List of usage examples for org.bouncycastle.crypto.signers RSADigestSigner RSADigestSigner
public RSADigestSigner(Digest digest)
From source file:com.codename1.payments.GooglePlayValidator.java
/** * Create JWT token. See https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority * @param payload//from w ww . j a va 2 s . com * @return */ private String createJWT(String payload) { try { Map header = new HashMap(); header.put("alg", "RS256"); header.put("typ", "JWT"); Map claims = new HashMap(); claims.put("iss", getGoogleClientId()); claims.put("scope", "https://www.googleapis.com/auth/androidpublisher"); claims.put("aud", "https://www.googleapis.com/oauth2/v4/token"); claims.put("exp", String.valueOf(System.currentTimeMillis() / 1000l + 1800)); claims.put("iat", String.valueOf(System.currentTimeMillis() / 1000l)); String headerEnc = Base64.encodeNoNewline(Result.fromContent(header).toString().getBytes("UTF-8")) .replace('+', '-').replace('/', '_').replace("=", " "); String claimsEnc = Base64.encodeNoNewline(Result.fromContent(claims).toString().getBytes("UTF-8")) .replace('+', '-').replace('/', '_').replace("=", " "); ; String sigContent = headerEnc + "." + claimsEnc; Digest digest = new SHA256Digest(); Signer signer = new RSADigestSigner(digest); String pkey = getGooglePrivateKey(); RSAPrivateKey rpkey = getRSAPrivateKey(pkey); signer.init(true, new RSAKeyParameters(true, rpkey.getModulus(), rpkey.getPrivateExponent())); byte[] sigBytes = sigContent.getBytes("UTF-8"); signer.update(sigBytes, 0, sigBytes.length); byte[] sig = signer.generateSignature(); RSAKeyParameters kp = new RSAKeyParameters(false, rpkey.getModulus(), rpkey.getPublicExponent()); signer.init(false, kp); signer.update(sigBytes, 0, sigBytes.length); boolean res = signer.verifySignature(sig); if (!res) { throw new RuntimeException("Failed to verify signature after creating it"); } String jwt = headerEnc + "." + claimsEnc + "." + Base64.encodeNoNewline(sig).replace('+', '-').replace('/', '_').replace("=", " "); ; return jwt; } catch (Exception ex) { throw new RuntimeException(ex); } }
From source file:com.github.jinahya.rfc5849.OAuthSignatureRsaSha1Bc.java
License:Apache License
@Override byte[] get(final CipherParameters initParam, final byte[] baseBytes) throws Exception { final Signer signer = new RSADigestSigner(new SHA1Digest()); signer.init(true, initParam);/*www . jav a 2 s. c om*/ signer.update(baseBytes, 0, baseBytes.length); return signer.generateSignature(); }
From source file:com.licel.jcardsim.crypto.AsymmetricSignatureImpl.java
License:Apache License
public AsymmetricSignatureImpl(byte algorithm) { this.algorithm = algorithm; isRecovery = false;/*w w w . ja v a 2s . c om*/ switch (algorithm) { case ALG_RSA_SHA_ISO9796: engine = new ISO9796d2Signer(new RSAEngine(), new SHA1Digest()); break; case ALG_RSA_SHA_ISO9796_MR: engine = new ISO9796d2Signer(new RSAEngine(), new SHA1Digest()); isRecovery = true; break; case ALG_RSA_SHA_PKCS1: engine = new RSADigestSigner(new SHA1Digest()); break; case ALG_RSA_MD5_PKCS1: engine = new RSADigestSigner(new MD5Digest()); break; case ALG_RSA_RIPEMD160_ISO9796: engine = new ISO9796d2Signer(new RSAEngine(), new RIPEMD160Digest()); break; case ALG_RSA_RIPEMD160_PKCS1: engine = new RSADigestSigner(new RIPEMD160Digest()); break; case ALG_ECDSA_SHA: engine = new DSADigestSigner(new ECDSASigner(), new SHA1Digest()); break; } }
From source file:edu.vt.middleware.crypt.signature.RSASignature.java
License:Open Source License
/** * Creates a new RSA signature class that uses the given digest algorithm for * message digest computation.//from w w w .jav a 2 s . c om * * @param d Message digest algorithm. */ public RSASignature(final DigestAlgorithm d) { super(ALGORITHM); digest = d; signer = new RSADigestSigner(d.getDigest()); }
From source file:org.candlepin.util.X509CRLStreamWriter.java
License:Open Source License
