Examples with SignatureException java.security.SignatureException used on opensource projects

Example 96 with SignatureException

use of java.security.SignatureException in project jdk8u_jdk by JetBrains.

the class X509CRLImpl method verify.

/**
     * Verifies that this CRL was signed using the
     * private key that corresponds to the given public key,
     * and that the signature verification was computed by
     * the given provider. Note that the specified Provider object
     * does not have to be registered in the provider list.
     *
     * @param key the PublicKey used to carry out the verification.
     * @param sigProvider the signature provider.
     *
     * @exception NoSuchAlgorithmException on unsupported signature
     * algorithms.
     * @exception InvalidKeyException on incorrect key.
     * @exception SignatureException on signature errors.
     * @exception CRLException on encoding errors.
     */
public synchronized void verify(PublicKey key, Provider sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature sigVerf = null;
    if (sigProvider == null) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);
    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }
    sigVerf.update(tbsCertList, 0, tbsCertList.length);
    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
}

Example 97 with SignatureException

use of java.security.SignatureException in project bnd by bndtools.

the class Signer method write.

@Override
public void write(int b) throws IOException {
    try {
        signature.update((byte) b);
        digester.write(b);
    } catch (SignatureException e) {
        throw new IOException(e.getLocalizedMessage());
    }
}

Example 98 with SignatureException

use of java.security.SignatureException in project ddf by codice.

the class LoginFilter method validateHolderOfKeyConfirmation.

private void validateHolderOfKeyConfirmation(SamlAssertionWrapper assertion, X509Certificate[] x509Certs) throws SecurityServiceException {
    List<String> confirmationMethods = assertion.getConfirmationMethods();
    boolean hasHokMethod = false;
    for (String method : confirmationMethods) {
        if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
            hasHokMethod = true;
        }
    }
    if (hasHokMethod) {
        if (x509Certs != null && x509Certs.length > 0) {
            List<SubjectConfirmation> subjectConfirmations = assertion.getSaml2().getSubject().getSubjectConfirmations();
            for (SubjectConfirmation subjectConfirmation : subjectConfirmations) {
                if (OpenSAMLUtil.isMethodHolderOfKey(subjectConfirmation.getMethod())) {
                    Element dom = subjectConfirmation.getSubjectConfirmationData().getDOM();
                    Node keyInfo = dom.getFirstChild();
                    Node x509Data = keyInfo.getFirstChild();
                    Node dataNode = x509Data.getFirstChild();
                    Node dataText = dataNode.getFirstChild();
                    X509Certificate tlsCertificate = x509Certs[0];
                    if (dataNode.getLocalName().equals("X509Certificate")) {
                        String textContent = dataText.getTextContent();
                        byte[] byteValue = Base64.getMimeDecoder().decode(textContent);
                        try {
                            CertificateFactory cf = CertificateFactory.getInstance("X.509");
                            X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(byteValue));
                            //check that the certificate is still valid
                            cert.checkValidity();
                            //if the certs aren't the same, verify
                            if (!tlsCertificate.equals(cert)) {
                                //verify that the cert was signed by the same private key as the TLS cert
                                cert.verify(tlsCertificate.getPublicKey());
                            }
                        } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException | SignatureException | NoSuchProviderException e) {
                            throw new SecurityServiceException("Unable to validate Holder of Key assertion with certificate.");
                        }
                    } else if (dataNode.getLocalName().equals("X509SubjectName")) {
                        String textContent = dataText.getTextContent();
                        //If, however, the relying party does not trust the certificate issuer to issue such a DN, the attesting entity is not confirmed and the relying party SHOULD disregard the assertion.
                        if (!tlsCertificate.getSubjectDN().getName().equals(textContent)) {
                            throw new SecurityServiceException("Unable to validate Holder of Key assertion with subject DN.");
                        }
                    } else if (dataNode.getLocalName().equals("X509IssuerSerial")) {
                        //we have no way to support this confirmation type so we have to throw an error
                        throw new SecurityServiceException("Unable to validate Holder of Key assertion with issuer serial. NOT SUPPORTED");
                    } else if (dataNode.getLocalName().equals("X509SKI")) {
                        String textContent = dataText.getTextContent();
                        byte[] tlsSKI = tlsCertificate.getExtensionValue("2.5.29.14");
                        byte[] assertionSKI = Base64.getMimeDecoder().decode(textContent);
                        if (tlsSKI != null && tlsSKI.length > 0) {
                            ASN1OctetString tlsOs = ASN1OctetString.getInstance(tlsSKI);
                            ASN1OctetString assertionOs = ASN1OctetString.getInstance(assertionSKI);
                            SubjectKeyIdentifier tlsSubjectKeyIdentifier = SubjectKeyIdentifier.getInstance(tlsOs.getOctets());
                            SubjectKeyIdentifier assertSubjectKeyIdentifier = SubjectKeyIdentifier.getInstance(assertionOs.getOctets());
                            //the attesting entity is not confirmed and the relying party SHOULD disregard the assertion.
                            if (!Arrays.equals(tlsSubjectKeyIdentifier.getKeyIdentifier(), assertSubjectKeyIdentifier.getKeyIdentifier())) {
                                throw new SecurityServiceException("Unable to validate Holder of Key assertion with subject key identifier.");
                            }
                        } else {
                            throw new SecurityServiceException("Unable to validate Holder of Key assertion with subject key identifier.");
                        }
                    }
                }
            }
        } else {
            throw new SecurityServiceException("Holder of Key assertion, must be used with 2-way TLS.");
        }
    }
}

Example 99 with SignatureException

use of java.security.SignatureException in project baker-android by bakerframework.

the class LicenseValidator method verify.

