be used for digital   * signatures, an {@link InvalidKeyException} is thrown.</p>   *   * @param certificate the certificate of the identity whose signature is   * going to be verified.   * @throws InvalidKeyException if the public key in the certificate is not   * encoded properly or does not include required parameter information or   * cannot be used for digital signature purposes.   */  public final void initVerify(Certificate certificate)    throws InvalidKeyException  {    state = VERIFY;    if (certificate.getType().equals("X509"))      {        X509Certificate cert = (X509Certificate) certificate;