package org.bouncycastle.tls.crypto.impl.jcajce;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Signature;
import org.bouncycastle.tls.AlertDescription;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsSigner;
import org.bouncycastle.tls.crypto.TlsStreamSigner;
/**
* JCA base class for the signers implementing the two DSA style algorithms from FIPS PUB 186-4: DSA and ECDSA.
*/
public class JcaTlsDSSSigner
implements TlsSigner
{
private final JcaTlsCrypto crypto;
private final PrivateKey privateKey;
private final short algorithmType;
private final String algorithmName;
public JcaTlsDSSSigner(JcaTlsCrypto crypto, PrivateKey privateKey, short algorithmType, String algorithmName)
{
this.crypto = crypto;
this.privateKey = privateKey;
this.algorithmType = algorithmType;
this.algorithmName = algorithmName;
}
public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash)
throws IOException
{
if (algorithm != null && algorithm.getSignature() != algorithmType)
{
throw new IllegalStateException();
}
try
{
Signature signer = crypto.getHelper().createSignature(algorithmName);
signer.initSign(privateKey);
if (algorithm == null)
{
// Note: Only use the SHA1 part of the (MD5/SHA1) hash
signer.update(hash, 16, 20);
}
else
{
signer.update(hash, 0, hash.length);
}
return signer.sign();
}
catch (GeneralSecurityException e)
{
throw new TlsFatalAlert(AlertDescription.internal_error, e);
}
}
public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm)
{
return null;
}
}