Java Code Examples for java.security.Signature#verify()
The following examples show how to use
java.security.Signature#verify() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DHTPluginStorageManager.java From BiglyBT with GNU General Public License v2.0 | 7 votes |
|
public static boolean
verifyKeyBlock(
byte[] request,
byte[] signature )
{
try{
Signature verifier = Signature.getInstance("MD5withRSA" );
verifier.initVerify( key_block_public_key );
verifier.update( request );
if ( !verifier.verify( signature )){
return( false );
}
return( true );
}catch( Throwable e ){
return( false );
}
}
Example 2
| Source File: ECDSAUtil.java From web3sdk with Apache License 2.0 | 5 votes |
|
public boolean publicDecrypt(byte[] encryptContent, byte[] srcContent, PublicKey publicKey)
throws Exception {
Signature signature = Signature.getInstance("SHA1withECDSA");
signature.initVerify(publicKey);
signature.update(srcContent);
return signature.verify(encryptContent);
}
Example 3
| Source File: Graph.java From SPADE with GNU General Public License v3.0 | 5 votes |
|
public boolean verifySignature(String nonce){
try{
Signature signature = Signature.getInstance("SHA256withRSA");
String serverName = getHostName();
if(serverName != null){
String key_alias = serverName + ".server.public";
PublicKey publicKey = Kernel.getServerPublicKey(key_alias);
if(publicKey == null){
return false;
}
signature.initVerify(publicKey);
for(AbstractVertex vertex : vertexSet()){
signature.update(vertex.bigHashCodeBytes());
}
for(AbstractEdge edge : edgeSet()){
signature.update(edge.bigHashCodeBytes());
}
if(getQueryString() != null){
signature.update(getQueryString().getBytes("UTF-8"));
}
if(nonce != null){
signature.update(nonce.getBytes("UTF-8"));
}
return signature.verify(getSignature());
}else{
throw new Exception("NULL host name in graph");
}
}catch(Exception ex){
logger.log(Level.SEVERE, "Error verifying the result graph!", ex);
}
return false;
}
Example 4
| Source File: DSATest.java From java_security with MIT License | 5 votes |
|
/**
*
* @author timliu
* 说明: 用java的jdk里面相关方法实现dsa的签名及签名验证
*/
public static void jdkDSA()
{
try {
// 1.初始化密钥
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
keyPairGenerator.initialize(512);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
DSAPublicKey dsaPublicKey = (DSAPublicKey)keyPair.getPublic();
DSAPrivateKey dsaPrivateKey = (DSAPrivateKey)keyPair.getPrivate();
// 2.进行签名
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(dsaPrivateKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initSign(privateKey);
signature.update(src.getBytes());
byte[] result = signature.sign();
System.out.println("jdk dsa sign:" + Hex.encodeHexString(result) );
// 3.验证签名
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(dsaPublicKey.getEncoded());
keyFactory = KeyFactory.getInstance("DSA");
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(publicKey);
signature.update(src.getBytes());
boolean bool = signature.verify(result);
System.out.println("jdk dsa verify:" + bool);
} catch (Exception e) {
System.out.println(e.toString());
}
}
Example 5
| Source File: CryptographicUtilities.java From openemm with GNU Affero General Public License v3.0 | 5 votes |
|
public static boolean verifyData(byte[] data, PublicKey publicKey, byte[] signatureData, String signatureMethod) throws Exception {
Security.addProvider(new BouncyCastleProvider());
try {
Signature signature = Signature.getInstance(signatureMethod, "BC");
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(signatureData);
} catch (Exception e) {
throw new Exception("Cannot verify signature", e);
}
}
Example 6
| Source File: RSA.java From UAF with Apache License 2.0 | 5 votes |
|
public static boolean verifyPSS(PublicKey publicKey,
byte[] signedData, byte[] sig) throws SignatureException,
InvalidKeyException, NoSuchAlgorithmException,
NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeySpecException {
Signature signature = Signature.getInstance("SHA256withRSA/PSS", BC);
signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1",
new MGF1ParameterSpec("SHA-256"), 32, 1));
signature.initVerify(publicKey);
signature.update(signedData);
return signature.verify(sig);
}
Example 7
| Source File: X509CRLImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key,
* and that the signature verification was computed by
* the given provider.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the name of the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception NoSuchProviderException on incorrect provider.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
public synchronized void verify(PublicKey key, String sigProvider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
if (sigProvider == null) {
sigProvider = "";
}
if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
// this CRL has already been successfully verified using
// this public key. Make sure providers match, too.
