architecture.common.license.validator.CheckSignatureValidator.java Source code

Java tutorial

Introduction

Here is the source code for architecture.common.license.validator.CheckSignatureValidator.java

Source

package architecture.common.license.validator;

import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;

import org.apache.commons.codec.binary.Hex;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import architecture.common.exception.LicenseException;
import architecture.common.license.License;

public class CheckSignatureValidator implements Validator {

    private static final Log log = LogFactory.getLog(CheckSignatureValidator.class);

    public CheckSignatureValidator() {
    }

    public void validate(License license) throws LicenseException {
        try {
            //   DSA ? .
            String publicKey = "308201b83082012c06072a8648ce3804013082011f02818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c70215009760508f15230bccb292b982a2eb840bf0581cf502818100f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a0381850002818100faf2d25b2866aa68501094d1097bebc95c6bcf1c58766f18b35fbf5e9d761cc5bf913447e374c21d279777859f9f043d1dc0d58b93a2081b56b4f5269a81b076907a3b11b01ec5cfde5dae4dfd7d26346e53e611235e714e69ec1bc141c77a8a28c4c799df570a4c3240e7f2fee19d6ed4caaa1b15b5da4a967ee82e3eb4d4ca";

            byte pub[] = Hex.decodeHex(publicKey.toCharArray());
            X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pub);

            KeyFactory keyFactory = KeyFactory.getInstance("DSA");
            java.security.PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
            Signature sig = Signature.getInstance("DSA");

            sig.initVerify(pubKey);
            // license.getSignature().getBytes("UTF-8");
            byte decoded[] = Hex.decodeHex(license.getSignature().toCharArray());

            log.debug("decoded sig: " + Hex.encodeHexString(decoded));

            log.info((new StringBuilder()).append("Validating license. License fingerprint: ")
                    .append(license.getSignature()).toString());

            sig.update(license.getFingerprint());

            boolean verified = sig.verify(decoded);

            if (!verified)
                throw new LicenseException("License signature is invalid.");
        } catch (Exception e) {
            log.fatal(e.getMessage(), e);
            throw new LicenseException(e);
        }
    }

}