SignatureUtil (kona-pkix 1.0.7.1 API)

java.lang.Object
- com.tencent.kona.sun.security.util.SignatureUtil

```
public class SignatureUtil
extends java.lang.Object
```
Utility class for Signature related operations. Currently used by various internal PKI classes such as sun.security.x509.X509CertImpl, sun.security.pkcs.SignerInfo, for setting signature parameters.

Since:

11

Constructor Summary

Constructors
Constructor and Description

SignatureUtil()

Constructors
Constructor and Description
`SignatureUtil()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static void`	`checkKeyAndSigAlgMatch(java.security.PrivateKey key, java.lang.String sAlg)` Checks if a signature algorithm matches a key, i.e.
`static java.lang.String`	`extractDigestAlgFromDwithE(java.lang.String signatureAlgorithm)` Extracts the digest algorithm name from a signature algorithm name in either the "DIGESTwithENCRYPTION" or the "DIGESTwithENCRYPTIONandWHATEVER" format.
`static java.lang.String`	`extractKeyAlgFromDwithE(java.lang.String signatureAlgorithm)` Extracts the key algorithm name from a signature algorithm name in either the "DIGESTwithENCRYPTION" or the "DIGESTwithENCRYPTIONandWHATEVER" format.
`static java.security.Signature`	`fromKey(java.lang.String sigAlg, java.security.PrivateKey key, java.security.Provider provider)` Create a Signature that has been initialized with proper key and params.
`static java.security.Signature`	`fromKey(java.lang.String sigAlg, java.security.PrivateKey key, java.lang.String provider)` Create a Signature that has been initialized with proper key and params.
`static com.tencent.kona.sun.security.x509.AlgorithmId`	`fromSignature(java.security.Signature sigEngine, java.security.PrivateKey key)` Derives AlgorithmId from a signature object and a key.
`static java.security.spec.AlgorithmParameterSpec`	`getDefaultParamSpec(java.lang.String sigAlg, java.security.Key k)` Returns default AlgorithmParameterSpec for a key used in a signature.
`static java.lang.String`	`getDefaultSigAlgForKey(java.security.PrivateKey k)` Returns the default signature algorithm for a private key.
`static com.tencent.kona.sun.security.x509.AlgorithmId`	`getDigestAlgInPkcs7SignerInfo(java.security.Signature signer, java.lang.String sigalg, java.security.PrivateKey privateKey, boolean directsign)` Determines the digestEncryptionAlgorithmId in PKCS7 SignerInfo.
`static java.security.spec.AlgorithmParameterSpec`	`getParamSpec(java.lang.String sigName, java.security.AlgorithmParameters params)` Utility method for converting the specified AlgorithmParameters object into an AlgorithmParameterSpec object.
`static java.security.spec.AlgorithmParameterSpec`	`getParamSpec(java.lang.String sigName, byte[] paramBytes)` Utility method for converting the specified parameter bytes into an AlgorithmParameterSpec object.
`static void`	`initSignWithParam(java.security.Signature s, java.security.PrivateKey key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom sr)`
`static void`	`initVerifyWithParam(java.security.Signature s, java.security.cert.Certificate cert, java.security.spec.AlgorithmParameterSpec params)`
`static void`	`initVerifyWithParam(java.security.Signature s, java.security.PublicKey key, java.security.spec.AlgorithmParameterSpec params)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- SignatureUtil
```
public SignatureUtil()
```

Method Detail

getParamSpec

public static java.security.spec.AlgorithmParameterSpec getParamSpec(java.lang.String sigName,
                                                                     java.security.AlgorithmParameters params)
                                                              throws java.security.ProviderException

Utility method for converting the specified AlgorithmParameters object into an AlgorithmParameterSpec object.

Parameters:: sigName - signature algorithm; params - (optional) parameters
Returns:: an AlgorithmParameterSpec, null if params is null
Throws:: java.security.ProviderException

getParamSpec

public static java.security.spec.AlgorithmParameterSpec getParamSpec(java.lang.String sigName,
                                                                     byte[] paramBytes)
                                                              throws java.security.ProviderException

Utility method for converting the specified parameter bytes into an AlgorithmParameterSpec object.

Parameters:: sigName - signature algorithm; paramBytes - (optional) parameter bytes
Returns:: an AlgorithmParameterSpec, null if paramBytes is null
Throws:: java.security.ProviderException

initVerifyWithParam

public static void initVerifyWithParam(java.security.Signature s,
                                       java.security.PublicKey key,
                                       java.security.spec.AlgorithmParameterSpec params)
                                throws java.security.InvalidAlgorithmParameterException,
                                       java.security.InvalidKeyException

Throws:: java.security.InvalidAlgorithmParameterException; java.security.InvalidKeyException

initVerifyWithParam

public static void initVerifyWithParam(java.security.Signature s,
                                       java.security.cert.Certificate cert,
                                       java.security.spec.AlgorithmParameterSpec params)
                                throws java.security.InvalidAlgorithmParameterException,
                                       java.security.InvalidKeyException

