Example usage for java.security.cert X509Certificate getPublicKey

Introduction

In this page you can find the example usage for java.security.cert X509Certificate getPublicKey.

Prototype

public abstract PublicKey getPublicKey();

Source Link

Document

Gets the public key from this certificate.

Usage

From source file:org.xdi.oxauth.model.util.JwtUtil.java

public static boolean verifySignatureES384(byte[] signingInput, byte[] sigBytes, X509Certificate cert)
        throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
    PublicKey publicKey = cert.getPublicKey();

    Signature signature = Signature.getInstance("SHA384WITHECDSA", "BC");
    signature.initVerify(publicKey);/*from   w ww.j a v  a 2  s  .  c  o m*/
    signature.update(signingInput);
    return signature.verify(sigBytes);
}

From source file:org.xdi.oxauth.model.util.JwtUtil.java

public static boolean verifySignatureES512(byte[] signingInput, byte[] sigBytes, X509Certificate cert)
        throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
    PublicKey publicKey = cert.getPublicKey();

    Signature signature = Signature.getInstance("SHA512WITHECDSA", "BC");
    signature.initVerify(publicKey);/*from  w  ww . j  av a  2s .  c o m*/
    signature.update(signingInput);
    return signature.verify(sigBytes);
}

From source file:org.zuinnote.hadoop.office.format.common.util.CertificateChainVerificationUtil.java

private static boolean isSelfSigned(X509Certificate certificate)
        throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
    try {//from   w w w  .  j a  v a  2s  . c  om
        PublicKey pubKey = certificate.getPublicKey();
        certificate.verify(pubKey);
        return true;
    } catch (SignatureException | InvalidKeyException e) {
        return false;
    }

}

From source file:ru.codeinside.gws.crypto.cryptopro.CryptoProvider.java

private static ValidateResult validate(final Element securityToken) throws Exception {
    final X509Security x509 = new X509Security(securityToken);
    final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509")
            .generateCertificate(new ByteArrayInputStream(x509.getToken()));
    if (cert == null) {
        return new ValidateResult("?  c ?", null);
    }/*from  w ww . j a  v a 2  s. c  om*/
    try {
        cert.checkValidity();
    } catch (CertificateException e) {
        return new ValidateResult(" ?  ?", cert);
    }
    final Element signature = first(securityToken.getParentNode(), Constants.SignatureSpecNS, "Signature");
    if (signature == null) {
        return new ValidateResult("?  ? ?", cert);
    }
    final DOMValidateContext ctx = new DOMValidateContext(cert.getPublicKey(), signature);
    fixWsuId(securityToken.getOwnerDocument(), ctx, new HashSet<String>());
    final boolean valid = SIGNATURE_FACTORY.unmarshalXMLSignature(ctx).validate(ctx);
    return new ValidateResult(valid ? null : "?   !", cert);
}

From source file:test.be.fedict.eid.applet.PKCS11Test.java

@Test
public void testPKCS1viaPKCS11() throws Exception {
    File tmpConfigFile = File.createTempFile("pkcs11-", "conf");
    tmpConfigFile.deleteOnExit();/*from   w w  w. j  a v a  2s  . c  o  m*/
    PrintWriter configWriter = new PrintWriter(new FileOutputStream(tmpConfigFile), true);
    configWriter.println("name=SmartCard");
    configWriter.println("library=/usr/lib/libbeidpkcs11.so.0");
    configWriter.println("slotListIndex=2");

    SunPKCS11 provider = new SunPKCS11(tmpConfigFile.getAbsolutePath());
    Security.addProvider(provider);
    KeyStore keyStore = KeyStore.getInstance("PKCS11", provider);
    keyStore.load(null, null);
    PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry("Authentication", null);
    PrivateKey privateKey = privateKeyEntry.getPrivateKey();
    Signature signature = Signature.getInstance("SHA1withRSA");
    signature.initSign(privateKey);
    byte[] toBeSigned = "hello world".getBytes();
    signature.update(toBeSigned);
    byte[] signatureValue = signature.sign();

    X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate();
    RSAPublicKey publicKey = (RSAPublicKey) certificate.getPublicKey();
    BigInteger signatureValueBigInteger = new BigInteger(signatureValue);
    BigInteger messageBigInteger = signatureValueBigInteger.modPow(publicKey.getPublicExponent(),
            publicKey.getModulus());
    LOG.debug("original message: " + new String(Hex.encodeHex(messageBigInteger.toByteArray())));

    // LOG.debug("ASN.1 signature: " + ASN1Dump.dumpAsString(obj)
}

From source file:test.integ.be.fedict.commons.eid.client.BeIDCardTest.java

@Test
public void testPSSSignature() throws Exception {
    final BeIDCard beIDCard = getBeIDCard();

    final byte[] toBeSigned = new byte[10];
    final SecureRandom secureRandom = new SecureRandom();
    secureRandom.nextBytes(toBeSigned);// ww  w . j a v a  2  s. com

    final X509Certificate authnCertificate = beIDCard.getAuthenticationCertificate();

    final MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
    final byte[] digestValue = messageDigest.digest(toBeSigned);

    byte[] signatureValue;
    try {
        signatureValue = beIDCard.sign(digestValue, BeIDDigest.SHA_1_PSS, FileType.AuthentificationCertificate,
                false);
    } finally {
        beIDCard.close();
    }

