Example 21 with Signature
use of java.security.Signature in project robovm by robovm.
the class NetscapeCertRequest method verify.
public boolean verify(String challenge) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
if (!challenge.equals(this.challenge)) {
return false;
}
//
// Verify the signature .. shows the response was generated
// by someone who knew the associated private key
//
Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(), "BC");
sig.initVerify(pubkey);
sig.update(content.getBytes());
return sig.verify(sigBits);
}
Also used :
Signature(java.security.Signature)
Example 22 with Signature
use of java.security.Signature in project robovm by robovm.
the class JarUtils method verifySignature.
/**
* This method handle all the work with PKCS7, ASN1 encoding, signature verifying,
* and certification path building.
* See also PKCS #7: Cryptographic Message Syntax Standard:
* http://www.ietf.org/rfc/rfc2315.txt
* @param signature - the input stream of signature file to be verified
* @param signatureBlock - the input stream of corresponding signature block file
* @return array of certificates used to verify the signature file
* @throws IOException - if some errors occurs during reading from the stream
* @throws GeneralSecurityException - if signature verification process fails
*/
public static Certificate[] verifySignature(InputStream signature, InputStream signatureBlock) throws IOException, GeneralSecurityException {
BerInputStream bis = new BerInputStream(signatureBlock);
ContentInfo info = (ContentInfo) ContentInfo.ASN1.decode(bis);
SignedData signedData = info.getSignedData();
if (signedData == null) {
throw new IOException("No SignedData found");
}
Collection<org.apache.harmony.security.x509.Certificate> encCerts = signedData.getCertificates();
if (encCerts.isEmpty()) {
return null;
}
X509Certificate[] certs = new X509Certificate[encCerts.size()];
int i = 0;
for (org.apache.harmony.security.x509.Certificate encCert : encCerts) {
certs[i++] = new X509CertImpl(encCert);
}
List<SignerInfo> sigInfos = signedData.getSignerInfos();
SignerInfo sigInfo;
if (!sigInfos.isEmpty()) {
sigInfo = sigInfos.get(0);
} else {
return null;
}
// Issuer
X500Principal issuer = sigInfo.getIssuer();
// Certificate serial number
BigInteger snum = sigInfo.getSerialNumber();
// Locate the certificate
int issuerSertIndex = 0;
for (i = 0; i < certs.length; i++) {
if (issuer.equals(certs[i].getIssuerDN()) && snum.equals(certs[i].getSerialNumber())) {
issuerSertIndex = i;
break;
}
}
if (i == certs.length) {
// No issuer certificate found
return null;
}
if (certs[issuerSertIndex].hasUnsupportedCriticalExtension()) {
throw new SecurityException("Can not recognize a critical extension");
}
// Get Signature instance
final String daOid = sigInfo.getDigestAlgorithm();
final String daName = sigInfo.getDigestAlgorithmName();
final String deaOid = sigInfo.getDigestEncryptionAlgorithm();
String alg = null;
Signature sig = null;
if (daOid != null && deaOid != null) {
alg = daOid + "with" + deaOid;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
// Try to convert to names instead of OID.
if (sig == null) {
final String deaName = sigInfo.getDigestEncryptionAlgorithmName();
alg = daName + "with" + deaName;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
}
}
/*
* TODO figure out the case in which we'd only use digestAlgorithm and
* add a test for it.
*/
if (sig == null && daOid != null) {
alg = daOid;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
if (sig == null && daName != null) {
alg = daName;
try {
sig = Signature.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
}
}
}
// We couldn't find a valid Signature type.
if (sig == null) {
return null;
}
sig.initVerify(certs[issuerSertIndex]);
// If the authenticatedAttributes field of SignerInfo contains more than zero attributes,
// compute the message digest on the ASN.1 DER encoding of the Attributes value.
// Otherwise, compute the message digest on the data.
List<AttributeTypeAndValue> atr = sigInfo.getAuthenticatedAttributes();
byte[] sfBytes = new byte[signature.available()];
signature.read(sfBytes);
if (atr == null) {
sig.update(sfBytes);
} else {
sig.update(sigInfo.getEncodedAuthenticatedAttributes());
// If the authenticatedAttributes field contains the message-digest attribute,
// verify that it equals the computed digest of the signature file
byte[] existingDigest = null;
for (AttributeTypeAndValue a : atr) {
if (Arrays.equals(a.getType().getOid(), MESSAGE_DIGEST_OID)) {
if (existingDigest != null) {
throw new SecurityException("Too many MessageDigest attributes");
}
Collection<?> entries = a.getValue().getValues(ASN1OctetString.getInstance());
if (entries.size() != 1) {
throw new SecurityException("Too many values for MessageDigest attribute");
}
existingDigest = (byte[]) entries.iterator().next();
}
}
// message digest entry.