public synchronized X509CRLStreamWriter preScan(InputStream crlToChange, CRLEntryValidator validator) throws IOException { if (locked) { throw new IllegalStateException("Cannot modify a locked stream."); }/*w ww . j av a 2 s.co m*/ if (preScanned) { throw new IllegalStateException("preScan has already been run."); } X509CRLEntryStream reaperStream = null; ASN1InputStream asn1In = null; try { reaperStream = new X509CRLEntryStream(crlToChange); try { if (!reaperStream.hasNext()) { emptyCrl = true; preScanned = true; return this; } while (reaperStream.hasNext()) { X509CRLEntryObject entry = reaperStream.next(); if (validator != null && validator.shouldDelete(entry)) { deletedEntries.add(entry.getSerialNumber()); deletedEntriesLength += entry.getEncoded().length; } } } catch (CRLException e) { throw new IOException("Could not read CRL entry", e); } /* At this point, crlToChange is at the point where the crlExtensions would * be. RFC 5280 says that "Conforming CRL issuers are REQUIRED to include * the authority key identifier (Section 5.2.1) and the CRL number (Section 5.2.3) * extensions in all CRLs issued. */ byte[] oldExtensions = null; DERObject o; asn1In = new ASN1InputStream(crlToChange); while ((o = asn1In.readObject()) != null) { if (o instanceof DERSequence) { // Now we are at the signatureAlgorithm DERSequence seq = (DERSequence) o; if (seq.getObjectAt(0) instanceof DERObjectIdentifier) { signingAlg = new AlgorithmIdentifier(seq); digestAlg = new DefaultDigestAlgorithmIdentifierFinder().find(signingAlg); try { // Build the signer this.signer = new RSADigestSigner(createDigest(digestAlg)); signer.init(true, new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent())); } catch (CryptoException e) { throw new IOException( "Could not create RSADigest signer for " + digestAlg.getAlgorithm()); } } } else if (o instanceof DERBitString) { oldSigLength = o.getDEREncoded().length; } else { if (oldExtensions != null) { throw new IllegalStateException("Already read in CRL extensions."); } oldExtensions = ((DERTaggedObject) o).getDEREncoded(); } } if (oldExtensions == null) { /* v1 CRLs (defined in RFC 1422) don't require extensions but all new * CRLs should be v2 (defined in RFC 5280). In the extremely unlikely * event that someone is working with a v1 CRL, we handle it here although * we print a warning. */ preScanned = true; newExtensions = null; extensionsDelta = 0; log.warn("The CRL you are modifying is a version 1 CRL." + " Please investigate moving to a version 2 CRL by adding the CRL Number" + " and Authority Key Identifier extensions."); return this; } newExtensions = updateExtensions(oldExtensions); extensionsDelta = (newExtensions.length - oldExtensions.length) + findHeaderBytesDelta(oldExtensions.length, newExtensions.length); } finally { if (reaperStream != null) { reaperStream.close(); } IOUtils.closeQuietly(asn1In); } preScanned = true; return this; }
From source file:org.cryptacular.util.KeyPairUtil.java
License:Open Source License
/** * Determines whether the given RSA public and private keys form a proper key * pair by computing and verifying a digital signature with the keys. * * @param pubKey RSA public key./* w ww . j a v a 2s . com*/ * @param privKey RSA private key. * * @return True if the keys form a functioning keypair, false otherwise. * Errors during signature verification are treated as false. */ public static boolean isKeyPair(final RSAPublicKey pubKey, final RSAPrivateKey privKey) { final RSADigestSigner signer = new RSADigestSigner(new SHA256Digest()); signer.init(true, new RSAKeyParameters(true, privKey.getModulus(), privKey.getPrivateExponent())); signer.update(SIGN_BYTES, 0, SIGN_BYTES.length); try { final byte[] sig = signer.generateSignature(); signer.init(false, new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent())); signer.update(SIGN_BYTES, 0, SIGN_BYTES.length); return signer.verifySignature(sig); } catch (CryptoException e) { return false; } }
From source file:org.diqube.ticket.TicketSignatureService.java
License:Open Source License
/** * Checks if a {@link Ticket} has a valid signature. * /*from w ww . j ava2 s.co m*/ * @param deserializedTicket * The result of {@link TicketUtil#deserialize(ByteBuffer)} of the serialized {@link Ticket}. * @return true if {@link Ticket} signature is valid. */ public boolean isValidTicketSignature(Pair<Ticket, byte[]> deserializedTicket) { for (RSAKeyParameters pubKey : keyManager.getPublicValidationKeys()) { RSADigestSigner signer = new RSADigestSigner(new SHA256Digest()); signer.init(false, pubKey); signer.update(deserializedTicket.getRight(), 0, deserializedTicket.getRight().length); if (signer.verifySignature(deserializedTicket.getLeft().getSignature())) return true; } return false; }
From source file:org.diqube.ticket.TicketSignatureService.java
License:Open Source License
