List of usage examples for org.bouncycastle.crypto.signers GenericSigner verifySignature
public boolean verifySignature(byte[] signature)
From source file:net.wstech2.me.httpsclient.CertificateValidatorUtils.java
License:Apache License
/** * //from w ww . jav a2 s . c o m * Inspected and display various informations from the Certificate passed as * parameter. Keys are presented in HEX values and ASN1 structures dumped * using ASN1Dump.dumpAsString. * * This method is intended for debug purposes only. * * * @param cert * The X509CertificateStructure to be inspected. * */ public static void dumpCertificateInfo(org.bouncycastle.asn1.x509.Certificate cert) { boolean valid = false; TBSCertificate tbs = cert.getTBSCertificate(); RSAEngine engine = new RSAEngine(); SHA1Digest digest = new SHA1Digest(); GenericSigner signer = new GenericSigner((engine), digest); RSAPublicKey signingKey; try { signingKey = RSAPublicKey.getInstance(cert.getSubjectPublicKeyInfo().parsePublicKey()); HttpsConnectionUtils.logDebug("Public Key:[[" + cert.getSubjectPublicKeyInfo().parsePublicKey() + "]]"); RSAKeyParameters keySpec = new RSAKeyParameters(false, signingKey.getModulus(), signingKey.getPublicExponent()); signer.init(false, keySpec); HttpsConnectionUtils.logDebug("TBS DER object:[[" + tbs.getEncoded("DER") + "]]"); signer.update(tbs.getEncoded(), 0, tbs.getEncoded().length); valid = signer.verifySignature(cert.getSignature().getBytes()); HttpsConnectionUtils.logDebug("signer.verifySignature:[[" + valid + "]]"); SHA1Digest d2 = new SHA1Digest(); d2.update(tbs.getEncoded("DER"), 0, tbs.getEncoded("DER").length); byte[] hash = new byte[d2.getDigestSize()]; d2.doFinal(hash, 0); HttpsConnectionUtils.logDebug("tbs.getDEREncoded() HASH:[[" + new String(Hex.encode(hash)) + "]]"); DEROctetString asn1Hash = new DEROctetString(hash); HttpsConnectionUtils.logDebug( "ASN1 DEROctetString hash:[[" + new String(Hex.encode(asn1Hash.getEncoded("DER"))) + "]]"); d2 = new SHA1Digest(); d2.update(cert.getEncoded(), 0, cert.getEncoded().length); hash = new byte[d2.getDigestSize()]; d2.doFinal(hash, 0); HttpsConnectionUtils.logDebug("cert.getEncoded() HASH:[[" + new String(Hex.encode(hash)) + "]]"); byte[] signature = cert.getSignature().getBytes(); HttpsConnectionUtils .logDebug("cert.getSignature().getBytes():[[" + new String(Hex.encode(signature)) + "]]"); PKCS1Encoding engine2 = new PKCS1Encoding(new RSAEngine()); engine2.init(false, keySpec); byte[] decryptedHash = engine2.processBlock(signature, 0, signature.length); HttpsConnectionUtils.logDebug("decryptedHash:[[" + new String(Hex.encode(decryptedHash)) + "]]"); ASN1Object o = ASN1Primitive.fromByteArray(decryptedHash); HttpsConnectionUtils.logDebug( "decryptedHash.getDEREncoded():[[" + new String(Hex.encode(o.getEncoded("DER"))) + "]]"); HttpsConnectionUtils.logDebug( "ASN1Dump.dumpAsString(decryptedHash,true):[[" + ASN1Dump.dumpAsString(o, true) + "]]"); HttpsConnectionUtils.logDebug("engine.getInputBlockSize():[[" + engine2.getInputBlockSize() + "]]"); HttpsConnectionUtils.logDebug("engine.getOutputBlockSize():[[" + engine2.getOutputBlockSize() + "]]"); ASN1Sequence asn1SignSeq = (ASN1Sequence) ASN1Sequence.fromByteArray(decryptedHash); HttpsConnectionUtils .logDebug("Signature ASN1 Sequence:[[" + ASN1Dump.dumpAsString(asn1SignSeq, true) + "]]"); AlgorithmIdentifier algorithm = AlgorithmIdentifier.getInstance(asn1SignSeq.getObjectAt(0)); HttpsConnectionUtils.logDebug("AlgorithmIdentifier:[[" + ASN1Dump.dumpAsString(algorithm, true) + "]]"); DEROctetString signedHash = (DEROctetString) DEROctetString.getInstance(asn1SignSeq.getObjectAt(1)); HttpsConnectionUtils.logDebug("signedHash:[[" + ASN1Dump.dumpAsString(signedHash, true) + "]]"); } catch (Exception e) { e.printStackTrace(); } }