Search in sources :

Example 1 with SignatureException

use of org.gluu.oxauth.model.exception.SignatureException in project oxAuth by GluuFederation.

the class RawAuthenticationService method checkSignature.

public void checkSignature(String appId, ClientData clientData, RawAuthenticateResponse rawAuthenticateResponse, byte[] publicKey) throws BadInputException {
    String rawClientData = clientData.getRawClientData();
    byte[] signedBytes = packBytesToSign(signatureVerification.hash(appId), rawAuthenticateResponse.getUserPresence(), rawAuthenticateResponse.getCounter(), signatureVerification.hash(rawClientData));
    log.debug("Packed bytes to sign in HEX '{}'", Hex.encodeHexString(signedBytes));
    log.debug("Signature from authentication response in HEX '{}'", Hex.encodeHexString(rawAuthenticateResponse.getSignature()));
    try {
        boolean isValid = signatureVerification.checkSignature(signatureVerification.decodePublicKey(publicKey), signedBytes, rawAuthenticateResponse.getSignature());
        if (!isValid) {
            throw new BadInputException("Signature is not valid");
        }
    } catch (SignatureException ex) {
        throw new BadInputException("Failed to checkSignature", ex);
    }
}
Also used : BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) SignatureException(org.gluu.oxauth.model.exception.SignatureException)

Example 2 with SignatureException

use of org.gluu.oxauth.model.exception.SignatureException in project oxAuth by GluuFederation.

the class RawRegistrationService method checkSignature.

public void checkSignature(String appId, ClientData clientData, RawRegisterResponse rawRegisterResponse) throws BadInputException {
    String rawClientData = clientData.getRawClientData();
    byte[] signedBytes = packBytesToSign(signatureVerification.hash(appId), signatureVerification.hash(rawClientData), rawRegisterResponse.getKeyHandle(), rawRegisterResponse.getUserPublicKey());
    try {
        signatureVerification.checkSignature(rawRegisterResponse.getAttestationCertificate(), signedBytes, rawRegisterResponse.getSignature());
    } catch (SignatureException ex) {
        throw new BadInputException("Failed to checkSignature", ex);
    }
}
Also used : BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) SignatureException(org.gluu.oxauth.model.exception.SignatureException)

Example 3 with SignatureException

use of org.gluu.oxauth.model.exception.SignatureException in project oxAuth by GluuFederation.

the class SHA256withECDSASignatureVerification method decodePublicKey.

@Override
public PublicKey decodePublicKey(byte[] encodedPublicKey) throws SignatureException {
    X9ECParameters curve = SECNamedCurves.getByName("secp256r1");
    ECPoint point = curve.getCurve().decodePoint(encodedPublicKey);
    try {
        return KeyFactory.getInstance("ECDSA").generatePublic(new ECPublicKeySpec(point, new ECParameterSpec(curve.getCurve(), curve.getG(), curve.getN(), curve.getH())));
    } catch (GeneralSecurityException ex) {
        throw new SignatureException(ex);
    }
}
Also used : X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) GeneralSecurityException(java.security.GeneralSecurityException) SignatureException(org.gluu.oxauth.model.exception.SignatureException) ECPoint(org.bouncycastle.math.ec.ECPoint) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)

Example 4 with SignatureException

use of org.gluu.oxauth.model.exception.SignatureException in project oxAuth by GluuFederation.

the class SHA256withECDSASignatureVerification method checkSignature.

@Override
public boolean checkSignature(PublicKey publicKey, byte[] signedBytes, byte[] signature) throws SignatureException {
    boolean isValid = false;
    try {
        Signature ecdsaSignature = Signature.getInstance("SHA256withECDSA", "BC");
        ecdsaSignature.initVerify(publicKey);
        ecdsaSignature.update(signedBytes);
        isValid = ecdsaSignature.verify(signature);
    } catch (GeneralSecurityException ex) {
        throw new SignatureException(ex);
    }
    return isValid;
}
Also used : Signature(java.security.Signature) GeneralSecurityException(java.security.GeneralSecurityException) SignatureException(org.gluu.oxauth.model.exception.SignatureException)

Aggregations

SignatureException (org.gluu.oxauth.model.exception.SignatureException)4 GeneralSecurityException (java.security.GeneralSecurityException)2 BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)2 Signature (java.security.Signature)1 X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)1 ECParameterSpec (org.bouncycastle.jce.spec.ECParameterSpec)1 ECPublicKeySpec (org.bouncycastle.jce.spec.ECPublicKeySpec)1 ECPoint (org.bouncycastle.math.ec.ECPoint)1