Java Code Examples for java.security.Signature#verify()

The following examples show how to use java.security.Signature#verify() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DHTPluginStorageManager.java    From BiglyBT with GNU General Public License v2.0 7 votes vote down vote up
public static boolean
verifyKeyBlock(
	byte[]		request,
	byte[]		signature )
{
	try{
		Signature	verifier = Signature.getInstance("MD5withRSA" );

		verifier.initVerify( key_block_public_key );

		verifier.update( request );

		if ( !verifier.verify( signature )){

			return( false );
		}

		return( true );

	}catch( Throwable e ){

		return( false );
	}
}
 
Example 2
Source File: ECDSAUtil.java    From web3sdk with Apache License 2.0 5 votes vote down vote up
public boolean publicDecrypt(byte[] encryptContent, byte[] srcContent, PublicKey publicKey)
        throws Exception {
    Signature signature = Signature.getInstance("SHA1withECDSA");
    signature.initVerify(publicKey);
    signature.update(srcContent);
    return signature.verify(encryptContent);
}
 
Example 3
Source File: Graph.java    From SPADE with GNU General Public License v3.0 5 votes vote down vote up
public boolean verifySignature(String nonce){
	try{
		Signature signature = Signature.getInstance("SHA256withRSA");
		String serverName = getHostName();
		if(serverName != null){
			String key_alias = serverName + ".server.public";
			PublicKey publicKey = Kernel.getServerPublicKey(key_alias);
			if(publicKey == null){
				return false;
			}
			signature.initVerify(publicKey);

			for(AbstractVertex vertex : vertexSet()){
				signature.update(vertex.bigHashCodeBytes());
			}
			for(AbstractEdge edge : edgeSet()){
				signature.update(edge.bigHashCodeBytes());
			}
			if(getQueryString() != null){
				signature.update(getQueryString().getBytes("UTF-8"));
			}
			if(nonce != null){
				signature.update(nonce.getBytes("UTF-8"));
			}

			return signature.verify(getSignature());
		}else{
			throw new Exception("NULL host name in graph");
		}
	}catch(Exception ex){
		logger.log(Level.SEVERE, "Error verifying the result graph!", ex);
	}
	return false;
}
 
Example 4
Source File: DSATest.java    From java_security with MIT License 5 votes vote down vote up
/**
 * 
 * @author timliu
 * 说明: 用java的jdk里面相关方法实现dsa的签名及签名验证
 */
public static void jdkDSA()
{
	try {
		// 1.初始化密钥
		KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
		keyPairGenerator.initialize(512);
		KeyPair keyPair = keyPairGenerator.generateKeyPair();
		DSAPublicKey dsaPublicKey = (DSAPublicKey)keyPair.getPublic();
		DSAPrivateKey dsaPrivateKey = (DSAPrivateKey)keyPair.getPrivate();
		
		// 2.进行签名
		PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(dsaPrivateKey.getEncoded());
		KeyFactory keyFactory = KeyFactory.getInstance("DSA");
		PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
		Signature signature = Signature.getInstance("SHA1withDSA");
		signature.initSign(privateKey);
		signature.update(src.getBytes());
		byte[] result = signature.sign();
		System.out.println("jdk dsa sign:" + Hex.encodeHexString(result) );
		
		// 3.验证签名
		X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(dsaPublicKey.getEncoded());
		keyFactory = KeyFactory.getInstance("DSA");
		PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
		signature = Signature.getInstance("SHA1withDSA");
		signature.initVerify(publicKey);
		signature.update(src.getBytes());
		boolean bool = signature.verify(result);
		System.out.println("jdk dsa verify:" + bool);
	} catch (Exception e) {
		System.out.println(e.toString());
	}
	
}
 
Example 5
Source File: CryptographicUtilities.java    From openemm with GNU Affero General Public License v3.0 5 votes vote down vote up
public static boolean verifyData(byte[] data, PublicKey publicKey, byte[] signatureData, String signatureMethod) throws Exception {
	Security.addProvider(new BouncyCastleProvider());

	try {
		Signature signature = Signature.getInstance(signatureMethod, "BC");
		signature.initVerify(publicKey);
		signature.update(data);
		return signature.verify(signatureData);
	} catch (Exception e) {
		throw new Exception("Cannot verify signature", e);
	}
}
 
