List of usage examples for org.bouncycastle.crypto.signers RSADigestSigner init
public void init(boolean forSigning, CipherParameters parameters)
From source file:org.cryptacular.util.KeyPairUtil.java
License:Open Source License
/** * Determines whether the given RSA public and private keys form a proper key * pair by computing and verifying a digital signature with the keys. * * @param pubKey RSA public key.// w ww .j a v a 2 s. co m * @param privKey RSA private key. * * @return True if the keys form a functioning keypair, false otherwise. * Errors during signature verification are treated as false. */ public static boolean isKeyPair(final RSAPublicKey pubKey, final RSAPrivateKey privKey) { final RSADigestSigner signer = new RSADigestSigner(new SHA256Digest()); signer.init(true, new RSAKeyParameters(true, privKey.getModulus(), privKey.getPrivateExponent())); signer.update(SIGN_BYTES, 0, SIGN_BYTES.length); try { final byte[] sig = signer.generateSignature(); signer.init(false, new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent())); signer.update(SIGN_BYTES, 0, SIGN_BYTES.length); return signer.verifySignature(sig); } catch (CryptoException e) { return false; } }
From source file:org.diqube.ticket.TicketSignatureService.java
License:Open Source License
/** * Checks if a {@link Ticket} has a valid signature. * /*from ww w . j a va2 s . co m*/ * @param deserializedTicket * The result of {@link TicketUtil#deserialize(ByteBuffer)} of the serialized {@link Ticket}. * @return true if {@link Ticket} signature is valid. */ public boolean isValidTicketSignature(Pair<Ticket, byte[]> deserializedTicket) { for (RSAKeyParameters pubKey : keyManager.getPublicValidationKeys()) { RSADigestSigner signer = new RSADigestSigner(new SHA256Digest()); signer.init(false, pubKey); signer.update(deserializedTicket.getRight(), 0, deserializedTicket.getRight().length); if (signer.verifySignature(deserializedTicket.getLeft().getSignature())) return true; } return false; }
From source file:org.diqube.ticket.TicketSignatureService.java
License:Open Source License
/** * Calculates the signature of a ticket and updates the given {@link Ticket} object directly. * /* w ww .j ava 2s. co m*/ * @throws IllegalStateException * If ticket cannot be signed. */ public void signTicket(Ticket ticket) throws IllegalStateException { byte[] serialized = TicketUtil.serialize(ticket); byte[] claimBytes = TicketUtil.deserialize(ByteBuffer.wrap(serialized)).getRight(); RSAPrivateCrtKeyParameters signingKey = keyManager.getPrivateSigningKey(); if (signingKey == null) throw new IllegalStateException( "Cannot sign ticket because there is no private signing key available."); RSADigestSigner signer = new RSADigestSigner(new SHA256Digest()); signer.init(true, signingKey); signer.update(claimBytes, 0, claimBytes.length); try { byte[] signature = signer.generateSignature(); ticket.setSignature(signature); } catch (DataLengthException | CryptoException e) { throw new IllegalStateException("Cannot sign ticket", e); } }
From source file:org.nfc.eclipse.ndef.signature.SignatureVerifier.java
License:Open Source License
public Boolean verify(CertificateFormat certificateFormat, byte[] certificateBytes, SignatureType signatureType, byte[] signatureBytes, byte[] coveredBytes) throws CertificateException, NoSuchProviderException { if (Security.getProvider("BC") == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); }/*from ww w . ja v a 2 s .c o m*/ Certificate certificate = null; if (certificateFormat == CertificateFormat.X_509) { java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509", "BC"); certificate = cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); } if (signatureType == SignatureType.RSASSA_PKCS1_v1_5_WITH_SHA_1) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); SHA1Digest digest = new SHA1Digest(); RSADigestSigner rsaDigestSigner = new RSADigestSigner(digest); rsaDigestSigner.init(false, pubParameters); rsaDigestSigner.update(coveredBytes, 0, coveredBytes.length); return rsaDigestSigner.verifySignature(signatureBytes); } else if (signatureType == SignatureType.RSASSA_PSS_SHA_1) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); AsymmetricBlockCipher rsaEngine = new RSABlindedEngine(); rsaEngine.init(false, pubParameters); SHA1Digest digest = new SHA1Digest(); PSSSigner signer = new PSSSigner(rsaEngine, digest, digest.getDigestSize()); signer.init(true, pubParameters); signer.update(coveredBytes, 0, coveredBytes.length); return signer.verifySignature(signatureBytes); } else if (signatureType == SignatureType.ECDSA) { // http://en.wikipedia.org/wiki/Elliptic_Curve_DSA // http://stackoverflow.com/questions/11339788/tutorial-of-ecdsa-algorithm-to-sign-a-string // http://www.bouncycastle.org/wiki/display/JA1/Elliptic+Curve+Key+Pair+Generation+and+Key+Factories // http://java2s.com/Open-Source/Java/Security/Bouncy-Castle/org/bouncycastle/crypto/test/ECTest.java.htm /* BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); org.bouncycastle.crypto.signers.ECDSASigner signer = new org.bouncycastle.crypto.signers.ECDSASigner(); signer.init(false, pubParameters); SHA1Digest digest = new SHA1Digest(); digest.update(coveredBytes, 0, coveredBytes.length); return signer.verifySignature(signatureBytes); */ } else if (signatureType == SignatureType.DSA) { ASN1InputStream aIn = new ASN1InputStream(signatureBytes); ASN1Primitive o; try { o = aIn.readObject(); ASN1Sequence asn1Sequence = (ASN1Sequence) o; BigInteger r = DERInteger.getInstance(asn1Sequence.getObjectAt(0)).getValue(); BigInteger s = DERInteger.getInstance(asn1Sequence.getObjectAt(1)).getValue(); BCDSAPublicKey key = (BCDSAPublicKey) certificate.getPublicKey(); // DSA Domain parameters DSAParams params = key.getParams(); if (params == null) { return Boolean.FALSE; } DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG()); DSASigner signer = new DSASigner(); signer.init(false, new DSAPublicKeyParameters(key.getY(), parameters)); SHA1Digest digest = new SHA1Digest(); digest.update(coveredBytes, 0, coveredBytes.length); byte[] message = new byte[digest.getDigestSize()]; digest.doFinal(message, 0); return signer.verifySignature(message, r, s); } catch (IOException e) { return Boolean.FALSE; } } return null; }
From source file:org.nfc.eclipse.ndef.signature.SignatureVerifier.java
License:Open Source License
public boolean verifyRSASSA_PKCS1_v1_5_WITH_SHA_1(X509Certificate certificate, byte[] signature, byte[] covered) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); SHA1Digest digest = new SHA1Digest(); RSADigestSigner rsaDigestSigner = new RSADigestSigner(digest); rsaDigestSigner.init(false, pubParameters); rsaDigestSigner.update(covered, 0, covered.length); return rsaDigestSigner.verifySignature(signature); }