Examples with Signature java.security.Signature used on opensource projects

Example 96 with Signature

use of java.security.Signature in project android_frameworks_base by DirtyUnicorns.

the class CertPinInstallReceiverTest method createSignature.

private String createSignature(String content, String version, String requiredHash) throws Exception {
    Signature signer = Signature.getInstance("SHA512withRSA");
    signer.initSign(createKey());
    signer.update(content.trim().getBytes());
    signer.update(version.trim().getBytes());
    signer.update(requiredHash.getBytes());
    String sig = new String(Base64.encode(signer.sign(), Base64.DEFAULT));
    assertEquals(true, verifySignature(content, version, requiredHash, sig, createCertificate()));
    return sig;
}

Example 97 with Signature

use of java.security.Signature in project android_frameworks_base by DirtyUnicorns.

the class ApkSignatureSchemeV2Verifier method verifySigner.

private static X509Certificate[] verifySigner(ByteBuffer signerBlock, Map<Integer, byte[]> contentDigests, CertificateFactory certFactory) throws SecurityException, IOException {
    ByteBuffer signedData = getLengthPrefixedSlice(signerBlock);
    ByteBuffer signatures = getLengthPrefixedSlice(signerBlock);
    byte[] publicKeyBytes = readLengthPrefixedByteArray(signerBlock);
    int signatureCount = 0;
    int bestSigAlgorithm = -1;
    byte[] bestSigAlgorithmSignatureBytes = null;
    List<Integer> signaturesSigAlgorithms = new ArrayList<>();
    while (signatures.hasRemaining()) {
        signatureCount++;
        try {
            ByteBuffer signature = getLengthPrefixedSlice(signatures);
            if (signature.remaining() < 8) {
                throw new SecurityException("Signature record too short");
            }
            int sigAlgorithm = signature.getInt();
            signaturesSigAlgorithms.add(sigAlgorithm);
            if (!isSupportedSignatureAlgorithm(sigAlgorithm)) {
                continue;
            }
            if ((bestSigAlgorithm == -1) || (compareSignatureAlgorithm(sigAlgorithm, bestSigAlgorithm) > 0)) {
                bestSigAlgorithm = sigAlgorithm;
                bestSigAlgorithmSignatureBytes = readLengthPrefixedByteArray(signature);
            }
        } catch (IOException | BufferUnderflowException e) {
            throw new SecurityException("Failed to parse signature record #" + signatureCount, e);
        }
    }
    if (bestSigAlgorithm == -1) {
        if (signatureCount == 0) {
            throw new SecurityException("No signatures found");
        } else {
            throw new SecurityException("No supported signatures found");
        }
    }
    String keyAlgorithm = getSignatureAlgorithmJcaKeyAlgorithm(bestSigAlgorithm);
    Pair<String, ? extends AlgorithmParameterSpec> signatureAlgorithmParams = getSignatureAlgorithmJcaSignatureAlgorithm(bestSigAlgorithm);
    String jcaSignatureAlgorithm = signatureAlgorithmParams.first;
    AlgorithmParameterSpec jcaSignatureAlgorithmParams = signatureAlgorithmParams.second;
    boolean sigVerified;
    try {
        PublicKey publicKey = KeyFactory.getInstance(keyAlgorithm).generatePublic(new X509EncodedKeySpec(publicKeyBytes));
        Signature sig = Signature.getInstance(jcaSignatureAlgorithm);
        sig.initVerify(publicKey);
        if (jcaSignatureAlgorithmParams != null) {
            sig.setParameter(jcaSignatureAlgorithmParams);
        }
        sig.update(signedData);
        sigVerified = sig.verify(bestSigAlgorithmSignatureBytes);
    } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException | InvalidAlgorithmParameterException | SignatureException e) {
        throw new SecurityException("Failed to verify " + jcaSignatureAlgorithm + " signature", e);
    }
    if (!sigVerified) {
        throw new SecurityException(jcaSignatureAlgorithm + " signature did not verify");
    }
    // Signature over signedData has verified.
    byte[] contentDigest = null;
    signedData.clear();
    ByteBuffer digests = getLengthPrefixedSlice(signedData);
    List<Integer> digestsSigAlgorithms = new ArrayList<>();
    int digestCount = 0;
    while (digests.hasRemaining()) {
        digestCount++;
        try {
            ByteBuffer digest = getLengthPrefixedSlice(digests);
            if (digest.remaining() < 8) {
                throw new IOException("Record too short");
            }
            int sigAlgorithm = digest.getInt();
            digestsSigAlgorithms.add(sigAlgorithm);
            if (sigAlgorithm == bestSigAlgorithm) {
                contentDigest = readLengthPrefixedByteArray(digest);
            }
        } catch (IOException | BufferUnderflowException e) {
            throw new IOException("Failed to parse digest record #" + digestCount, e);
        }
    }
    if (!signaturesSigAlgorithms.equals(digestsSigAlgorithms)) {
        throw new SecurityException("Signature algorithms don't match between digests and signatures records");
    }
    int digestAlgorithm = getSignatureAlgorithmContentDigestAlgorithm(bestSigAlgorithm);
    byte[] previousSignerDigest = contentDigests.put(digestAlgorithm, contentDigest);
    if ((previousSignerDigest != null) && (!MessageDigest.isEqual(previousSignerDigest, contentDigest))) {
        throw new SecurityException(getContentDigestAlgorithmJcaDigestAlgorithm(digestAlgorithm) + " contents digest does not match the digest specified by a preceding signer");
    }
    ByteBuffer certificates = getLengthPrefixedSlice(signedData);
    List<X509Certificate> certs = new ArrayList<>();
    int certificateCount = 0;
    while (certificates.hasRemaining()) {
        certificateCount++;
        byte[] encodedCert = readLengthPrefixedByteArray(certificates);
        X509Certificate certificate;
        try {
            certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(encodedCert));
        } catch (CertificateException e) {
            throw new SecurityException("Failed to decode certificate #" + certificateCount, e);
        }
        certificate = new VerbatimX509Certificate(certificate, encodedCert);
        certs.add(certificate);
    }
    if (certs.isEmpty()) {
        throw new SecurityException("No certificates listed");
    }
    X509Certificate mainCertificate = certs.get(0);
    byte[] certificatePublicKeyBytes = mainCertificate.getPublicKey().getEncoded();
    if (!Arrays.equals(publicKeyBytes, certificatePublicKeyBytes)) {
        throw new SecurityException("Public key mismatch between certificate and signature record");
    }
    return certs.toArray(new X509Certificate[certs.size()]);
}

