List of usage examples for java.security Signature update
public final void update(ByteBuffer data) throws SignatureException
From source file:org.intermine.webservice.server.JWTVerifier.java
private boolean verifySignature(PublicKey key, String algorithm, String signed, byte[] toVerify) throws VerificationError { Signature signature; try {/*w w w . java2s . c om*/ signature = Signature.getInstance(algorithm); } catch (NoSuchAlgorithmException e) { throw new VerificationError(e.getMessage()); } try { signature.initVerify(key); } catch (InvalidKeyException e) { throw new VerificationError("Key is invalid. " + e.getMessage()); } try { signature.update(signed.getBytes()); } catch (SignatureException e) { throw new VerificationError("Error creating signature: " + e.getMessage()); } try { return signature.verify(toVerify); } catch (SignatureException e) { throw new VerificationError("Error during verification: " + e.getMessage()); } }
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testPSS256() throws Exception { Security.addProvider(new BeIDProvider()); Security.addProvider(new BouncyCastleProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);/*from w ww. j av a 2 s. co m*/ PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); PublicKey authnPublicKey = authnCertificate.getPublicKey(); Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); signature.initSign(authnPrivateKey); byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); signature.initVerify(authnPublicKey); signature.update(toBeSigned); boolean result = signature.verify(signatureValue); assertTrue(result); }
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testSwingParent2() throws Exception { Security.addProvider(new BeIDProvider()); MyFrame myFrame = new MyFrame(); final KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(myFrame);/*from ww w . java 2 s . c o m*/ final PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); final Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(authnPrivateKey); final byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); Certificate[] certificateChain = keyStore.getCertificateChain("Authentication"); signature.initVerify(certificateChain[0]); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); }
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testRecoveryAfterRemoval() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);/*from w w w. j a va2 s. c om*/ PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); final Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(authnPrivateKey); final byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); signature.sign(); JOptionPane.showMessageDialog(null, "Please remove/insert eID card..."); keyStore.load(null); // reload the keystore. authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); signature.initSign(authnPrivateKey); signature.update(toBeSigned); signature.sign(); }
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testSwingParentLocale() throws Exception { Security.addProvider(new BeIDProvider()); final JFrame frame = new JFrame("Test Parent frame"); frame.setSize(200, 200);/*from ww w . j ava 2s . com*/ frame.setLocation(300, 300); frame.setVisible(true); final KeyStore keyStore = KeyStore.getInstance("BeID"); final BeIDKeyStoreParameter keyStoreParameter = new BeIDKeyStoreParameter(); keyStoreParameter.setLogoff(true); keyStoreParameter.setParentComponent(frame); keyStoreParameter.setLocale(new Locale("nl")); keyStore.load(keyStoreParameter); final PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); final Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(authnPrivateKey); final byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); signature.sign(); }
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testPSSPrefix() throws Exception { Security.addProvider(new BeIDProvider()); Security.addProvider(new BouncyCastleProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);//w w w . j a v a2 s. c o m PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); PublicKey authnPublicKey = authnCertificate.getPublicKey(); Signature signature = Signature.getInstance("SHA1withRSAandMGF1"); signature.initSign(authnPrivateKey); byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); signature.initVerify(authnPublicKey); signature.update(toBeSigned); boolean result = signature.verify(signatureValue); assertTrue(result); RSAPublicKey rsaPublicKey = (RSAPublicKey) authnPublicKey; BigInteger signatureValueBigInteger = new BigInteger(signatureValue); BigInteger messageBigInteger = signatureValueBigInteger.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); String paddedMessage = new String(Hex.encodeHex(messageBigInteger.toByteArray())); LOG.debug("padded message: " + paddedMessage); assertTrue(paddedMessage.endsWith("bc")); }
From source file:com.cws.esolutions.security.processors.impl.FileSecurityProcessorImpl.java