if (sigProvider.equals(verifiedProvider)) {
return;
}
}
if (signedCRL == null) {
throw new CRLException("Uninitialized CRL");
}
Signature sigVerf = null;
if (sigProvider.length() == 0) {
sigVerf = Signature.getInstance(sigAlgId.getName());
} else {
sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
}
sigVerf.initVerify(key);
if (tbsCertList == null) {
throw new CRLException("Uninitialized CRL");
}
sigVerf.update(tbsCertList, 0, tbsCertList.length);
if (!sigVerf.verify(signature)) {
throw new SignatureException("Signature does not match.");
}
verifiedPublicKey = key;
verifiedProvider = sigProvider;
}
Example 8
| Source File: SolarisShortDSA.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
static boolean use(KeyPair kp) throws Exception {
Signature sig = Signature.getInstance("SHA1withDSA");
sig.initSign(kp.getPrivate());
sig.update(data);
byte[] signed = sig.sign();
Signature sig2 = Signature.getInstance("SHA1withDSA");
sig2.initVerify(kp.getPublic());
sig2.update(data);
return sig2.verify(signed);
}
Example 9
| Source File: Codec.java From XDroidMvp with MIT License | 5 votes |
|
/**
* 校验数字签名
*
* @param data 加密数据
* @param publicKey 公钥
* @param sign 数字签名
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, String publicKey, String sign)
throws Exception {
byte[] keyBytes = BASE64.decode(publicKey); // 解密由base64编码的公钥
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); // 构造X509EncodedKeySpec对象
KeyFactory keyFactory = KeyFactory.getInstance(Algorithm.RSA.getType()); // KEY_ALGORITHM 指定的加密算法
PublicKey pubKey = keyFactory.generatePublic(keySpec); // 取公钥对象
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(pubKey);
signature.update(data);
return signature.verify(BASE64.decode(sign));
}
Example 10
| Source File: TestOzoneManagerBlockToken.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
public boolean verifyTokenAsymmetric(OzoneBlockTokenIdentifier tokenId,
byte[] signature, Certificate certificate) throws InvalidKeyException,
NoSuchAlgorithmException, SignatureException {
Signature rsaSignature = Signature.getInstance("SHA256withRSA");
rsaSignature.initVerify(certificate);
rsaSignature.update(tokenId.getBytes());
boolean isValid = rsaSignature.verify(signature);
return isValid;
}
Example 11
| Source File: VerifyRangeCheckOverflow.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
keyPairGenerator.initialize(1024);
KeyPair keys = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keys.getPublic();
byte[] sigBytes = new byte[100];
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(publicKey);
try {
signature.verify(sigBytes, Integer.MAX_VALUE, 1);
} catch (IllegalArgumentException ex) {
// Expected
}
}
Example 12
| Source File: CommonUtils.java From blockchain with MIT License | 5 votes |
|
/**
* Verifies a String signature
*
* @param publicKey
* @param data
* @param signature
* @return
*/
public static boolean verifyECDSASig(PublicKey publicKey, String data, byte[] signature) {
try {
Signature ecdsaVerify = Signature.getInstance("ECDSA", "BC");
ecdsaVerify.initVerify(publicKey);
ecdsaVerify.update(data.getBytes());
return ecdsaVerify.verify(signature);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example 13
| Source File: X509V2AttributeCertificate.java From RipplePower with Apache License 2.0 | 5 votes |
|
public final void verify(
PublicKey key,
String provider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException
{
Signature signature = null;
if (!cert.getSignatureAlgorithm().equals(cert.getAcinfo().getSignature()))
{
throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
}
signature = Signature.getInstance(cert.getSignatureAlgorithm().getObjectId().getId(), provider);
signature.initVerify(key);
try
{
signature.update(cert.getAcinfo().getEncoded());
}
catch (IOException e)
{
throw new SignatureException("Exception encoding certificate info object");
}
