Examples with Signature - java.security.Signature

Example 36 with Signature

use of java.security.Signature in project robovm by robovm.

the class X509CertImpl method verify.

@Override
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
    Signature signature = Signature.getInstance(getSigAlgName());
    signature.initVerify(key);
    // retrieve the encoding of the TBSCertificate structure
    byte[] tbsCertificateLocal = getTbsCertificateInternal();
    // compute and verify the signature
    signature.update(tbsCertificateLocal, 0, tbsCertificateLocal.length);
    if (!signature.verify(certificate.getSignatureValue())) {
        throw new SignatureException("Signature was not verified");
    }
}

Also used : Signature(java.security.Signature) SignatureException(java.security.SignatureException)

Example 37 with Signature

use of java.security.Signature in project robovm by robovm.

the class X509CRLImpl method verify.

/**
     * @see java.security.cert.X509CRL#verify(PublicKey key)
     * method documentation for more info
     */
public void verify(PublicKey key) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
    Signature signature = Signature.getInstance(getSigAlgName());
    signature.initVerify(key);
    byte[] tbsEncoding = tbsCertList.getEncoded();
    signature.update(tbsEncoding, 0, tbsEncoding.length);
    if (!signature.verify(crl.getSignatureValue())) {
        throw new SignatureException("Signature was not verified");
    }
}

Also used : Signature(java.security.Signature) SignatureException(java.security.SignatureException)

Example 38 with Signature

use of java.security.Signature in project hudson-2.x by hudson.

the class UpdateSite method verifySignature.

/**
     * Verifies the signature in the update center data file.
     */
private boolean verifySignature(JSONObject o) throws GeneralSecurityException, IOException {
    JSONObject signature = o.getJSONObject("signature");
    if (signature.isNullObject()) {
        LOGGER.severe("No signature block found");
        return false;
    }
    o.remove("signature");
    List<X509Certificate> certs = new ArrayList<X509Certificate>();
    {
        // load and verify certificates
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        for (Object cert : o.getJSONArray("certificates")) {
            X509Certificate c = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(Base64.decode(cert.toString().toCharArray())));
            c.checkValidity();
            certs.add(c);
        }
        // all default root CAs in JVM are trusted, plus certs bundled in Hudson
        Set<TrustAnchor> anchors = CertificateUtil.getDefaultRootCAs();
        ServletContext context = Hudson.getInstance().servletContext;
        for (String cert : (Set<String>) context.getResourcePaths("/WEB-INF/update-center-rootCAs")) {
            // skip text files that are meant to be documentation
            if (cert.endsWith(".txt"))
                continue;
            anchors.add(new TrustAnchor((X509Certificate) cf.generateCertificate(context.getResourceAsStream(cert)), null));
        }
        CertificateUtil.validatePath(certs);
    }
    // this is for computing a digest to check sanity
    MessageDigest sha1 = MessageDigest.getInstance("SHA1");
    DigestOutputStream dos = new DigestOutputStream(new NullOutputStream(), sha1);
    // this is for computing a signature
    Signature sig = Signature.getInstance("SHA1withRSA");
    sig.initVerify(certs.get(0));
    SignatureOutputStream sos = new SignatureOutputStream(sig);
    JSONCanonicalUtils.write(o, new OutputStreamWriter(new TeeOutputStream(dos, sos), "UTF-8"));
    // did the digest match? this is not a part of the signature validation, but if we have a bug in the c14n
    // (which is more likely than someone tampering with update center), we can tell
    String computedDigest = new String(Base64.encode(sha1.digest()));
    String providedDigest = signature.getString("digest");
    if (!computedDigest.equalsIgnoreCase(providedDigest)) {
        LOGGER.severe("Digest mismatch: " + computedDigest + " vs " + providedDigest);
        return false;
    }
    if (!sig.verify(Base64.decode(signature.getString("signature").toCharArray()))) {
        LOGGER.severe("Signature in the update center doesn't match with the certificate");
        return false;
    }
    return true;
}

Also used : TeeOutputStream(org.apache.commons.io.output.TeeOutputStream) Set(java.util.Set) ArrayList(java.util.ArrayList) TrustAnchor(java.security.cert.TrustAnchor) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) JSONObject(net.sf.json.JSONObject) SignatureOutputStream(org.jvnet.hudson.crypto.SignatureOutputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) DigestOutputStream(java.security.DigestOutputStream) Signature(java.security.Signature) ServletContext(javax.servlet.ServletContext) JSONObject(net.sf.json.JSONObject) OutputStreamWriter(java.io.OutputStreamWriter) MessageDigest(java.security.MessageDigest) NullOutputStream(org.apache.commons.io.output.NullOutputStream)

Example 39 with Signature

use of java.security.Signature in project jjwt by jwtk.

the class EllipticCurveSignatureValidator method isValid.