/** * @see com.cws.esolutions.security.processors.interfaces.IFileSecurityProcessor#verifyFile(com.cws.esolutions.security.processors.dto.FileSecurityRequest) *///from ww w. j a v a2 s. co m public synchronized FileSecurityResponse verifyFile(final FileSecurityRequest request) throws FileSecurityException { final String methodName = IFileSecurityProcessor.CNAME + "#verifyFile(final FileSecurityRequest request) throws FileSecurityException"; if (DEBUG) { DEBUGGER.debug(methodName); DEBUGGER.debug("FileSecurityRequest: {}", request); } FileSecurityResponse response = new FileSecurityResponse(); final RequestHostInfo reqInfo = request.getHostInfo(); final UserAccount userAccount = request.getUserAccount(); final KeyManager keyManager = KeyManagementFactory.getKeyManager(keyConfig.getKeyManager()); if (DEBUG) { DEBUGGER.debug("RequestHostInfo: {}", reqInfo); DEBUGGER.debug("UserAccount", userAccount); DEBUGGER.debug("KeyManager: {}", keyManager); } try { KeyPair keyPair = keyManager.returnKeys(userAccount.getGuid()); if (keyPair != null) { // read in the file signature byte[] sigToVerify = IOUtils.toByteArray(new FileInputStream(request.getSignedFile())); if (DEBUG) { DEBUGGER.debug("sigToVerify: {}", sigToVerify); } Signature signature = Signature.getInstance(fileSecurityConfig.getSignatureAlgorithm()); signature.initVerify(keyPair.getPublic()); signature.update(IOUtils.toByteArray(new FileInputStream(request.getUnsignedFile()))); if (DEBUG) { DEBUGGER.debug("Signature: {}", signature); } response.setRequestStatus(SecurityRequestStatus.SUCCESS); response.setIsSignatureValid(signature.verify(sigToVerify)); } else { response.setRequestStatus(SecurityRequestStatus.FAILURE); } } catch (NoSuchAlgorithmException nsax) { ERROR_RECORDER.error(nsax.getMessage(), nsax); throw new FileSecurityException(nsax.getMessage(), nsax); } catch (FileNotFoundException fnfx) { ERROR_RECORDER.error(fnfx.getMessage(), fnfx); throw new FileSecurityException(fnfx.getMessage(), fnfx); } catch (InvalidKeyException ikx) { ERROR_RECORDER.error(ikx.getMessage(), ikx); throw new FileSecurityException(ikx.getMessage(), ikx); } catch (SignatureException sx) { ERROR_RECORDER.error(sx.getMessage(), sx); throw new FileSecurityException(sx.getMessage(), sx); } catch (IOException iox) { ERROR_RECORDER.error(iox.getMessage(), iox); throw new FileSecurityException(iox.getMessage(), iox); } catch (KeyManagementException kmx) { ERROR_RECORDER.error(kmx.getMessage(), kmx); throw new FileSecurityException(kmx.getMessage(), kmx); } finally { // audit try { AuditEntry auditEntry = new AuditEntry(); auditEntry.setHostInfo(reqInfo); auditEntry.setAuditType(AuditType.VERIFYFILE); auditEntry.setUserAccount(userAccount); auditEntry.setAuthorized(Boolean.TRUE); auditEntry.setApplicationId(request.getApplicationId()); auditEntry.setApplicationName(request.getAppName()); if (DEBUG) { DEBUGGER.debug("AuditEntry: {}", auditEntry); } AuditRequest auditRequest = new AuditRequest(); auditRequest.setAuditEntry(auditEntry); if (DEBUG) { DEBUGGER.debug("AuditRequest: {}", auditRequest); } auditor.auditRequest(auditRequest); } catch (AuditServiceException asx) { ERROR_RECORDER.error(asx.getMessage(), asx); } } return response; }
From source file:com.cws.esolutions.security.processors.impl.FileSecurityProcessorImpl.java
/** * @see com.cws.esolutions.security.processors.interfaces.IFileSecurityProcessor#signFile(com.cws.esolutions.security.processors.dto.FileSecurityRequest) *///w w w.j a va 2 s . co m public synchronized FileSecurityResponse signFile(final FileSecurityRequest request) throws FileSecurityException { final String methodName = IFileSecurityProcessor.CNAME + "#signFile(final FileSecurityRequest request) throws FileSecurityException"; if (DEBUG) { DEBUGGER.debug(methodName); DEBUGGER.debug("FileSecurityRequest: {}", request); } FileSecurityResponse response = new FileSecurityResponse(); final RequestHostInfo reqInfo = request.getHostInfo(); final UserAccount userAccount = request.getUserAccount(); final KeyManager keyManager = KeyManagementFactory.getKeyManager(keyConfig.getKeyManager()); if (DEBUG) { DEBUGGER.debug("RequestHostInfo: {}", reqInfo); DEBUGGER.debug("UserAccount", userAccount); DEBUGGER.debug("KeyManager: {}", keyManager); } try { KeyPair keyPair = keyManager.returnKeys(userAccount.getGuid()); if (keyPair != null) { Signature signature = Signature.getInstance(fileSecurityConfig.getSignatureAlgorithm()); signature.initSign(keyPair.getPrivate()); signature.update(IOUtils.toByteArray(new FileInputStream(request.getUnsignedFile()))); if (DEBUG) { DEBUGGER.debug("Signature: {}", signature); } byte[] sig = signature.sign(); if (DEBUG) { DEBUGGER.debug("Signature: {}", sig); } IOUtils.write(sig, new FileOutputStream(request.getSignedFile())); if ((request.getSignedFile().exists()) && (request.getSignedFile().length() != 0)) { response.setSignedFile(request.getSignedFile()); response.setRequestStatus(SecurityRequestStatus.SUCCESS); } else { response.setRequestStatus(SecurityRequestStatus.FAILURE); } } else { response.setRequestStatus(SecurityRequestStatus.FAILURE); } } catch (NoSuchAlgorithmException nsax) { ERROR_RECORDER.error(nsax.getMessage(), nsax); throw new FileSecurityException(nsax.getMessage(), nsax); } catch (FileNotFoundException fnfx) { ERROR_RECORDER.error(fnfx.getMessage(), fnfx); throw new FileSecurityException(fnfx.getMessage(), fnfx); } catch (InvalidKeyException ikx) { ERROR_RECORDER.error(ikx.getMessage(), ikx); throw new FileSecurityException(ikx.getMessage(), ikx); } catch (SignatureException sx) { ERROR_RECORDER.error(sx.getMessage(), sx); throw new FileSecurityException(sx.getMessage(), sx); } catch (IOException iox) { ERROR_RECORDER.error(iox.getMessage(), iox); throw new FileSecurityException(iox.getMessage(), iox); } catch (KeyManagementException kmx) { ERROR_RECORDER.error(kmx.getMessage(), kmx); throw new FileSecurityException(kmx.getMessage(), kmx); } finally { // audit try { AuditEntry auditEntry = new AuditEntry(); auditEntry.setHostInfo(reqInfo); auditEntry.setAuditType(AuditType.SIGNFILE); auditEntry.setUserAccount(userAccount); auditEntry.setAuthorized(Boolean.TRUE); auditEntry.setApplicationId(request.getApplicationId()); auditEntry.setApplicationName(request.getAppName()); if (DEBUG) { DEBUGGER.debug("AuditEntry: {}", auditEntry); } AuditRequest auditRequest = new AuditRequest(); if (DEBUG) { DEBUGGER.debug("AuditRequest: {}", auditRequest); } auditor.auditRequest(auditRequest); } catch (AuditServiceException asx) { ERROR_RECORDER.error(asx.getMessage(), asx); } } return response; }
From source file:eu.europa.ejusticeportal.dss.applet.DssApplet.java
/** * This methods checks if the data coming from the server can be trusted. * The hash provided by the server is checked using the public key. * @param data the data coming from the server. * @param serverHash the hash of the data coming from the server. * @param algo the algorithm used for the server hash. * @return <code>true</code> if the serverHash can be verified with the public key. *//* w w w . j a v a 2 s . com*/ private boolean canTrustServerHash(final String data, final String serverHash, final String algo) { Certificate certificate; InputStream pemInputStream; try { pemInputStream = getClass().getClassLoader().getResourceAsStream("certificate.pem"); if (pemInputStream == null) { LOG.log(Level.SEVERE, "Missing certificate.pem file. Impossible to check if the data coming from the server can be trusted."); return false; } } catch (Exception e) { LOG.log(Level.SEVERE, "Missing certificate.pem file. Impossible to check if the data coming from the server can be trusted."); return false; } try { certificate = CertificateFactory.getInstance("X.509").generateCertificate(pemInputStream); PublicKey publicKey = certificate.getPublicKey(); Signature sigVerify = Signature.getInstance(new String(Base64.decodeBase64(algo)), "BC"); sigVerify.initVerify(publicKey); sigVerify.update(data.getBytes("UTF-8")); boolean signatureMatch = sigVerify.verify(Base64.decodeBase64(serverHash)); if (signatureMatch) { LOG.log(Level.INFO, "The data coming from the server can be trusted."); return true; } else { LOG.log(Level.SEVERE, "!!! Tampered data received !!!"); LOG.log(Level.INFO, serverHash); LOG.log(Level.INFO, data); return false; } } catch (CertificateException e) { LOG.error(e.getMessage(), e); } catch (NoSuchAlgorithmException e) { LOG.error(e.getMessage(), e); } catch (NoSuchProviderException e) { LOG.error(e.getMessage(), e); } catch (InvalidKeyException e) { LOG.error(e.getMessage(), e); } catch (SignatureException e) { LOG.error(e.getMessage(), e); } catch (UnsupportedEncodingException e) { LOG.error(e.getMessage(), e); } LOG.log(Level.SEVERE, "Impossible to check if the data coming from the server can be trusted."); return false; }
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
/** * Integration test for automatic recovery of a {@link PrivateKey} instance. * <p/>// w w w . j ava 2 s .c o m * Automatic recovery should work on the same eID card. * <p/> * When inserting another eID card however, the automatic recovery should * fail. * * @throws Exception */ @Test public void testAutoRecovery() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); BeIDKeyStoreParameter keyStoreParameter = new BeIDKeyStoreParameter(); keyStoreParameter.setAutoRecovery(true); keyStoreParameter.setCardReaderStickiness(true); keyStore.load(keyStoreParameter); PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); PublicKey authnPublicKey = keyStore.getCertificate("Authentication").getPublicKey(); final Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(authnPrivateKey); final byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); signature.initVerify(authnPublicKey); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); JOptionPane.showMessageDialog(null, "Please remove/insert eID card..."); signature.initSign(authnPrivateKey); signature.update(toBeSigned); signatureValue = signature.sign(); signature.initVerify(authnPublicKey); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); }