Example 6
Source File: RSA.java    From UAF with Apache License 2.0 5 votes vote down vote up
public static boolean verifyPSS(PublicKey publicKey,
		byte[] signedData, byte[] sig) throws SignatureException,
		InvalidKeyException, NoSuchAlgorithmException,
		NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeySpecException {
	Signature signature = Signature.getInstance("SHA256withRSA/PSS", BC);
	signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1",
			new MGF1ParameterSpec("SHA-256"), 32, 1));
	signature.initVerify(publicKey);
	signature.update(signedData);
	return signature.verify(sig);
}
 
Example 7
Source File: X509CRLImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the name of the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception NoSuchProviderException on incorrect provider.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, String sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        NoSuchProviderException, SignatureException {

    if (sigProvider == null) {
        sigProvider = "";
    }
    if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
        // this CRL has already been successfully verified using
        // this public key. Make sure providers match, too.
        if (sigProvider.equals(verifiedProvider)) {
            return;
        }
    }
    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature   sigVerf = null;
    if (sigProvider.length() == 0) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
    verifiedProvider = sigProvider;
}
 
Example 8
Source File: SolarisShortDSA.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
static boolean use(KeyPair kp) throws Exception {
     Signature sig = Signature.getInstance("SHA1withDSA");
     sig.initSign(kp.getPrivate());
     sig.update(data);
     byte[] signed = sig.sign();
     Signature sig2 = Signature.getInstance("SHA1withDSA");
     sig2.initVerify(kp.getPublic());
     sig2.update(data);
     return sig2.verify(signed);
}
 
Example 9
Source File: Codec.java    From XDroidMvp with MIT License 5 votes vote down vote up
/**
 * 校验数字签名
 *
 * @param data      加密数据
 * @param publicKey 公钥
 * @param sign      数字签名
 * @return
 * @throws Exception
 */
public static boolean verify(byte[] data, String publicKey, String sign)
        throws Exception {

    byte[] keyBytes = BASE64.decode(publicKey); // 解密由base64编码的公钥
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);  // 构造X509EncodedKeySpec对象
    KeyFactory keyFactory = KeyFactory.getInstance(Algorithm.RSA.getType());  // KEY_ALGORITHM 指定的加密算法
    PublicKey pubKey = keyFactory.generatePublic(keySpec);   // 取公钥对象

    Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
    signature.initVerify(pubKey);
    signature.update(data);

    return signature.verify(BASE64.decode(sign));
}
 
Example 10
Source File: TestOzoneManagerBlockToken.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
public boolean verifyTokenAsymmetric(OzoneBlockTokenIdentifier tokenId,
    byte[] signature, Certificate certificate) throws InvalidKeyException,
    NoSuchAlgorithmException, SignatureException {
  Signature rsaSignature = Signature.getInstance("SHA256withRSA");
  rsaSignature.initVerify(certificate);
  rsaSignature.update(tokenId.getBytes());
  boolean isValid = rsaSignature.verify(signature);
  return isValid;
}
 
Example 11
Source File: VerifyRangeCheckOverflow.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
    keyPairGenerator.initialize(1024);
    KeyPair keys = keyPairGenerator.generateKeyPair();
    PublicKey publicKey = keys.getPublic();
    byte[] sigBytes = new byte[100];

    Signature signature = Signature.getInstance("SHA1withDSA");
    signature.initVerify(publicKey);
    try {
        signature.verify(sigBytes, Integer.MAX_VALUE, 1);
    } catch (IllegalArgumentException ex) {
        // Expected
    }
}
 
Example 12
Source File: CommonUtils.java    From blockchain with MIT License 5 votes vote down vote up
/**
 * Verifies a String signature
 * 
 * @param publicKey
 * @param data
 * @param signature
 * @return
 */
public static boolean verifyECDSASig(PublicKey publicKey, String data, byte[] signature) {
	try {
		Signature ecdsaVerify = Signature.getInstance("ECDSA", "BC");
		ecdsaVerify.initVerify(publicKey);
		ecdsaVerify.update(data.getBytes());
		return ecdsaVerify.verify(signature);
	} catch (Exception e) {
		throw new RuntimeException(e);
	}
}
 
