List of usage examples for org.apache.commons.codec.binary Base64 encodeBase64URLSafeString
public static String encodeBase64URLSafeString(final byte[] binaryData)
From source file:org.ebayopensource.fido.uaf.ops.AuthenticationResponseProcessing.java
private boolean verifySignature(Tag signedData, Tag signature, String pubKey, AlgAndEncodingEnum algAndEncoding) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, UnsupportedEncodingException, Exception { byte[] dataForSigning = getDataForSigning(signedData); logger.info(" : pub : " + pubKey); logger.info(" : dataForSigning : " + Base64.encodeBase64URLSafeString(dataForSigning)); logger.info(" : signature : " + Base64.encodeBase64URLSafeString(signature.value)); // This works // return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(pubKey), // dataForSigning, Asn1.decodeToBigIntegerArray(signature.value)); byte[] decodeBase64 = Base64.decodeBase64(pubKey); if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_RSASSA_PSS_SHA256_RAW) { PublicKey publicKey = KeyCodec.getRSAPublicKey(decodeBase64); return RSA.verifyPSS(publicKey, SHA.sha(dataForSigning, "SHA-256"), signature.value); } else if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_RSASSA_PSS_SHA256_DER) { PublicKey publicKey = KeyCodec.getRSAPublicKey(new DEROctetString(decodeBase64).getOctets()); return RSA.verifyPSS(publicKey, SHA.sha(dataForSigning, "SHA-256"), new DEROctetString(signature.value).getOctets()); } else {/*from w w w . ja v a 2 s . co m*/ if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256K1_ECDSA_SHA256_DER) { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256k1"); return NamedCurve.verifyUsingSecp256k1(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } if (algAndEncoding == AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256R1_ECDSA_SHA256_DER) { if (decodeBase64.length > 65) { return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(pubKey), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } else { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256r1"); return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } } if (signature.value.length == 64) { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256r1"); return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.transformRawSignature(signature.value)); } else if (65 == decodeBase64.length && AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256R1_ECDSA_SHA256_DER == algAndEncoding) { ECPublicKey decodedPub = (ECPublicKey) KeyCodec.getPubKeyFromCurve(decodeBase64, "secp256r1"); return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(decodedPub), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } else { return NamedCurve.verify(KeyCodec.getKeyAsRawBytes(pubKey), SHA.sha(dataForSigning, "SHA-256"), Asn1.decodeToBigIntegerArray(signature.value)); } } }
From source file:org.ebayopensource.fido.uaf.ops.RegistrationRequestGeneration.java
private String generateServerData(String username, String challenge, Notary notary) { String dataToSign = Base64.encodeBase64URLSafeString(("" + System.currentTimeMillis()).getBytes()) + "." + Base64.encodeBase64URLSafeString(username.getBytes()) + "." + Base64.encodeBase64URLSafeString(challenge.getBytes()); String signature = notary.sign(dataToSign); return Base64.encodeBase64URLSafeString((signature + "." + dataToSign).getBytes()); }
From source file:org.ebayopensource.fido.uaf.ops.RegistrationResponseProcessing.java
private RegistrationRecord processAssertions( AuthenticatorRegistrationAssertion authenticatorRegistrationAssertion, RegistrationRecord record) { if (record == null) { record = new RegistrationRecord(); record.status = "INVALID_USERNAME"; }/*w ww . j a va2 s .c o m*/ TlvAssertionParser parser = new TlvAssertionParser(); try { Tags tags = parser.parse(authenticatorRegistrationAssertion.assertion); try { verifyAttestationSignature(tags, record); } catch (Exception e) { record.attestVerifiedStatus = "NOT_VERIFIED"; } AuthenticatorRecord authRecord = new AuthenticatorRecord(); authRecord.AAID = new String(tags.getTags().get(TagsEnum.TAG_AAID.id).value); authRecord.KeyID = // new String(tags.getTags().get( // TagsEnum.TAG_KEYID.id).value); Base64.encodeBase64URLSafeString(tags.getTags().get(TagsEnum.TAG_KEYID.id).value); record.authenticator = authRecord; record.PublicKey = Base64.encodeBase64URLSafeString(tags.getTags().get(TagsEnum.TAG_PUB_KEY.id).value); record.AuthenticatorVersion = getAuthenticatorVersion(tags); String fc = Base64.encodeBase64URLSafeString(tags.getTags().get(TagsEnum.TAG_FINAL_CHALLENGE.id).value); logger.log(Level.INFO, "FC: " + fc); if (record.status == null) { record.status = "SUCCESS"; } } catch (Exception e) { record.status = "ASSERTIONS_CHECK_FAILED"; logger.log(Level.INFO, "Fail to parse assertion: " + authenticatorRegistrationAssertion.assertion, e); } return record; }