if (!signature.verify(this.getSignature()))
{
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
Example 14
| Source File: DefaultCryptoService.java From knox with Apache License 2.0 | 5 votes |
|
@Override
public boolean verify(String algorithm, String signed, byte[] signature) {
boolean verified = false;
try {
Signature sig=Signature.getInstance(algorithm);
sig.initVerify(ks.getCertificateForGateway().getPublicKey());
sig.update(signed.getBytes(StandardCharsets.UTF_8));
verified = sig.verify(signature);
} catch (SignatureException | KeystoreServiceException | InvalidKeyException | NoSuchAlgorithmException | KeyStoreException e) {
LOG.failedToVerifySignature( e );
}
LOG.signatureVerified( verified );
return verified;
}
Example 15
| Source File: KeyVerificator.java From ramus with GNU General Public License v3.0 | 5 votes |
|
public boolean verify() throws NoSuchAlgorithmException,
NoSuchProviderException, InvalidKeySpecException,
InvalidKeyException, SignatureException {
final X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
final KeyFactory keyFactory = KeyFactory.getInstance("DSA", "SUN");
final PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
final byte[] sigToVerify = sign;
final Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
sig.initVerify(pubKey);
sig.update(data, 0, data.length);
final boolean verifies = sig.verify(sigToVerify);
return verifies;
}
Example 16
| Source File: VerifyRangeCheckOverflow.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
keyPairGenerator.initialize(1024);
KeyPair keys = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keys.getPublic();
byte[] sigBytes = new byte[100];
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(publicKey);
try {
signature.verify(sigBytes, Integer.MAX_VALUE, 1);
} catch (IllegalArgumentException ex) {
// Expected
}
}
Example 17
| Source File: X509CRLImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key,
* and that the signature verification was computed by
* the given provider. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
public synchronized void verify(PublicKey key, Provider sigProvider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
SignatureException {
if (signedCRL == null) {
throw new CRLException("Uninitialized CRL");
}
Signature sigVerf = null;
if (sigProvider == null) {
sigVerf = Signature.getInstance(sigAlgId.getName());
} else {
sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
}
sigVerf.initVerify(key);
if (tbsCertList == null) {
throw new CRLException("Uninitialized CRL");
}
sigVerf.update(tbsCertList, 0, tbsCertList.length);
if (!sigVerf.verify(signature)) {
throw new SignatureException("Signature does not match.");
}
verifiedPublicKey = key;
}
Example 18
| Source File: ToolCertificate.java From protools with Apache License 2.0 | 4 votes |
|
/**
* 验证签名
*
* @param data
* 数据
* @param sign
* 签名
* @param certificatePath
* 证书路径
*
* @return boolean 验证通过为真
*
* @throws Exception
*/
public static boolean verify(byte[] data, byte[] sign, String certificatePath) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateException, IOException {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 由证书构建签名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
// 由证书初始化签名,实际上是使用了证书中的公钥
signature.initVerify(x509Certificate);
signature.update(data);
return signature.verify(sign);
}
Example 19
| Source File: DockerCLI.java From yet-another-docker-plugin with MIT License | 4 votes |
|
private Channel connectViaCliPort(URL jenkins, CliPort cliPort) throws IOException {
LOG.debug("Trying to connect directly via TCP/IP to {}", cliPort.endpoint);
final Socket s = new Socket();
// this prevents a connection from silently terminated by the router in between or the other peer
// and that goes without unnoticed. However, the time out is often very long (for example 2 hours
// by default in Linux) that this alone is enough to prevent that.