Example 13
Source File: X509V2AttributeCertificate.java    From RipplePower with Apache License 2.0 5 votes vote down vote up
public final void verify(
        PublicKey   key,
        String      provider)
        throws CertificateException, NoSuchAlgorithmException,
        InvalidKeyException, NoSuchProviderException, SignatureException
{
    Signature   signature = null;

    if (!cert.getSignatureAlgorithm().equals(cert.getAcinfo().getSignature()))
    {
        throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
    }

    signature = Signature.getInstance(cert.getSignatureAlgorithm().getObjectId().getId(), provider);

    signature.initVerify(key);

    try
    {
        signature.update(cert.getAcinfo().getEncoded());
    }
    catch (IOException e)
    {
        throw new SignatureException("Exception encoding certificate info object");
    }

    if (!signature.verify(this.getSignature()))
    {
        throw new InvalidKeyException("Public key presented not for certificate signature");
    }
}
 
Example 14
Source File: DefaultCryptoService.java    From knox with Apache License 2.0 5 votes vote down vote up
@Override
public boolean verify(String algorithm, String signed, byte[] signature) {
  boolean verified = false;
  try {
    Signature sig=Signature.getInstance(algorithm);
    sig.initVerify(ks.getCertificateForGateway().getPublicKey());
    sig.update(signed.getBytes(StandardCharsets.UTF_8));
    verified = sig.verify(signature);
  } catch (SignatureException | KeystoreServiceException | InvalidKeyException | NoSuchAlgorithmException | KeyStoreException e) {
    LOG.failedToVerifySignature( e );
  }
  LOG.signatureVerified( verified );
  return verified;
}
 
Example 15
Source File: KeyVerificator.java    From ramus with GNU General Public License v3.0 5 votes vote down vote up
public boolean verify() throws NoSuchAlgorithmException,
        NoSuchProviderException, InvalidKeySpecException,
        InvalidKeyException, SignatureException {
    final X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
    final KeyFactory keyFactory = KeyFactory.getInstance("DSA", "SUN");
    final PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
    final byte[] sigToVerify = sign;
    final Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
    sig.initVerify(pubKey);
    sig.update(data, 0, data.length);
    final boolean verifies = sig.verify(sigToVerify);
    return verifies;
}
 
Example 16
Source File: VerifyRangeCheckOverflow.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
    keyPairGenerator.initialize(1024);
    KeyPair keys = keyPairGenerator.generateKeyPair();
    PublicKey publicKey = keys.getPublic();
    byte[] sigBytes = new byte[100];

    Signature signature = Signature.getInstance("SHA1withDSA");
    signature.initVerify(publicKey);
    try {
        signature.verify(sigBytes, Integer.MAX_VALUE, 1);
    } catch (IllegalArgumentException ex) {
        // Expected
    }
}
 
Example 17
Source File: X509CRLImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider. Note that the specified Provider object
 * does not have to be registered in the provider list.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, Provider sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        SignatureException {

    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature sigVerf = null;
    if (sigProvider == null) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
}
 
Example 18
Source File: ToolCertificate.java    From protools with Apache License 2.0 4 votes vote down vote up
/**
 * 验证签名
 *
 * @param data
 *         数据
 * @param sign
 *         签名
 * @param certificatePath
 *         证书路径
 *
 * @return boolean 验证通过为真
 *
 * @throws Exception
 */
public static boolean verify(byte[] data, byte[] sign, String certificatePath) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateException, IOException {

    // 获得证书
    X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);

    // 由证书构建签名
    Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());

    // 由证书初始化签名,实际上是使用了证书中的公钥
    signature.initVerify(x509Certificate);

    signature.update(data);

    return signature.verify(sign);

}
 
Example 19
Source File: DockerCLI.java    From yet-another-docker-plugin with MIT License 4 votes vote down vote up
private Channel connectViaCliPort(URL jenkins, CliPort cliPort) throws IOException {
        LOG.debug("Trying to connect directly via TCP/IP to {}", cliPort.endpoint);
        final Socket s = new Socket();
        // this prevents a connection from silently terminated by the router in between or the other peer
        // and that goes without unnoticed. However, the time out is often very long (for example 2 hours
        // by default in Linux) that this alone is enough to prevent that.
        s.setKeepAlive(true);
        // we take care of buffering on our own
        s.setTcpNoDelay(true);

        s.connect(cliPort.endpoint, 3000);
        OutputStream out = SocketChannelStream.out(s);

        closables.add(s::close);