/** * Calculates the signature of a ticket and updates the given {@link Ticket} object directly. * /*from w w w. ja v a2 s .com*/ * @throws IllegalStateException * If ticket cannot be signed. */ public void signTicket(Ticket ticket) throws IllegalStateException { byte[] serialized = TicketUtil.serialize(ticket); byte[] claimBytes = TicketUtil.deserialize(ByteBuffer.wrap(serialized)).getRight(); RSAPrivateCrtKeyParameters signingKey = keyManager.getPrivateSigningKey(); if (signingKey == null) throw new IllegalStateException( "Cannot sign ticket because there is no private signing key available."); RSADigestSigner signer = new RSADigestSigner(new SHA256Digest()); signer.init(true, signingKey); signer.update(claimBytes, 0, claimBytes.length); try { byte[] signature = signer.generateSignature(); ticket.setSignature(signature); } catch (DataLengthException | CryptoException e) { throw new IllegalStateException("Cannot sign ticket", e); } }
From source file:org.nfc.eclipse.ndef.signature.SignatureVerifier.java
License:Open Source License
public Boolean verify(CertificateFormat certificateFormat, byte[] certificateBytes, SignatureType signatureType, byte[] signatureBytes, byte[] coveredBytes) throws CertificateException, NoSuchProviderException { if (Security.getProvider("BC") == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); }//from w ww.j ava2 s . c om Certificate certificate = null; if (certificateFormat == CertificateFormat.X_509) { java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509", "BC"); certificate = cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); } if (signatureType == SignatureType.RSASSA_PKCS1_v1_5_WITH_SHA_1) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); SHA1Digest digest = new SHA1Digest(); RSADigestSigner rsaDigestSigner = new RSADigestSigner(digest); rsaDigestSigner.init(false, pubParameters); rsaDigestSigner.update(coveredBytes, 0, coveredBytes.length); return rsaDigestSigner.verifySignature(signatureBytes); } else if (signatureType == SignatureType.RSASSA_PSS_SHA_1) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); AsymmetricBlockCipher rsaEngine = new RSABlindedEngine(); rsaEngine.init(false, pubParameters); SHA1Digest digest = new SHA1Digest(); PSSSigner signer = new PSSSigner(rsaEngine, digest, digest.getDigestSize()); signer.init(true, pubParameters); signer.update(coveredBytes, 0, coveredBytes.length); return signer.verifySignature(signatureBytes); } else if (signatureType == SignatureType.ECDSA) { // http://en.wikipedia.org/wiki/Elliptic_Curve_DSA // http://stackoverflow.com/questions/11339788/tutorial-of-ecdsa-algorithm-to-sign-a-string // http://www.bouncycastle.org/wiki/display/JA1/Elliptic+Curve+Key+Pair+Generation+and+Key+Factories // http://java2s.com/Open-Source/Java/Security/Bouncy-Castle/org/bouncycastle/crypto/test/ECTest.java.htm /* BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); org.bouncycastle.crypto.signers.ECDSASigner signer = new org.bouncycastle.crypto.signers.ECDSASigner(); signer.init(false, pubParameters); SHA1Digest digest = new SHA1Digest(); digest.update(coveredBytes, 0, coveredBytes.length); return signer.verifySignature(signatureBytes); */ } else if (signatureType == SignatureType.DSA) { ASN1InputStream aIn = new ASN1InputStream(signatureBytes); ASN1Primitive o; try { o = aIn.readObject(); ASN1Sequence asn1Sequence = (ASN1Sequence) o; BigInteger r = DERInteger.getInstance(asn1Sequence.getObjectAt(0)).getValue(); BigInteger s = DERInteger.getInstance(asn1Sequence.getObjectAt(1)).getValue(); BCDSAPublicKey key = (BCDSAPublicKey) certificate.getPublicKey(); // DSA Domain parameters DSAParams params = key.getParams(); if (params == null) { return Boolean.FALSE; } DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG()); DSASigner signer = new DSASigner(); signer.init(false, new DSAPublicKeyParameters(key.getY(), parameters)); SHA1Digest digest = new SHA1Digest(); digest.update(coveredBytes, 0, coveredBytes.length); byte[] message = new byte[digest.getDigestSize()]; digest.doFinal(message, 0); return signer.verifySignature(message, r, s); } catch (IOException e) { return Boolean.FALSE; } } return null; }
From source file:org.nfc.eclipse.ndef.signature.SignatureVerifier.java
License:Open Source License
public boolean verifyRSASSA_PKCS1_v1_5_WITH_SHA_1(X509Certificate certificate, byte[] signature, byte[] covered) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); SHA1Digest digest = new SHA1Digest(); RSADigestSigner rsaDigestSigner = new RSADigestSigner(digest); rsaDigestSigner.init(false, pubParameters); rsaDigestSigner.update(covered, 0, covered.length); return rsaDigestSigner.verifySignature(signature); }