List of usage examples for java.security Signature update
public final void update(ByteBuffer data) throws SignatureException
From source file:org.signserver.module.mrtdsodsigner.MRTDSODSigner.java
static byte[] getSampleSignedData(byte[] dataToBeSigned, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { byte[] encryptedDigest = null; Signature s = null; s = Signature.getInstance("SHA256withRSA"); s.initSign(privateKey);/*from ww w . ja v a 2s . c o m*/ s.update(dataToBeSigned); encryptedDigest = s.sign(); return encryptedDigest; }
From source file:org.ejbca.core.protocol.cmp.CmpMessageHelper.java
/** verifies signature protection on CMP PKI messages * /* ww w . ja v a 2 s . co m*/ * @param pKIMessage the CMP message to verify signature on, if protected by signature protection * @param pubKey the public key used to verify the signature * @return true if verification is ok or false if verification fails * @throws NoSuchAlgorithmException message is signed by an unknown algorithm * @throws NoSuchProviderException the BouncyCastle (BC) provider is not installed * @throws InvalidKeyException pubKey is not valid for signature verification * @throws SignatureException if the passed-in signature is improperly encoded or of the wrong type, if this signature algorithm is unable to process the input data provided, etc. */ public static boolean verifyCertBasedPKIProtection(PKIMessage pKIMessage, PublicKey pubKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException { AlgorithmIdentifier sigAlg = pKIMessage.getHeader().getProtectionAlg(); if (LOG.isDebugEnabled()) { LOG.debug("Verifying signature with algorithm: " + sigAlg.getAlgorithm().getId()); } Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), "BC"); sig.initVerify(pubKey); sig.update(CmpMessageHelper.getProtectedBytes(pKIMessage)); boolean result = sig.verify(pKIMessage.getProtection().getBytes()); if (LOG.isDebugEnabled()) { LOG.debug("Verification result: " + result); } return result; }
From source file:biz.bokhorst.xprivacy.Util.java
private static boolean verifyData(byte[] data, byte[] signature, PublicKey publicKey) throws Throwable { // Verify signature Signature verifier = Signature.getInstance("SHA1withRSA"); verifier.initVerify(publicKey);//from w ww . j a v a 2 s . com verifier.update(data); return verifier.verify(signature); }
From source file:org.ejbca.core.protocol.cmp.CmpMessageHelper.java
public static PKIMessage buildCertBasedPKIProtection(PKIMessage pKIMessage, CMPCertificate[] extraCerts, PrivateKey key, String digestAlg, String provider) throws NoSuchProviderException, NoSuchAlgorithmException, SecurityException, SignatureException, InvalidKeyException { // Select which signature algorithm we should use for the response, based on the digest algorithm and key type. ASN1ObjectIdentifier oid = AlgorithmTools.getSignAlgOidFromDigestAndKey(digestAlg, key.getAlgorithm()); if (LOG.isDebugEnabled()) { LOG.debug("Selected signature alg oid: " + oid.getId() + ", key algorithm: " + key.getAlgorithm()); }//from w w w. j a v a2 s. co m // According to PKCS#1 AlgorithmIdentifier for RSA-PKCS#1 has null Parameters, this means a DER Null (asn.1 encoding of null), not Java null. // For the RSA signature algorithms specified above RFC3447 states "...the parameters MUST be present and MUST be NULL." PKIHeaderBuilder headerBuilder = getHeaderBuilder(pKIMessage.getHeader()); AlgorithmIdentifier pAlg = null; if ("RSA".equalsIgnoreCase(key.getAlgorithm())) { pAlg = new AlgorithmIdentifier(oid, DERNull.INSTANCE); } else { pAlg = new AlgorithmIdentifier(oid); } headerBuilder.setProtectionAlg(pAlg); // Most PKCS#11 providers don't like to be fed an OID as signature algorithm, so // we use BC classes to translate it into a signature algorithm name instead PKIHeader head = headerBuilder.build(); String signatureAlgorithmName = AlgorithmTools.getAlgorithmNameFromOID(oid); if (LOG.isDebugEnabled()) { LOG.debug("Signing CMP message with signature alg: " + signatureAlgorithmName); } Signature sig = Signature.getInstance(signatureAlgorithmName, provider); sig.initSign(key); sig.update(CmpMessageHelper.getProtectedBytes(head, pKIMessage.getBody())); if ((extraCerts != null) && (extraCerts.length > 0)) { pKIMessage = new PKIMessage(head, pKIMessage.getBody(), new DERBitString(sig.sign()), extraCerts); } else { pKIMessage = new PKIMessage(head, pKIMessage.getBody(), new DERBitString(sig.sign())); } return pKIMessage; }
From source file:com.orange.oidc.secproxy_service.KryptoUtils.java
static public boolean verifyJWS(String s, String algorithm, PublicKey pubKey, PrivateKey privKey) { // algorithm = "SHA256withRSA"; // algorithm = "SHA1withRSA"; boolean bverify = false; String parts[] = s.split("\\."); if (parts == null || parts.length != 3) return bverify; try {//from w w w . ja v a2 s. co m if ("RS256".compareTo(algorithm) == 0) algorithm = "SHA256withRSA"; Signature signature = Signature.getInstance(algorithm, "SC"); signature.initVerify(pubKey); signature.update((parts[0] + "." + parts[1]).getBytes()); bverify = signature.verify(decodeB64(parts[2])); Log.d("verifyJWS", "payload: " + new String(decodeB64(parts[1]))); /* // verify signature signature.initSign(privKey); signature.update((parts[0]+"."+parts[1]).getBytes()); byte sig[] = signature.sign(); String sig64 = encodeB64(sig); Log.d("verifyJWS","compute: "+sig64); */ } catch (Exception e) { e.printStackTrace(); } return bverify; }
From source file:org.mitre.openid.connect.client.AbstractOIDCAuthenticationFilter.java
/** * Verifies the signature text against the data * //from www .j a v a 2s .co m * @param data * The data * @param sigText * The signature text * @return True if valid, false if not */ public static boolean verify(Signature signer, PublicKey publicKey, String data, String sigText) { try { signer.initVerify(publicKey); signer.update(data.getBytes("UTF-8")); byte[] sigBytes = Base64.decodeBase64(sigText); return signer.verify(sigBytes); } catch (GeneralSecurityException generalSecurityException) { // generalSecurityException.printStackTrace(); throw new IllegalStateException(generalSecurityException); } catch (UnsupportedEncodingException unsupportedEncodingException) { // unsupportedEncodingException.printStackTrace(); throw new IllegalStateException(unsupportedEncodingException); } }
From source file:org.signserver.server.cryptotokens.CryptoTokenHelper.java
/** * Creates a test signature and verifies it. * * @param privateKey Private key to sign with * @param publicKey Public key to verify with * @param signatureProvider Name of provider to sign with * @throws NoSuchAlgorithmException In case the key or signature algorithm is unknown * @throws NoSuchProviderException In case the supplied provider name is unknown or BC is not installed * @throws InvalidKeyException If signature verification failed or the key was invalid * @throws SignatureException If the signature could not be made or verified correctly *//* w w w . j a va 2 s .co m*/ public static void testSignAndVerify(PrivateKey privateKey, PublicKey publicKey, String signatureProvider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException { final byte input[] = "Lillan gick pa vagen ut, motte dar en katt...".getBytes(); final String sigAlg = suggestSigAlg(publicKey); if (sigAlg == null) { throw new NoSuchAlgorithmException("Unknown key algorithm: " + publicKey.getAlgorithm()); } if (LOG.isDebugEnabled()) { LOG.debug("Testing keys with algorithm: " + publicKey.getAlgorithm()); LOG.debug("testSigAlg: " + sigAlg); LOG.debug("provider: " + signatureProvider); LOG.trace("privateKey: " + privateKey); LOG.trace("privateKey class: " + privateKey.getClass().getName()); LOG.trace("publicKey: " + publicKey); LOG.trace("publicKey class: " + publicKey.getClass().getName()); } final Signature signSignature = Signature.getInstance(sigAlg, signatureProvider); signSignature.initSign(privateKey); signSignature.update(input); byte[] signBA = signSignature.sign(); if (LOG.isTraceEnabled()) { LOG.trace("Created signature of size: " + signBA.length); LOG.trace("Created signature: " + new String(Hex.encode(signBA))); } final Signature verifySignature = Signature.getInstance(sigAlg, "BC"); verifySignature.initVerify(publicKey); verifySignature.update(input); if (!verifySignature.verify(signBA)) { throw new InvalidKeyException("Test signature inconsistent"); } }
From source file:org.mitre.openid.connect.client.AbstractOIDCAuthenticationFilter.java
/** * Returns the signature text for the byte array of data * /*from w w w . j a v a2s .c om*/ * @param signer * The algorithm to sign with * @param privateKey * The private key to sign with * @param data * The data to be signed * @return The signature text */ public static String sign(Signature signer, PrivateKey privateKey, byte[] data) { String signature; try { signer.initSign(privateKey); signer.update(data); byte[] sigBytes = signer.sign(); signature = (new String(Base64.encodeBase64URLSafe(sigBytes))).replace("=", ""); } catch (GeneralSecurityException generalSecurityException) { // generalSecurityException.printStackTrace(); throw new IllegalStateException(generalSecurityException); } return signature; }
From source file:com.netscape.cms.servlet.test.DRMTest.java
/** * Verify the generated asymmetric key pair. * * @param keyAlgorithm - Algorithm used to generate keys. * @param privateKey - binary data of the private key. * @param publicKey - binary data of he public key. * @return//from w ww. j av a2s.c om * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException * @throws InvalidKeyException * @throws SignatureException * @throws IOException */ public static boolean isKeyPairValid(String keyAlgorithm, byte[] privateKey, byte[] publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException, IOException { String algorithm = keyAlgorithm.toUpperCase(); String signingAlgorithm = "SHA1with" + algorithm; KeyFactory factory = KeyFactory.getInstance(algorithm); PrivateKey priKey = factory.generatePrivate(new PKCS8EncodedKeySpec(privateKey)); PublicKey pubKey = factory.generatePublic(new X509EncodedKeySpec(publicKey)); Signature sig = Signature.getInstance(signingAlgorithm); sig.initSign(priKey); String s = "Data to test asymmetric keys."; sig.update(s.getBytes()); // Sign the data with the private key. byte[] realSig = sig.sign(); Signature sig2 = Signature.getInstance(signingAlgorithm); sig2.initVerify(pubKey); sig2.update(s.getBytes()); // Verify the signature with the public key. return sig2.verify(realSig); }
From source file:com.orange.oidc.tim.service.KryptoUtils.java
static public boolean verifyJWS(String s, String algorithm, PublicKey pubKey, PrivateKey privKey) { // algorithm = "SHA256withRSA"; // algorithm = "SHA1withRSA"; boolean bverify = false; String parts[] = s.split("\\."); if (parts == null || parts.length != 3) return bverify; try {/* w ww .j av a 2s . c o m*/ if ("RS256".compareTo(algorithm) == 0) algorithm = "SHA256withRSA"; Signature signature = Signature.getInstance(algorithm, "SC"); signature.initVerify(pubKey); signature.update((parts[0] + "." + parts[1]).getBytes()); bverify = signature.verify(decodeB64(parts[2])); Log.d("verifyJWS", "payload: " + new String(decodeB64(parts[1]))); /* // verify signature signature.initSign(privKey); signature.update((parts[0]+"."+parts[1]).getBytes()); byte sig[] = signature.sign(); String sig64 = encodeB64(sig); Log.d("verifyJWS","compute: "+sig64); Log.d("verifyJWS","SIM : "+parts[2]); */ } catch (Exception e) { e.printStackTrace(); } return bverify; }