List of usage examples for java.security Signature update
public final void update(ByteBuffer data) throws SignatureException
From source file:com.kuzumeji.platform.standard.SecurityService.java
/** * ???/*from w w w . ja v a 2 s .co m*/ * <dl> * <dt>? * <dd>SHA-512?RSA??????? * </dl> * @param key ? * @param plain * @return ?? */ public byte[] signature(final PrivateKey key, final byte[] plain) { try { final Signature signatureSign = Signature.getInstance(SIGN_ALGO_NAME); signatureSign.initSign(key, SECURE_RANDOM); signatureSign.update(plain); return signatureSign.sign(); } catch (final NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { throw new RuntimeException(e); } }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
protected static PKIMessage genCertReq(String issuerDN, X500Name userDN, String altNames, KeyPair keys, Certificate cacert, byte[] nonce, byte[] transid, boolean raVerifiedPopo, Extensions extensions, Date notBefore, Date notAfter, BigInteger customCertSerno, AlgorithmIdentifier pAlg, DEROctetString senderKID) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException { ASN1EncodableVector optionalValidityV = new ASN1EncodableVector(); org.bouncycastle.asn1.x509.Time nb = new org.bouncycastle.asn1.x509.Time( new DERGeneralizedTime("20030211002120Z")); if (notBefore != null) { nb = new org.bouncycastle.asn1.x509.Time(notBefore); }/*from w w w .j a v a 2 s .c o m*/ optionalValidityV.add(new DERTaggedObject(true, 0, nb)); org.bouncycastle.asn1.x509.Time na = new org.bouncycastle.asn1.x509.Time(new Date()); if (notAfter != null) { na = new org.bouncycastle.asn1.x509.Time(notAfter); } optionalValidityV.add(new DERTaggedObject(true, 1, na)); OptionalValidity myOptionalValidity = OptionalValidity.getInstance(new DERSequence(optionalValidityV)); CertTemplateBuilder myCertTemplate = new CertTemplateBuilder(); myCertTemplate.setValidity(myOptionalValidity); if (issuerDN != null) { myCertTemplate.setIssuer(new X500Name(issuerDN)); } myCertTemplate.setSubject(userDN); byte[] bytes = keys.getPublic().getEncoded(); ByteArrayInputStream bIn = new ByteArrayInputStream(bytes); ASN1InputStream dIn = new ASN1InputStream(bIn); SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence) dIn.readObject()); dIn.close(); myCertTemplate.setPublicKey(keyInfo); // If we did not pass any extensions as parameter, we will create some of our own, standard ones Extensions exts = extensions; if (exts == null) { // SubjectAltName // Some altNames ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream dOut = new ASN1OutputStream(bOut); ExtensionsGenerator extgen = new ExtensionsGenerator(); if (altNames != null) { GeneralNames san = CertTools.getGeneralNamesFromAltName(altNames); dOut.writeObject(san); byte[] value = bOut.toByteArray(); extgen.addExtension(Extension.subjectAlternativeName, false, value); } // KeyUsage int bcku = 0; bcku = KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation; KeyUsage ku = new KeyUsage(bcku); extgen.addExtension(Extension.keyUsage, false, new DERBitString(ku)); // Make the complete extension package exts = extgen.generate(); } myCertTemplate.setExtensions(exts); if (customCertSerno != null) { // Add serialNumber to the certTemplate, it is defined as a MUST NOT be used in RFC4211, but we will use it anyway in order // to request a custom certificate serial number (something not standard anyway) myCertTemplate.setSerialNumber(new ASN1Integer(customCertSerno)); } CertRequest myCertRequest = new CertRequest(4, myCertTemplate.build(), null); // POPO /* * PKMACValue myPKMACValue = new PKMACValue( new AlgorithmIdentifier(new * ASN1ObjectIdentifier("8.2.1.2.3.4"), new DERBitString(new byte[] { 8, * 1, 1, 2 })), new DERBitString(new byte[] { 12, 29, 37, 43 })); * * POPOPrivKey myPOPOPrivKey = new POPOPrivKey(new DERBitString(new * byte[] { 44 }), 2); //take choice pos tag 2 * * POPOSigningKeyInput myPOPOSigningKeyInput = new POPOSigningKeyInput( * myPKMACValue, new SubjectPublicKeyInfo( new AlgorithmIdentifier(new * ASN1ObjectIdentifier("9.3.3.9.2.2"), new DERBitString(new byte[] { 2, * 9, 7, 3 })), new byte[] { 7, 7, 7, 4, 5, 6, 7, 7, 7 })); */ ProofOfPossession myProofOfPossession = null; if (raVerifiedPopo) { // raVerified POPO (meaning there is no POPO) myProofOfPossession = new ProofOfPossession(); } else { ByteArrayOutputStream baos = new ByteArrayOutputStream(); DEROutputStream mout = new