From source file:org.ebayopensource.fido.uaf.ops.RegistrationResponseProcessing.java
private void verifyAttestationSignature(Tags tags, RegistrationRecord record) throws NoSuchAlgorithmException, IOException, Exception { byte[] certBytes = tags.getTags().get(TagsEnum.TAG_ATTESTATION_CERT.id).value; record.attestCert = Base64.encodeBase64URLSafeString(certBytes); Tag krd = tags.getTags().get(TagsEnum.TAG_UAFV1_KRD.id); Tag signature = tags.getTags().get(TagsEnum.TAG_SIGNATURE.id); byte[] signedBytes = new byte[krd.value.length + 4]; System.arraycopy(UnsignedUtil.encodeInt(krd.id), 0, signedBytes, 0, 2); System.arraycopy(UnsignedUtil.encodeInt(krd.length), 0, signedBytes, 2, 2); System.arraycopy(krd.value, 0, signedBytes, 4, krd.value.length); record.attestDataToSign = Base64.encodeBase64URLSafeString(signedBytes); record.attestSignature = Base64.encodeBase64URLSafeString(signature.value); record.attestVerifiedStatus = "FAILED_VALIDATION_ATTEMPT"; if (certificateValidator.validate(certBytes, signedBytes, signature.value)) { record.attestVerifiedStatus = "VALID"; } else {/*from ww w . ja v a2 s.com*/ record.attestVerifiedStatus = "NOT_VERIFIED"; } }
From source file:org.ebayopensource.fido.uaf.ri.client.AuthenticationRequestProcessing.java
public AuthenticationResponse processRequest(AuthenticationRequest request) { AuthenticationResponse response = new AuthenticationResponse(); Gson gson = new Gson(); setAppId(request, response);/*from w w w . j av a2s. c o m*/ response.header = new OperationHeader(); response.header.serverData = request.header.serverData; response.header.op = request.header.op; response.header.upv = request.header.upv; FinalChallengeParams fcParams = new FinalChallengeParams(); fcParams.appID = Constants.APP_ID; fcParams.facetID = Constants.FACET_ID; fcParams.challenge = request.challenge; response.fcParams = Base64.encodeBase64URLSafeString(gson.toJson(fcParams).getBytes()); setAssertions(response); return response; }
From source file:org.ebayopensource.fido.uaf.ri.client.RegistrationRequestProcessing.java
public RegistrationResponse processRequest(RegistrationRequest regRequest) { RegistrationResponse response = new RegistrationResponse(); Gson gson = new Gson(); int[] errCodes = validate(regRequest); if (errCodes != null) { return setValidationError(response, errCodes); }//w ww . jav a2 s. co m setAppId(regRequest, response); response.header = new OperationHeader(); response.header.serverData = regRequest.header.serverData; response.header.op = regRequest.header.op; response.header.upv = regRequest.header.upv; FinalChallengeParams fcParams = new FinalChallengeParams(); fcParams.appID = regRequest.header.appID; fcParams.facetID = Constants.FACET_ID; fcParams.challenge = regRequest.challenge; response.fcParams = Base64.encodeBase64URLSafeString(gson.toJson(fcParams).getBytes()); setAssertions(response); return response; }
From source file:org.ebayopensource.fido.uaf.tlv.Tag.java
public String toString() { String ret = "Tag id:" + id; ret = ret + " Tag name: " + TagsEnum.get(id); if (value != null) { ret = ret + " Tag value:" + Base64.encodeBase64URLSafeString(value); }//from ww w.ja va2 s . c om return ret; }
From source file:org.ebayopensource.fidouaf.res.util.NotaryImpl.java
public String sign(String signData) { try {/* w w w .jav a 2 s . c om*/ return Base64.encodeBase64URLSafeString(HMAC.sign(signData, hmacSecret)); } catch (Exception e) { logger.info(e.toString()); } return null; }
From source file:org.echocat.marquardt.authority.AuthorityIntegrationTest.java
private void doPost(final String url, final Object content) throws Exception { final byte[] bytes; try (final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) { _objectMapper.writeValue(byteArrayOutputStream, content); byteArrayOutputStream.flush();//from w w w . j a va 2s .c o m bytes = byteArrayOutputStream.toByteArray(); } final URI urlToPost = new URI(url); final ClientHttpRequest request = new OkHttpClientHttpRequestFactory().createRequest(urlToPost, HttpMethod.POST); request.getHeaders().add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); request.getHeaders().add(X_CERTIFICATE.getHeaderName(), Base64.encodeBase64URLSafeString(CERTIFICATE)); request.getBody().write(bytes); final ClientHttpResponse response = request.execute(); _status = response.getStatusCode().value(); try (final InputStream inputStream = response.getBody()) { try (final InputStreamReader inputStreamReader = new InputStreamReader(inputStream, Charsets.UTF_8)) { _response = CharStreams.toString(inputStreamReader); } } }
From source file:org.eclipse.che.vfs.impl.fs.FSMountPoint.java
String pathToId(Path path) { try {/*from ww w . j a v a 2 s .co m*/ return Base64.encodeBase64URLSafeString( (workspaceId + ':' + (path.isRoot() ? "root" : path.toString())).getBytes("UTF-8")); } catch (UnsupportedEncodingException e) { // Should never happen. throw new IllegalStateException(e.getMessage(), e); } }