Example 98 with Signature

use of java.security.Signature in project jdk8u_jdk by JetBrains.

the class OidAlgorithmPair method runTest.

private void runTest(OidAlgorithmPair oidAlgorithmPair, KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
    Signature sgAlgorithm = Signature.getInstance(oidAlgorithmPair.algorithm, provider);
    Signature sgOid = Signature.getInstance(oidAlgorithmPair.oid, provider);
    if (sgAlgorithm == null) {
        throw new RuntimeException(String.format("Test failed: algorithm string %s getInstance failed.%n", oidAlgorithmPair.algorithm));
    }
    if (sgOid == null) {
        throw new RuntimeException(String.format("Test failed: OID %s getInstance failed.%n", oidAlgorithmPair.oid));
    }
    if (!sgAlgorithm.getAlgorithm().equals(oidAlgorithmPair.algorithm)) {
        throw new RuntimeException(String.format("Test failed: algorithm string %s getInstance " + "doesn't generate expected algorithm.%n", oidAlgorithmPair.algorithm));
    }
    sgAlgorithm.initSign(keyPair.getPrivate());
    sgAlgorithm.update(INPUT);
    sgOid.initVerify(keyPair.getPublic());
    sgOid.update(INPUT);
    if (!sgOid.verify(sgAlgorithm.sign())) {
        throw new RuntimeException("Signature verification failed unexpectedly");
    }
}

Example 99 with Signature

use of java.security.Signature in project jdk8u_jdk by JetBrains.

the class Basic method signAlias.

private static int signAlias(int testnum, String alias) throws Exception {
    if (ks == null) {
        ks = KeyStore.getInstance(KS_TYPE, provider);
        ks.load(null, tokenPwd);
    }
    if (alias == null) {
        Enumeration enu = ks.aliases();
        if (enu.hasMoreElements()) {
            alias = (String) enu.nextElement();
        }
    }
    PrivateKey pkey = (PrivateKey) ks.getKey(alias, null);
    if ("RSA".equals(pkey.getAlgorithm())) {
        System.out.println("got [" + alias + "] signing key: " + pkey);
    } else {
        throw new SecurityException("expected RSA, got " + pkey.getAlgorithm());
    }
    Signature s = Signature.getInstance("MD5WithRSA", ks.getProvider());
    s.initSign(pkey);
    System.out.println("initialized signature object with key");
    s.update("hello".getBytes());
    System.out.println("signature object updated with [hello] bytes");
    byte[] signed = s.sign();
    System.out.println("received signature " + signed.length + " bytes in length");
    Signature v = Signature.getInstance("MD5WithRSA", ks.getProvider());
    v.initVerify(ks.getCertificate(alias));
    v.update("hello".getBytes());
    v.verify(signed);
    System.out.println("signature verified");
    System.out.println("test " + testnum++ + " passed");
    return testnum;
}

Example 100 with Signature

use of java.security.Signature in project jdk8u_jdk by JetBrains.

the class SolarisShortDSA method use.

static boolean use(KeyPair kp) throws Exception {
    Signature sig = Signature.getInstance("SHA1withDSA");
    sig.initSign(kp.getPrivate());
    sig.update(data);
    byte[] signed = sig.sign();
    Signature sig2 = Signature.getInstance("SHA1withDSA");
    sig2.initVerify(kp.getPublic());
    sig2.update(data);
    return sig2.verify(signed);
}