DEROutputStream(baos); mout.writeObject(myCertRequest); mout.close(); byte[] popoProtectionBytes = baos.toByteArray(); String sigalg = AlgorithmTools.getSignAlgOidFromDigestAndKey(null, keys.getPrivate().getAlgorithm()) .getId(); Signature sig = Signature.getInstance(sigalg, "BC"); sig.initSign(keys.getPrivate()); sig.update(popoProtectionBytes); DERBitString bs = new DERBitString(sig.sign()); POPOSigningKey myPOPOSigningKey = new POPOSigningKey(null, new AlgorithmIdentifier(new ASN1ObjectIdentifier(sigalg)), bs); myProofOfPossession = new ProofOfPossession(myPOPOSigningKey); } AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.id_regCtrl_regToken, new DERUTF8String("foo123")); AttributeTypeAndValue[] avs = { av }; CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest, myProofOfPossession, avs); CertReqMessages myCertReqMessages = new CertReqMessages(myCertReqMsg); PKIHeaderBuilder myPKIHeader = new PKIHeaderBuilder(2, new GeneralName(userDN), new GeneralName( new X500Name(issuerDN != null ? issuerDN : ((X509Certificate) cacert).getSubjectDN().getName()))); myPKIHeader.setMessageTime(new ASN1GeneralizedTime(new Date())); // senderNonce myPKIHeader.setSenderNonce(new DEROctetString(nonce)); // TransactionId myPKIHeader.setTransactionID(new DEROctetString(transid)); myPKIHeader.setProtectionAlg(pAlg); myPKIHeader.setSenderKID(senderKID); PKIBody myPKIBody = new PKIBody(0, myCertReqMessages); // initialization // request PKIMessage myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody); return myPKIMessage; }
From source file:com.torresbueno.RSAEncryptionDecryptionUtil.java
/** * Sign a message./*from ww w.ja v a 2 s . co m*/ * @param data * @param pk * @return */ public byte[] sign(byte[] data, PrivateKey pk) throws Exception { Signature sig = Signature.getInstance("MD5WithRSA"); sig.initSign(pk); sig.update(data); byte[] signatureBytes = sig.sign(); return signatureBytes; }
From source file:com.torresbueno.RSAEncryptionDecryptionUtil.java
public boolean verifySignWithMD5withRSA(byte[] data, byte[] signatureBytes, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { Signature sig = Signature.getInstance("MD5WithRSA"); sig.initVerify(publicKey);// w w w . j a v a 2 s.c om sig.update(data); return sig.verify(signatureBytes); }
From source file:com.torresbueno.RSAEncryptionDecryptionUtil.java
public boolean verifySignWithSHA1withRSA(byte[] data, byte[] signatureBytes, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { Signature sig = Signature.getInstance("SHA1withRSA"); sig.initVerify(publicKey);/*from w ww . j a va2s . co m*/ sig.update(data); return sig.verify(signatureBytes); }
From source file:mx.bigdata.sat.cfdi.CFDv33.java
String getSignature(PrivateKey key) throws Exception { byte[] bytes = getOriginalBytes(); Signature sig = Signature.getInstance("SHA256withRSA"); sig.initSign(key);/* w w w .j a va2 s . c o m*/ sig.update(bytes); byte[] signed = sig.sign(); Base64 b64 = new Base64(-1); return b64.encodeToString(signed); }
From source file:test.unit.be.fedict.eid.applet.service.IdentityDataMessageHandlerTest.java
public void testHandleMessageWithIntegrityCheck() throws Exception { // setup/* w w w . jav a 2s. co m*/ KeyPair rootKeyPair = MiscTestUtils.generateKeyPair(); KeyPair rrnKeyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate rootCertificate = MiscTestUtils.generateCertificate(rootKeyPair.getPublic(), "CN=TestRootCA", notBefore, notAfter, null, rootKeyPair.getPrivate(), true, 0, null, null); X509Certificate rrnCertificate = MiscTestUtils.generateCertificate(rrnKeyPair.getPublic(), "CN=TestNationalRegistration", notBefore, notAfter, null, rootKeyPair.getPrivate(), false, 0, null, null); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession mockHttpSession = EasyMock.createMock(HttpSession.class); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityServiceClass")) .andStubReturn(IdentityIntegrityTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("AuditService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("AuditServiceClass")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("SkipNationalNumberCheck")).andStubReturn(null); EasyMock.expect(mockHttpSession.getAttribute("eid.identifier")).andStubReturn(null); mockHttpSession.setAttribute(EasyMock.eq("eid.identity"), EasyMock.isA(Identity.class)); EasyMock.expect(mockHttpSession.getAttribute("eid")).andStubReturn(null); mockHttpSession.setAttribute(EasyMock.eq("eid"), EasyMock.isA(EIdData.class)); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_ADDRESS_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_CERTIFICATES_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_PHOTO_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); byte[] idFile = "foobar-id-file".getBytes(); IdentityDataMessage message = new IdentityDataMessage(); message.idFile = idFile; Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(rrnKeyPair.getPrivate()); signature.update(idFile); byte[] idFileSignature = signature.sign(); message.identitySignatureFile = idFileSignature; message.rrnCertFile = rrnCertificate.getEncoded(); message.rootCertFile = rootCertificate.getEncoded(); // prepare EasyMock.replay(mockServletConfig, mockHttpSession, mockServletRequest); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, mockHttpSession); // verify EasyMock.verify(mockServletConfig, mockHttpSession, mockServletRequest); assertEquals(rrnCertificate, IdentityIntegrityTestService.getCertificate()); }
From source file:test.unit.be.fedict.eid.applet.service.IdentityDataMessageHandlerTest.java
public void testHandleMessageInvalidIntegritySignature() throws Exception { // setup//w w w . ja v a2 s . com KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=TestNationalRegistration", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession mockHttpSession = EasyMock.createMock(HttpSession.class); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityServiceClass")) .andStubReturn(IdentityIntegrityTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("AuditService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("AuditServiceClass")) .andStubReturn(AuditTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("SkipNationalNumberCheck")).andStubReturn(null); EasyMock.expect(mockServletRequest.getRemoteAddr()).andStubReturn("remote-address"); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_ADDRESS_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_CERTIFICATES_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_PHOTO_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); byte[] idFile = "foobar-id-file".getBytes(); IdentityDataMessage message = new IdentityDataMessage(); message.idFile = idFile; KeyPair intruderKeyPair = MiscTestUtils.generateKeyPair(); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(intruderKeyPair.getPrivate()); signature.update(idFile); byte[] idFileSignature = signature.sign(); message.identitySignatureFile = idFileSignature; message.rrnCertFile = certificate.getEncoded(); // prepare EasyMock.replay(mockServletConfig, mockHttpSession, mockServletRequest); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); try { this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, mockHttpSession); fail(); } catch (ServletException e) { LOG.debug("expected exception: " + e.getMessage()); // verify EasyMock.verify(mockServletConfig, mockHttpSession, mockServletRequest); assertNull(IdentityIntegrityTestService.getCertificate()); assertEquals("remote-address", AuditTestService.getAuditIntegrityRemoteAddress()); } }
From source file:mx.bigdata.sat.cfdi.CFDv33.java
public void verificar(InputStream in) throws Exception { String certStr = document.getCertificado(); Base64 b64 = new Base64(); byte[] cbs = b64.decode(certStr); X509Certificate cert = KeyLoaderFactory .createInstance(KeyLoaderEnumeration.PUBLIC_KEY_LOADER, new ByteArrayInputStream(cbs)).getKey(); String sigStr = document.getSello(); byte[] signature = b64.decode(sigStr); byte[] bytes = getOriginalBytes(in); Signature sig = Signature.getInstance("SHA256withRSA"); sig.initVerify(cert);//from w w w . ja va 2s. c o m sig.update(bytes); boolean bool = sig.verify(signature); if (!bool) { throw new Exception("Invalid signature."); } }
From source file:mx.bigdata.sat.cfdi.CFDv33.java
@Override public void verificar() throws Exception { String certStr = document.getCertificado(); Base64 b64 = new Base64(); byte[] cbs = b64.decode(certStr); X509Certificate cert = KeyLoaderFactory .createInstance(KeyLoaderEnumeration.PUBLIC_KEY_LOADER, new ByteArrayInputStream(cbs)).getKey(); String sigStr = document.getSello(); byte[] signature = b64.decode(sigStr); byte[] bytes = getOriginalBytes(); Signature sig = Signature.getInstance("SHA256withRSA"); sig.initVerify(cert);//from ww w .ja va2 s. c om sig.update(bytes); boolean bool = sig.verify(signature); if (!bool) { throw new Exception("Invalid signature"); } }