if (existingDigest == null) {
throw new SecurityException("Missing MessageDigest in Authenticated Attributes");
}
MessageDigest md = null;
if (daOid != null) {
md = MessageDigest.getInstance(daOid);
}
if (md == null && daName != null) {
md = MessageDigest.getInstance(daName);
}
if (md == null) {
return null;
}
byte[] computedDigest = md.digest(sfBytes);
if (!Arrays.equals(existingDigest, computedDigest)) {
throw new SecurityException("Incorrect MD");
}
}
if (!sig.verify(sigInfo.getEncryptedDigest())) {
throw new SecurityException("Incorrect signature");
}
return createChain(certs[issuerSertIndex], certs);
}
Also used :
ASN1OctetString(org.apache.harmony.security.asn1.ASN1OctetString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
X509CertImpl(org.apache.harmony.security.provider.cert.X509CertImpl)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
MessageDigest(java.security.MessageDigest)
SignedData(org.apache.harmony.security.pkcs7.SignedData)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
AttributeTypeAndValue(org.apache.harmony.security.x501.AttributeTypeAndValue)
SignerInfo(org.apache.harmony.security.pkcs7.SignerInfo)
Signature(java.security.Signature)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 23 with Signature
use of java.security.Signature in project robovm by robovm.
the class X509CertImpl method verify.
@Override
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
Signature signature = Signature.getInstance(getSigAlgName());
signature.initVerify(key);
// retrieve the encoding of the TBSCertificate structure
byte[] tbsCertificateLocal = getTbsCertificateInternal();
// compute and verify the signature
signature.update(tbsCertificateLocal, 0, tbsCertificateLocal.length);
if (!signature.verify(certificate.getSignatureValue())) {
throw new SignatureException("Signature was not verified");
}
}
Also used :
Signature(java.security.Signature)
SignatureException(java.security.SignatureException)
Example 24 with Signature
use of java.security.Signature in project robovm by robovm.
the class X509CRLImpl method verify.
/**
* @see java.security.cert.X509CRL#verify(PublicKey key)
* method documentation for more info
*/
public void verify(PublicKey key) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
Signature signature = Signature.getInstance(getSigAlgName());
signature.initVerify(key);
byte[] tbsEncoding = tbsCertList.getEncoded();
signature.update(tbsEncoding, 0, tbsEncoding.length);
if (!signature.verify(crl.getSignatureValue())) {
throw new SignatureException("Signature was not verified");
}
}
Also used :
Signature(java.security.Signature)
SignatureException(java.security.SignatureException)
Example 25 with Signature
use of java.security.Signature in project robovm by robovm.
the class SignatureTestMD2withRSA method testSignature.
@AndroidOnly("Android doesn't include MD2withRSA signature algorithm")
public void testSignature() {
try {
Signature signature = Signature.getInstance("MD2withRSA");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
try {
Signature signature = Signature.getInstance("MD2WithRSA");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
try {
Signature signature = Signature.getInstance("MD2WITHRSA");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
try {
Signature signature = Signature.getInstance("MD2withRSAEncryption");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
try {
Signature signature = Signature.getInstance("MD2WithRSAEncryption");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
try {
Signature signature = Signature.getInstance("MD2WITHRSAENCRYPTION");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
try {
Signature signature = Signature.getInstance("MD2/RSA");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
try {
Signature signature = Signature.getInstance("1.2.840.113549.1.1.2");
fail("MD2withRSA for signature verification must not be supported");
} catch (NoSuchAlgorithmException e) {
// expected
}
}
Also used :
Signature(java.security.Signature)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AndroidOnly(dalvik.annotation.AndroidOnly)
Aggregations
Signature (java.security.Signature)242
SignatureException (java.security.SignatureException)84
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)69
InvalidKeyException (java.security.InvalidKeyException)61
PublicKey (java.security.PublicKey)59
KeyFactory (java.security.KeyFactory)41
PrivateKey (java.security.PrivateKey)38
IOException (java.io.IOException)36
X509Certificate (java.security.cert.X509Certificate)24
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)23
KeyPair (java.security.KeyPair)19
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)18
KeyPairGenerator (java.security.KeyPairGenerator)16
MySignature1 (org.apache.harmony.security.tests.support.MySignature1)16
GeneralSecurityException (java.security.GeneralSecurityException)15
ByteArrayInputStream (java.io.ByteArrayInputStream)14
BigInteger (java.math.BigInteger)14
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)14
CertificateException (java.security.cert.CertificateException)14
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)14
