bouncycastle: upgrade to version 1.52

Change-Id: I227db8e458e67af46ccb1c07bfca77a733f25979
author: Sergio Giro <sgiro@google.com> 2015-04-09 14:10:16 +0100
committer: Sergio Giro <sgiro@google.com> 2015-04-20 15:41:23 +0100
commit: 028ab6e01e3b911024b9b9243e9a0f4ac377c0fa (patch)
tree: 35d98bf60cbe7a6487bd0014728eb263e89004bb /bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
parent: b44aff7a3b88138f0070630d467c7527cd90c2f3 (diff)
download: bouncycastle-028ab6e01e3b911024b9b9243e9a0f4ac377c0fa.tar.gz
1 files changed, 36 insertions, 1 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
index 14ab78df..5f82d405 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
@@ -190,9 +190,10 @@ public class JcaContentVerifierProviderBuilder
     private class SigVerifier
         implements ContentVerifier
     {
-        private SignatureOutputStream stream;
         private AlgorithmIdentifier algorithm;
 
+        protected SignatureOutputStream stream;
+
         SigVerifier(AlgorithmIdentifier algorithm, SignatureOutputStream stream)
         {
             this.algorithm = algorithm;
@@ -239,6 +240,27 @@ public class JcaContentVerifierProviderBuilder
             this.rawSignature = rawSignature;
         }
 
+        public boolean verify(byte[] expected)
+        {
+            try
+            {
+                return super.verify(expected);
+            }
+            finally
+            {
+                // we need to do this as in some PKCS11 implementations the session associated with the init of the
+                // raw signature will not be freed if verify is not called on it.
+                try
+                {
+                    rawSignature.verify(expected);
+                }
+                catch (Exception e)
+                {
+                    // ignore
+                }
+            }
+        }
+
         public boolean verify(byte[] digest, byte[] expected)
         {
             try
@@ -251,6 +273,19 @@ public class JcaContentVerifierProviderBuilder
             {
                 throw new RuntimeOperatorException("exception obtaining raw signature: " + e.getMessage(), e);
             }
+            finally
+            {
+                // we need to do this as in some PKCS11 implementations the session associated with the init of the
+                // standard signature will not be freed if verify is not called on it.
+                try
+                {
+                    stream.verify(expected);
+                }
+                catch (Exception e)
+                {
+                    // ignore
+                }
+            }
         }
     }
author	Sergio Giro <sgiro@google.com>	2015-04-09 14:10:16 +0100
committer	Sergio Giro <sgiro@google.com>	2015-04-20 15:41:23 +0100
commit	028ab6e01e3b911024b9b9243e9a0f4ac377c0fa (patch)
tree	35d98bf60cbe7a6487bd0014728eb263e89004bb /bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
parent	b44aff7a3b88138f0070630d467c7527cd90c2f3 (diff)
download	bouncycastle-028ab6e01e3b911024b9b9243e9a0f4ac377c0fa.tar.gz