s.setKeepAlive(true);
// we take care of buffering on our own
s.setTcpNoDelay(true);
s.connect(cliPort.endpoint, 3000);
OutputStream out = SocketChannelStream.out(s);
closables.add(s::close);
Connection c = new Connection(SocketChannelStream.in(s), out);
DataInputStream dis = new DataInputStream(s.getInputStream());
DataOutputStream dos = new DataOutputStream(s.getOutputStream());
dos.writeUTF("Protocol:CLI2-connect");
String greeting = dis.readUTF();
if (!greeting.equals("Welcome")) {
throw new IOException("Handshaking failed: " + greeting);
}
try {
byte[] secret = c.diffieHellman(false).generateSecret();
SecretKey sessionKey = new SecretKeySpec(Connection.fold(secret, 128 / 8), "AES");
c = c.encryptConnection(sessionKey, "AES/CFB8/NoPadding");
// validate the instance identity, so that we can be sure that we are talking to the same server
// and there's no one in the middle.
byte[] signature = c.readByteArray();
if (cliPort.identity != null) {
Signature verifier = Signature.getInstance("SHA1withRSA");
verifier.initVerify(cliPort.getIdentity());
verifier.update(secret);
if (!verifier.verify(signature))
throw new IOException("Server identity signature validation failed.");
}
} catch (GeneralSecurityException e) {
throw (IOException) new IOException("Failed to negotiate transport security").initCause(e);
}
final Channel channel = new ChannelBuilder("CLI connection to " + jenkins, pool)
.withMode(Channel.Mode.BINARY)
.withBaseLoader(null)
.withArbitraryCallableAllowed(true)
.withRemoteClassLoadingAllowed(true)
.build(new BufferedInputStream(c.in), new BufferedOutputStream(c.out));
LOG.trace("Returning channel: {}.", channel);
return channel;
// return new Channel(
// "CLI connection to " + jenkins, // name
// pool, //exec
// Channel.Mode.BINARY,
// new BufferedInputStream(c.in),
// new BufferedOutputStream(c.out),
// null,
// false,
// null
// );
}
Example 20
| Source File: BasicAndroidKeyStoreFragment.java From android-BasicAndroidKeyStore with Apache License 2.0 | 4 votes |
|
/**
* Given some data and a signature, uses the key pair stored in the Android Key Store to verify
* that the data was signed by this application, using that key pair.
* @param input The data to be verified.
* @param signatureStr The signature provided for the data.
* @return A boolean value telling you whether the signature is valid or not.
*/
public boolean verifyData(String input, String signatureStr) throws KeyStoreException,
CertificateException, NoSuchAlgorithmException, IOException,
UnrecoverableEntryException, InvalidKeyException, SignatureException {
byte[] data = input.getBytes();
byte[] signature;
// BEGIN_INCLUDE(decode_signature)
// Make sure the signature string exists. If not, bail out, nothing to do.
if (signatureStr == null) {
Log.w(TAG, "Invalid signature.");
Log.w(TAG, "Exiting verifyData()...");
return false;
}
try {
// The signature is going to be examined as a byte array,
// not as a base64 encoded string.
signature = Base64.decode(signatureStr, Base64.DEFAULT);
} catch (IllegalArgumentException e) {
// signatureStr wasn't null, but might not have been encoded properly.
// It's not a valid Base64 string.
return false;
}
// END_INCLUDE(decode_signature)
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
// Weird artifact of Java API. If you don't have an InputStream to load, you still need
// to call "load", or it'll crash.
ks.load(null);
// Load the key pair from the Android Key Store
KeyStore.Entry entry = ks.getEntry(mAlias, null);
if (entry == null) {
Log.w(TAG, "No key found under alias: " + mAlias);
Log.w(TAG, "Exiting verifyData()...");
return false;
}
if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
Log.w(TAG, "Not an instance of a PrivateKeyEntry");
return false;
}
// This class doesn't actually represent the signature,
// just the engine for creating/verifying signatures, using
// the specified algorithm.
Signature s = Signature.getInstance(SecurityConstants.SIGNATURE_SHA256withRSA);
// BEGIN_INCLUDE(verify_data)
// Verify the data.
s.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
s.update(data);
return s.verify(signature);
// END_INCLUDE(verify_data)
}
