diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java index b775250..15bf4a4 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java @@ -9,17 +9,23 @@ import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.RSAKeyParameters; public class DefaultTlsSignerCredentials - implements TlsSignerCredentials + extends AbstractTlsSignerCredentials { protected TlsContext context; protected Certificate certificate; protected AsymmetricKeyParameter privateKey; + protected SignatureAndHashAlgorithm signatureAndHashAlgorithm; protected TlsSigner signer; public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey) { + this(context, certificate, privateKey, null); + } + public DefaultTlsSignerCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey, + SignatureAndHashAlgorithm signatureAndHashAlgorithm) + { if (certificate == null) { throw new IllegalArgumentException("'certificate' cannot be null"); @@ -36,6 +42,10 @@ public class DefaultTlsSignerCredentials { throw new IllegalArgumentException("'privateKey' must be private"); } + if (TlsUtils.isTLSv12(context) && signatureAndHashAlgorithm == null) + { + throw new IllegalArgumentException("'signatureAndHashAlgorithm' cannot be null for (D)TLS 1.2+"); + } if (privateKey instanceof RSAKeyParameters) { @@ -59,6 +69,7 @@ public class DefaultTlsSignerCredentials this.context = context; this.certificate = certificate; this.privateKey = privateKey; + this.signatureAndHashAlgorithm = signatureAndHashAlgorithm; } public Certificate getCertificate() @@ -66,16 +77,28 @@ public class DefaultTlsSignerCredentials return certificate; } - public byte[] generateCertificateSignature(byte[] md5andsha1) + public byte[] generateCertificateSignature(byte[] hash) throws IOException { try { - return signer.generateRawSignature(privateKey, md5andsha1); + if (TlsUtils.isTLSv12(context)) + { + return signer.generateRawSignature(signatureAndHashAlgorithm, privateKey, hash); + } + else + { + return signer.generateRawSignature(privateKey, hash); + } } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.internal_error); } } + + public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() + { + return signatureAndHashAlgorithm; + } } |