Throws:: java.security.InvalidAlgorithmParameterException; java.security.InvalidKeyException

initSignWithParam

public static void initSignWithParam(java.security.Signature s,
                                     java.security.PrivateKey key,
                                     java.security.spec.AlgorithmParameterSpec params,
                                     java.security.SecureRandom sr)
                              throws java.security.InvalidAlgorithmParameterException,
                                     java.security.InvalidKeyException

Throws:: java.security.InvalidAlgorithmParameterException; java.security.InvalidKeyException

getDigestAlgInPkcs7SignerInfo

public static com.tencent.kona.sun.security.x509.AlgorithmId getDigestAlgInPkcs7SignerInfo(java.security.Signature signer,
                                                                                           java.lang.String sigalg,
                                                                                           java.security.PrivateKey privateKey,
                                                                                           boolean directsign)
                                                                                    throws java.security.NoSuchAlgorithmException

Determines the digestEncryptionAlgorithmId in PKCS7 SignerInfo.

Parameters:: signer - Signature object that tells you RSASSA-PSS params; sigalg - Signature algorithm; privateKey - key tells you EdDSA params; directsign - Ed448 uses different digest algs depending on this
Returns:: the digest algId
Throws:: java.security.NoSuchAlgorithmException

extractDigestAlgFromDwithE
```
public static java.lang.String extractDigestAlgFromDwithE(java.lang.String signatureAlgorithm)
```
Extracts the digest algorithm name from a signature algorithm name in either the "DIGESTwithENCRYPTION" or the "DIGESTwithENCRYPTIONandWHATEVER" format. It's OK to return "SHA1" instead of "SHA-1".

extractKeyAlgFromDwithE
```
public static java.lang.String extractKeyAlgFromDwithE(java.lang.String signatureAlgorithm)
```
Extracts the key algorithm name from a signature algorithm name in either the "DIGESTwithENCRYPTION" or the "DIGESTwithENCRYPTIONandWHATEVER" format.

Returns:

the key algorithm name, or null if the input is not in either of the formats.

getDefaultParamSpec
```
public static java.security.spec.AlgorithmParameterSpec getDefaultParamSpec(java.lang.String sigAlg,
                                                                            java.security.Key k)
```
Returns default AlgorithmParameterSpec for a key used in a signature. This is only useful for RSASSA-PSS now, which is the only algorithm that must be initialized with a AlgorithmParameterSpec now.

fromKey

public static java.security.Signature fromKey(java.lang.String sigAlg,
                                              java.security.PrivateKey key,
                                              java.lang.String provider)
                                       throws java.security.NoSuchAlgorithmException,
                                              java.security.NoSuchProviderException,
                                              java.security.InvalidKeyException

Create a Signature that has been initialized with proper key and params.

Parameters:: sigAlg - signature algorithms; key - private key; provider - (optional) provider
Throws:: java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException; java.security.InvalidKeyException

fromKey

public static java.security.Signature fromKey(java.lang.String sigAlg,
                                              java.security.PrivateKey key,
                                              java.security.Provider provider)
                                       throws java.security.NoSuchAlgorithmException,
                                              java.security.InvalidKeyException

Create a Signature that has been initialized with proper key and params.

Parameters:: sigAlg - signature algorithms; key - private key; provider - (optional) provider
Throws:: java.security.NoSuchAlgorithmException; java.security.InvalidKeyException

fromSignature

public static com.tencent.kona.sun.security.x509.AlgorithmId fromSignature(java.security.Signature sigEngine,
                                                                           java.security.PrivateKey key)
                                                                    throws java.security.SignatureException

Derives AlgorithmId from a signature object and a key.

Parameters:: sigEngine - the signature object; key - the private key
Returns:: the AlgorithmId, not null
Throws:: java.security.SignatureException - if cannot find one

checkKeyAndSigAlgMatch
```
public static void checkKeyAndSigAlgMatch(java.security.PrivateKey key,
                                          java.lang.String sAlg)
```
Checks if a signature algorithm matches a key, i.e. if this signature can be initialized with this key. Currently used in jdk.security.jarsigner.JarSigner to fail early. Note: Unknown signature algorithms are allowed.

Parameters:

key - must not be null

sAlg - must not be null

Throws:

java.lang.IllegalArgumentException - if they are known to not match

getDefaultSigAlgForKey
```
public static java.lang.String getDefaultSigAlgForKey(java.security.PrivateKey k)
```
Returns the default signature algorithm for a private key.

Parameters:

k - cannot be null

Returns:

the default alg, might be null if unsupported

Class SignatureUtil

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SignatureUtil

Method Detail

getParamSpec

getParamSpec

initVerifyWithParam

initVerifyWithParam

initSignWithParam

getDigestAlgInPkcs7SignerInfo

extractDigestAlgFromDwithE

extractKeyAlgFromDwithE

getDefaultParamSpec

fromKey

fromKey

fromSignature

checkKeyAndSigAlgMatch

getDefaultSigAlgForKey