/**
     * Verifies the response from server and calls appropriate callback method.
     *
     * @param publicKey public key associated with the developer account
     * @param responseCode server response code
     * @param signedData signed data from server
     * @param signature server signature
     */
public void verify(PublicKey publicKey, int responseCode, String signedData, String signature) {
    String userId = null;
    // Skip signature check for unsuccessful requests
    ResponseData data = null;
    if (responseCode == LICENSED || responseCode == NOT_LICENSED || responseCode == LICENSED_OLD_KEY) {
        // Verify signature.
        try {
            Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);
            sig.initVerify(publicKey);
            sig.update(signedData.getBytes());
            if (!sig.verify(Base64.decode(signature))) {
                Log.e(TAG, "Signature verification failed.");
                handleInvalidResponse();
                return;
            }
        } catch (NoSuchAlgorithmException e) {
            // This can't happen on an Android compatible device.
            throw new RuntimeException(e);
        } catch (InvalidKeyException e) {
            handleApplicationError(LicenseCheckerCallback.ERROR_INVALID_PUBLIC_KEY);
            return;
        } catch (SignatureException e) {
            throw new RuntimeException(e);
        } catch (Base64DecoderException e) {
            Log.e(TAG, "Could not Base64-decode signature.");
            handleInvalidResponse();
            return;
        }
        // Parse and validate response.
        try {
            data = ResponseData.parse(signedData);
        } catch (IllegalArgumentException e) {
            Log.e(TAG, "Could not parse response.");
            handleInvalidResponse();
            return;
        }
        if (data.responseCode != responseCode) {
            Log.e(TAG, "Response codes don't match.");
            handleInvalidResponse();
            return;
        }
        if (data.nonce != mNonce) {
            Log.e(TAG, "Nonce doesn't match.");
            handleInvalidResponse();
            return;
        }
        if (!data.packageName.equals(mPackageName)) {
            Log.e(TAG, "Package name doesn't match.");
            handleInvalidResponse();
            return;
        }
        if (!data.versionCode.equals(mVersionCode)) {
            Log.e(TAG, "Version codes don't match.");
            handleInvalidResponse();
            return;
        }
        // Application-specific user identifier.
        userId = data.userId;
        if (TextUtils.isEmpty(userId)) {
            Log.e(TAG, "User identifier is empty.");
            handleInvalidResponse();
            return;
        }
    }
    switch(responseCode) {
        case LICENSED:
        case LICENSED_OLD_KEY:
            int limiterResponse = mDeviceLimiter.isDeviceAllowed(userId);
            handleResponse(limiterResponse, data);
            break;
        case NOT_LICENSED:
            handleResponse(Policy.NOT_LICENSED, data);
            break;
        case ERROR_CONTACTING_SERVER:
            Log.w(TAG, "Error contacting licensing server.");
            handleResponse(Policy.RETRY, data);
            break;
        case ERROR_SERVER_FAILURE:
            Log.w(TAG, "An error has occurred on the licensing server.");
            handleResponse(Policy.RETRY, data);
            break;
        case ERROR_OVER_QUOTA:
            Log.w(TAG, "Licensing server is refusing to talk to this device, over quota.");
            handleResponse(Policy.RETRY, data);
            break;
        case ERROR_INVALID_PACKAGE_NAME:
            handleApplicationError(LicenseCheckerCallback.ERROR_INVALID_PACKAGE_NAME);
            break;
        case ERROR_NON_MATCHING_UID:
            handleApplicationError(LicenseCheckerCallback.ERROR_NON_MATCHING_UID);
            break;
        case ERROR_NOT_MARKET_MANAGED:
            handleApplicationError(LicenseCheckerCallback.ERROR_NOT_MARKET_MANAGED);
            break;
        default:
            Log.e(TAG, "Unknown response code for license check.");
            handleInvalidResponse();
    }
}

Example 100 with SignatureException

use of java.security.SignatureException in project j2objc by google.

the class SignatureExceptionTest method testSignatureException04.

/**
     * Test for <code>SignatureException(Throwable)</code> constructor
     * Assertion: constructs SignatureException when <code>cause</code> is
     * null
     */
public void testSignatureException04() {
    Throwable cause = null;
    SignatureException tE = new SignatureException(cause);
    assertNull("getMessage() must return null.", tE.getMessage());
    assertNull("getCause() must return null", tE.getCause());
}