Examples with Signature java.security.Signature used on opensource projects

Example 41 with Signature

use of java.security.Signature in project Android-Developers-Samples by johnjohndoe.

the class BasicAndroidKeyStoreFragment method signData.

/**
     * Signs the data using the key pair stored in the Android Key Store.  This signature can be
     * used with the data later to verify it was signed by this application.
     * @return A string encoding of the data signature generated
     */
public String signData(String inputStr) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, CertificateException {
    byte[] data = inputStr.getBytes();
    // BEGIN_INCLUDE(sign_load_keystore)
    KeyStore ks = KeyStore.getInstance(SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
    // Weird artifact of Java API.  If you don't have an InputStream to load, you still need
    // to call "load", or it'll crash.
    ks.load(null);
    // Load the key pair from the Android Key Store
    KeyStore.Entry entry = ks.getEntry(mAlias, null);
    /* If the entry is null, keys were never stored under this alias.
         * Debug steps in this situation would be:
         * -Check the list of aliases by iterating over Keystore.aliases(), be sure the alias
         *   exists.
         * -If that's empty, verify they were both stored and pulled from the same keystore
         *   "AndroidKeyStore"
         */
    if (entry == null) {
        Log.w(TAG, "No key found under alias: " + mAlias);
        Log.w(TAG, "Exiting signData()...");
        return null;
    }
    /* If entry is not a KeyStore.PrivateKeyEntry, it might have gotten stored in a previous
         * iteration of your application that was using some other mechanism, or been overwritten
         * by something else using the same keystore with the same alias.
         * You can determine the type using entry.getClass() and debug from there.
         */
    if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
        Log.w(TAG, "Not an instance of a PrivateKeyEntry");
        Log.w(TAG, "Exiting signData()...");
        return null;
    }
    // END_INCLUDE(sign_data)
    // BEGIN_INCLUDE(sign_create_signature)
    // This class doesn't actually represent the signature,
    // just the engine for creating/verifying signatures, using
    // the specified algorithm.
    Signature s = Signature.getInstance(SecurityConstants.SIGNATURE_SHA256withRSA);
    // Initialize Signature using specified private key
    s.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
    // Sign the data, store the result as a Base64 encoded String.
    s.update(data);
    byte[] signature = s.sign();
    String result = Base64.encodeToString(signature, Base64.DEFAULT);
    return result;
}

Example 42 with Signature

use of java.security.Signature in project jjwt by jwtk.

the class EllipticCurveSigner method doSign.

protected byte[] doSign(byte[] data) throws InvalidKeyException, java.security.SignatureException, JwtException {
    PrivateKey privateKey = (PrivateKey) key;
    Signature sig = createSignatureInstance();
    sig.initSign(privateKey);
    sig.update(data);
    return transcodeSignatureToConcat(sig.sign(), getSignatureByteArrayLength(alg));
}

Example 43 with Signature

use of java.security.Signature in project jjwt by jwtk.

the class RsaProvider method createSignatureInstance.

protected Signature createSignatureInstance() {
    Signature sig = super.createSignatureInstance();
    PSSParameterSpec spec = PSS_PARAMETER_SPECS.get(alg);
    if (spec != null) {
        setParameter(sig, spec);
    }
    return sig;
}

Example 44 with Signature

use of java.security.Signature in project jjwt by jwtk.

the class RsaSigner method doSign.

protected byte[] doSign(byte[] data) throws InvalidKeyException, java.security.SignatureException {
    PrivateKey privateKey = (PrivateKey) key;
    Signature sig = createSignatureInstance();
    sig.initSign(privateKey);
    sig.update(data);
    return sig.sign();
}

Example 45 with Signature

use of java.security.Signature in project SeriesGuide by UweTrottmann.

the class Security method verify.

/**
     * Verifies that the signature from the server matches the computed
     * signature on the data.  Returns true if the data is correctly signed.
     *
     * @param publicKey public key associated with the developer account
     * @param signedData signed data from server
     * @param signature server signature
     * @return true if the data and signature match
     */
public static boolean verify(PublicKey publicKey, String signedData, String signature) {
    Signature sig;
    try {
        sig = Signature.getInstance(SIGNATURE_ALGORITHM);
        sig.initVerify(publicKey);
        sig.update(signedData.getBytes());
        if (!sig.verify(Base64.decode(signature))) {
            Timber.e("Signature verification failed.");
            return false;
        }
        return true;
    } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | Base64DecoderException e) {
        Timber.e(e, "Signature verification aborted.");
    }
    return false;
}