Search in sources :

Example 76 with Signature

use of org.bouncycastle.asn1.ocsp.Signature in project athenz by yahoo.

the class CryptoTest method testSignVerifyECParamMixCurvesFail.

@Test
public void testSignVerifyECParamMixCurvesFail() {
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateParamPrime256v1Key);
    assertNotNull(privateKey);
    String signature = Crypto.sign(serviceToken, privateKey);
    PublicKey publicKey = Crypto.loadPublicKey(ecPublicParamSecp384r1Key);
    assertNotNull(publicKey);
    assertFalse(Crypto.verify(serviceToken, publicKey, signature));
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Example 77 with Signature

use of org.bouncycastle.asn1.ocsp.Signature in project athenz by yahoo.

the class CryptoTest method testValidateJWSDocumentInvalidPublicKey.

@Test
public void testValidateJWSDocumentInvalidPublicKey() {
    // we're going to return different public key for id
    Map<String, PublicKey> keyMap = new HashMap<>();
    keyMap.put("rsa-0", Crypto.loadPublicKey(ecPublicKey));
    keyMap.put("ec-0", Crypto.loadPublicKey(rsaPublicKey));
    Function<String, PublicKey> keyGetter = keyMap::get;
    final Base64.Encoder encoder = Base64.getUrlEncoder().withoutPadding();
    final String protectedHeader = "{\"kid\":\"ec-0\",\"alg\":\"ES256\"}";
    final byte[] encodedHeader = encoder.encode(protectedHeader.getBytes(StandardCharsets.UTF_8));
    final String payload = "{\"domainName\":\"athenz\"}";
    final byte[] encodedPayload = encoder.encode(payload.getBytes(StandardCharsets.UTF_8));
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    final byte[] signature = encoder.encode(Crypto.sign(Bytes.concat(encodedHeader, PERIOD, encodedPayload), privateKey, Crypto.SHA256));
    assertFalse(Crypto.validateJWSDocument(new String(encodedHeader), new String(encodedPayload), new String(signature), keyGetter));
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Example 78 with Signature

use of org.bouncycastle.asn1.ocsp.Signature in project athenz by yahoo.

the class CryptoTest method testSignVerifyECParamsKey.

@Test
public void testSignVerifyECParamsKey() {
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateParamsKey);
    assertNotNull(privateKey);
    String signature = Crypto.sign(serviceToken, privateKey);
    PublicKey publicKey = Crypto.loadPublicKey(ecPublicParamsKey);
    assertNotNull(publicKey);
    assertTrue(Crypto.verify(serviceToken, publicKey, signature));
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Example 79 with Signature

use of org.bouncycastle.asn1.ocsp.Signature in project athenz by yahoo.

the class CryptoTest method testSignVerifyECParamSecp384r1Key.

@Test
public void testSignVerifyECParamSecp384r1Key() {
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateParamSecp384r1Key);
    assertNotNull(privateKey);
    String signature = Crypto.sign(serviceToken, privateKey);
    PublicKey publicKey = Crypto.loadPublicKey(ecPublicParamSecp384r1Key);
    assertNotNull(publicKey);
    assertTrue(Crypto.verify(serviceToken, publicKey, signature));
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Example 80 with Signature

use of org.bouncycastle.asn1.ocsp.Signature in project athenz by yahoo.

the class CryptoTest method validateJWSDocumentMissingKid.

@Test
public void validateJWSDocumentMissingKid() {
    Function<String, PublicKey> keyGetter = (String keyId) -> null;
    final Base64.Encoder encoder = Base64.getUrlEncoder().withoutPadding();
    final String protectedHeader = "{\"alg\":\"ES256\"}";
    final byte[] encodedHeader = encoder.encode(protectedHeader.getBytes(StandardCharsets.UTF_8));
    final String payload = "{\"domainName\":\"athenz\"}";
    final byte[] encodedPayload = encoder.encode(payload.getBytes(StandardCharsets.UTF_8));
    PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
    final byte[] signature = encoder.encode(Crypto.sign(Bytes.concat(encodedHeader, PERIOD, encodedPayload), privateKey, Crypto.SHA256));
    assertFalse(Crypto.validateJWSDocument(new String(encodedHeader), new String(encodedPayload), new String(signature), keyGetter));
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) DERIA5String(org.bouncycastle.asn1.DERIA5String) Test(org.testng.annotations.Test)

Aggregations

IOException (java.io.IOException)58 DERIA5String (org.bouncycastle.asn1.DERIA5String)36 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)31 DERBitString (org.bouncycastle.asn1.DERBitString)31 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)30 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30 InvalidKeyException (java.security.InvalidKeyException)28 X509Certificate (java.security.cert.X509Certificate)28 SignatureException (java.security.SignatureException)27 DERSequence (org.bouncycastle.asn1.DERSequence)26 PublicKey (java.security.PublicKey)25 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)23 DEROctetString (org.bouncycastle.asn1.DEROctetString)22 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)22 Signature (java.security.Signature)21 CertificateException (java.security.cert.CertificateException)21 BigInteger (java.math.BigInteger)20 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)19 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)18 NoSuchProviderException (java.security.NoSuchProviderException)16