    Security.addProvider(new BouncyCastleProvider());

    final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
    final boolean result = beIDIntegrity.verifySignature("SHA1withRSAandMGF1", signatureValue,
            authnCertificate.getPublicKey(), toBeSigned);

    assertTrue(result);
}

From source file:test.integ.be.fedict.commons.eid.client.BeIDCardTest.java

@Test
public void testPSSSignatureSHA256() throws Exception {
    final BeIDCard beIDCard = getBeIDCard();

    final byte[] toBeSigned = new byte[10];
    final SecureRandom secureRandom = new SecureRandom();
    secureRandom.nextBytes(toBeSigned);//from  w  w w . jav  a  2 s  . com

    final X509Certificate authnCertificate = beIDCard.getAuthenticationCertificate();

    final MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
    final byte[] digestValue = messageDigest.digest(toBeSigned);

    byte[] signatureValue;
    try {
        signatureValue = beIDCard.sign(digestValue, BeIDDigest.SHA_256_PSS,
                FileType.AuthentificationCertificate, false);
    } finally {
        beIDCard.close();
    }

    Security.addProvider(new BouncyCastleProvider());

    final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
    final boolean result = beIDIntegrity.verifySignature("SHA256withRSAandMGF1", signatureValue,
            authnCertificate.getPublicKey(), toBeSigned);

    assertTrue(result);
}

From source file:test.integ.be.fedict.commons.eid.client.JCATest.java

@Test
public void testAuthenticationSignatures() throws Exception {
    Security.addProvider(new BeIDProvider());
    Security.addProvider(new BouncyCastleProvider());
    KeyStore keyStore = KeyStore.getInstance("BeID");
    keyStore.load(null);/*w ww. ja  v  a  2  s. c om*/
    X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication");
    PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null);

    verifySignatureAlgorithm("SHA1withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA224withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA256withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA384withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA512withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("RIPEMD128withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("RIPEMD160withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("RIPEMD256withRSA", authnPrivateKey, authnCertificate.getPublicKey());
}

From source file:test.integ.be.fedict.commons.eid.client.JCATest.java

@Test
public void testBeIDSignature() throws Exception {
    Security.addProvider(new BeIDProvider());

    final KeyStore keyStore = KeyStore.getInstance("BeID");
    final BeIDKeyStoreParameter keyStoreParameter = new BeIDKeyStoreParameter();
    final BeIDCard beIDCard = getBeIDCard();
    keyStoreParameter.setBeIDCard(beIDCard);
    keyStoreParameter.setLogoff(true);//from w ww  .j a  v a  2s.co  m
    keyStore.load(keyStoreParameter);

    final Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        final String alias = aliases.nextElement();
        LOG.debug("alias: " + alias);
    }

    assertEquals(2, keyStore.size());

    assertTrue(keyStore.containsAlias("Signature"));
    assertTrue(keyStore.containsAlias("Authentication"));
    assertNotNull(keyStore.getCreationDate("Signature"));
    assertNotNull(keyStore.getCreationDate("Authentication"));

    assertTrue(keyStore.isKeyEntry("Signature"));
    final X509Certificate signCertificate = (X509Certificate) keyStore.getCertificate("Signature");
    assertNotNull(signCertificate);

    assertTrue(keyStore.isKeyEntry("Authentication"));
    final X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication");
    assertNotNull(authnCertificate);

    assertNotNull(keyStore.getCertificateChain("Signature"));
    assertNotNull(keyStore.getCertificateChain("Authentication"));

    assertTrue(keyStore.isKeyEntry("Authentication"));
    final PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null);
    assertNotNull(authnPrivateKey);

    assertTrue(keyStore.isKeyEntry("Signature"));
    final PrivateKey signPrivateKey = (PrivateKey) keyStore.getKey("Signature", null);
    assertNotNull(signPrivateKey);

    verifySignatureAlgorithm("SHA1withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA256withRSA", signPrivateKey, signCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA384withRSA", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA512withRSA", authnPrivateKey, authnCertificate.getPublicKey());

    Security.addProvider(new BouncyCastleProvider());

    verifySignatureAlgorithm("SHA1withRSAandMGF1", authnPrivateKey, authnCertificate.getPublicKey());
    verifySignatureAlgorithm("SHA256withRSAandMGF1", authnPrivateKey, authnCertificate.getPublicKey());
}

From source file:test.integ.be.fedict.commons.eid.client.JCATest.java

@Test
public void testPSSPrefix() throws Exception {
    Security.addProvider(new BeIDProvider());
    Security.addProvider(new BouncyCastleProvider());
    KeyStore keyStore = KeyStore.getInstance("BeID");
    keyStore.load(null);/*www  . j a v a2 s .c o m*/
    PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null);
    X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication");
    PublicKey authnPublicKey = authnCertificate.getPublicKey();

    Signature signature = Signature.getInstance("SHA1withRSAandMGF1");
    signature.initSign(authnPrivateKey);

    byte[] toBeSigned = "hello world".getBytes();
    signature.update(toBeSigned);
    byte[] signatureValue = signature.sign();

    signature.initVerify(authnPublicKey);
    signature.update(toBeSigned);
    boolean result = signature.verify(signatureValue);
    assertTrue(result);

    RSAPublicKey rsaPublicKey = (RSAPublicKey) authnPublicKey;
    BigInteger signatureValueBigInteger = new BigInteger(signatureValue);
    BigInteger messageBigInteger = signatureValueBigInteger.modPow(rsaPublicKey.getPublicExponent(),
            rsaPublicKey.getModulus());
    String paddedMessage = new String(Hex.encodeHex(messageBigInteger.toByteArray()));
    LOG.debug("padded message: " + paddedMessage);
    assertTrue(paddedMessage.endsWith("bc"));
}