        Connection c = new Connection(SocketChannelStream.in(s), out);

        DataInputStream dis = new DataInputStream(s.getInputStream());
        DataOutputStream dos = new DataOutputStream(s.getOutputStream());
        dos.writeUTF("Protocol:CLI2-connect");
        String greeting = dis.readUTF();
        if (!greeting.equals("Welcome")) {
            throw new IOException("Handshaking failed: " + greeting);
        }

        try {
            byte[] secret = c.diffieHellman(false).generateSecret();
            SecretKey sessionKey = new SecretKeySpec(Connection.fold(secret, 128 / 8), "AES");
            c = c.encryptConnection(sessionKey, "AES/CFB8/NoPadding");

            // validate the instance identity, so that we can be sure that we are talking to the same server
            // and there's no one in the middle.
            byte[] signature = c.readByteArray();

            if (cliPort.identity != null) {
                Signature verifier = Signature.getInstance("SHA1withRSA");
                verifier.initVerify(cliPort.getIdentity());
                verifier.update(secret);
                if (!verifier.verify(signature))
                    throw new IOException("Server identity signature validation failed.");
            }
        } catch (GeneralSecurityException e) {
            throw (IOException) new IOException("Failed to negotiate transport security").initCause(e);
        }

        final Channel channel = new ChannelBuilder("CLI connection to " + jenkins, pool)
                .withMode(Channel.Mode.BINARY)
                .withBaseLoader(null)
                .withArbitraryCallableAllowed(true)
                .withRemoteClassLoadingAllowed(true)
                .build(new BufferedInputStream(c.in), new BufferedOutputStream(c.out));

        LOG.trace("Returning channel: {}.", channel);

        return channel;

//        return new Channel(
//                "CLI connection to " + jenkins,  // name
//                pool, //exec
//                Channel.Mode.BINARY,
//                new BufferedInputStream(c.in),
//                new BufferedOutputStream(c.out),
//                null,
//                false,
//                null
//        );
    }
 
Example 20
Source File: BasicAndroidKeyStoreFragment.java    From android-BasicAndroidKeyStore with Apache License 2.0 4 votes vote down vote up
/**
 * Given some data and a signature, uses the key pair stored in the Android Key Store to verify
 * that the data was signed by this application, using that key pair.
 * @param input The data to be verified.
 * @param signatureStr The signature provided for the data.
 * @return A boolean value telling you whether the signature is valid or not.
 */
public boolean verifyData(String input, String signatureStr) throws KeyStoreException,
        CertificateException, NoSuchAlgorithmException, IOException,
        UnrecoverableEntryException, InvalidKeyException, SignatureException {
    byte[] data = input.getBytes();
    byte[] signature;
    // BEGIN_INCLUDE(decode_signature)

    // Make sure the signature string exists.  If not, bail out, nothing to do.

    if (signatureStr == null) {
        Log.w(TAG, "Invalid signature.");
        Log.w(TAG, "Exiting verifyData()...");
        return false;
    }

    try {
        // The signature is going to be examined as a byte array,
        // not as a base64 encoded string.
        signature = Base64.decode(signatureStr, Base64.DEFAULT);
    } catch (IllegalArgumentException e) {
        // signatureStr wasn't null, but might not have been encoded properly.
        // It's not a valid Base64 string.
        return false;
    }
    // END_INCLUDE(decode_signature)

    KeyStore ks = KeyStore.getInstance("AndroidKeyStore");

    // Weird artifact of Java API.  If you don't have an InputStream to load, you still need
    // to call "load", or it'll crash.
    ks.load(null);

    // Load the key pair from the Android Key Store
    KeyStore.Entry entry = ks.getEntry(mAlias, null);

    if (entry == null) {
        Log.w(TAG, "No key found under alias: " + mAlias);
        Log.w(TAG, "Exiting verifyData()...");
        return false;
    }

    if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
        Log.w(TAG, "Not an instance of a PrivateKeyEntry");
        return false;
    }

    // This class doesn't actually represent the signature,
    // just the engine for creating/verifying signatures, using
    // the specified algorithm.
    Signature s = Signature.getInstance(SecurityConstants.SIGNATURE_SHA256withRSA);

    // BEGIN_INCLUDE(verify_data)
    // Verify the data.
    s.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
    s.update(data);
    return s.verify(signature);
    // END_INCLUDE(verify_data)
}