@Override
public boolean isValid(byte[] data, byte[] signature) {
    Signature sig = createSignatureInstance();
    PublicKey publicKey = (PublicKey) key;
    try {
        int expectedSize = getSignatureByteArrayLength(alg);
        /**
             *
             * If the expected size is not valid for JOSE, fall back to ASN.1 DER signature.
             * This fallback is for backwards compatibility ONLY (to support tokens generated by previous versions of jjwt)
             * and backwards compatibility will possibly be removed in a future version of this library.
             *
             * **/
        byte[] derSignature = expectedSize != signature.length && signature[0] == 0x30 ? signature : EllipticCurveProvider.transcodeSignatureToDER(signature);
        return doVerify(sig, publicKey, data, derSignature);
    } catch (Exception e) {
        String msg = "Unable to verify Elliptic Curve signature using configured ECPublicKey. " + e.getMessage();
        throw new SignatureException(msg, e);
    }
}

Also used : PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) Signature(java.security.Signature) SignatureException(io.jsonwebtoken.SignatureException) SignatureException(io.jsonwebtoken.SignatureException) InvalidKeyException(java.security.InvalidKeyException)

Example 40 with Signature

use of java.security.Signature in project OpenAttestation by OpenAttestation.

the class Diagnostic method trySignature.

private static void trySignature() {
    String algorithmName = "SHA1withRSA";
    try {
        // generate keypair
        // NoSuchAlgorithmException, NoSuchProviderException
        KeyPair keyPair = KeyPairGenerator.getInstance("RSA", "BC").generateKeyPair();
        PrivateKey privateKey = keyPair.getPrivate();
        String plaintext = "This is the message being signed";
        // generate signature
        // NoSuchAlgorithmException, NoSuchProviderException
        Signature instance = Signature.getInstance("SHA1withRSAEncryption", "BC");
        // InvalidKeyException
        instance.initSign(privateKey);
        // SignatureException
        instance.update((plaintext).getBytes());
        byte[] signature = instance.sign();
        System.out.println("Generated SHA1 with RSA signature of length: " + signature.length);
    } catch (NoSuchProviderException e) {
        System.err.println("Cannot use provider: BC: " + e.toString());
    } catch (NoSuchAlgorithmException e) {
        System.err.println("Cannot use algorithm: " + algorithmName + ": " + e.toString());
    } catch (InvalidKeyException e) {
        System.err.println("Cannot use key: " + e.toString());
    } catch (SignatureException e) {
        System.err.println("Cannot generate signature: " + e.toString());
    }
}

Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) Signature(java.security.Signature) JDKDigestSignature(org.bouncycastle.jce.provider.JDKDigestSignature) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SignatureException(java.security.SignatureException) NoSuchProviderException(java.security.NoSuchProviderException) InvalidKeyException(java.security.InvalidKeyException)

Aggregations

Signature (java.security.Signature)261 SignatureException (java.security.SignatureException)84 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)70 InvalidKeyException (java.security.InvalidKeyException)61 PublicKey (java.security.PublicKey)61 PrivateKey (java.security.PrivateKey)43 IOException (java.io.IOException)42 KeyFactory (java.security.KeyFactory)41 X509Certificate (java.security.cert.X509Certificate)26 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)23 KeyPair (java.security.KeyPair)19 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)19 GeneralSecurityException (java.security.GeneralSecurityException)16 KeyPairGenerator (java.security.KeyPairGenerator)16 MySignature1 (org.apache.harmony.security.tests.support.MySignature1)16 ByteArrayInputStream (java.io.ByteArrayInputStream)14 BigInteger (java.math.BigInteger)14 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)14 CertificateException (java.security.cert.CertificateException)14 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)14