Logger log = getLogger(); return verifyMAC(verificationKey, jcaAlgorithmID, signature, input); } else if (verificationKey instanceof PublicKey) { return verify((PublicKey) verificationKey, jcaAlgorithmID, signature, input); } else { log.error("No PublicKey present in verification credential for signature verification");
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of * signing key supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input) throws SecurityException { Logger log = getLogger(); Key signingKey = SecurityHelper.extractSigningKey(signingCredential); if (signingKey == null) { log.error("No signing key supplied in signing credential for signature computation"); throw new SecurityException("No signing key supplied in signing credential"); } if (isMAC) { return signMAC(signingKey, jcaAlgorithmID, input); } else if (signingKey instanceof PrivateKey) { return sign((PrivateKey) signingKey, jcaAlgorithmID, input); } else { log.error("No PrivateKey present in signing credential for signature computation"); throw new SecurityException("No PrivateKey supplied for signing"); } }
/** * Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC * value. * * It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key * supplied. * * @param verificationKey the key with which to compute and verify the MAC * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param signature the computed MAC value received from the signer * @param input the input over which the MAC is computed and verified * @return true if the MAC value computed over the input using the supplied key and algorithm ID is identical to the * supplied MAC signature value * @throws SecurityException thrown if the MAC computation or verification process results in an error */ public static boolean verifyMAC(Key verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input) throws SecurityException { Logger log = getLogger(); log.debug("Verifying MAC over input using key of type {} and JCA algorithm ID {}", verificationKey .getAlgorithm(), jcaAlgorithmID); // Java JCA/JCE Mac interface doesn't have a verification op, // so have to compute the Mac and compare the byte arrays manually. byte[] computed = signMAC(verificationKey, jcaAlgorithmID, input); return Arrays.equals(computed, signature); }
if (SigningUtil.verifyWithURI(candidateCredential, algorithmURI, signature, content)) { log.debug("Successfully verified raw signature using supplied candidate credential"); log.debug("Attempting to establish trust of supplied candidate credential");
/** * Verify the signature value computed over the supplied input against the supplied signature value. * * It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key * supplied. * * @param verificationKey the key with which to compute and verify the signature * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param signature the computed signature value received from the signer * @param input the input over which the signature is computed and verified * @return true if the signature value computed over the input using the supplied key and algorithm ID is identical * to the supplied signature value * @throws SecurityException thrown if the signature computation or verification process results in an error */ public static boolean verify(PublicKey verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input) throws SecurityException { Logger log = getLogger(); log.debug("Verifying signature over input using public key of type {} and JCA algorithm ID {}", verificationKey .getAlgorithm(), jcaAlgorithmID); try { Signature sig = Signature.getInstance(jcaAlgorithmID); sig.initVerify(verificationKey); sig.update(input); return sig.verify(signature); } catch (GeneralSecurityException e) { log.error("Error during signature verification", e); throw new SecurityException("Error during signature verification", e); } }
/** * Verify the signature value computed over the supplied input against the supplied signature value. * * It is up to the caller to ensure that the specified algorithm URI are consistent with the type of verification * credential supplied. * * @param verificationCredential the credential containing the verification key * @param algorithmURI the algorithm URI to use * @param signature the computed signature value received from the signer * @param input the input over which the signature is computed and verified * @return true if the signature value computed over the input using the supplied key and algorithm ID is identical * to the supplied signature value * @throws SecurityException thrown if the signature computation or verification process results in an error */ public static boolean verifyWithURI(Credential verificationCredential, String algorithmURI, byte[] signature, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return verify(verificationCredential, jcaAlgorithmID, isHMAC, signature, input); }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm URI is consistent with the type of signing key * supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param algorithmURI the algorithm URI to use * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] signWithURI(Credential signingCredential, String algorithmURI, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return sign(signingCredential, jcaAlgorithmID, isHMAC, input); }
/** * Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec. * * @param signingCredential credential that will be used to sign * @param algorithmURI algorithm URI of the signing credential * @param formData form control data to be signed * * @return base64 encoded signature of form control data * * @throws MessageEncodingException there is an error computing the signature */ protected String generateSignature(Credential signingCredential, String algorithmURI, String formData) throws MessageEncodingException { log.debug(String.format( "Generating signature with key type '%s', algorithm URI '%s' over form control string '%s'", SecurityHelper.extractSigningKey(signingCredential).getAlgorithm(), algorithmURI, formData)); String b64Signature = null; try { byte[] rawSignature = SigningUtil.signWithURI(signingCredential, algorithmURI, formData.getBytes("UTF-8")); b64Signature = Base64.encodeBytes(rawSignature, Base64.DONT_BREAK_LINES); log.debug("Generated digital signature value (base64-encoded) {}", b64Signature); } catch (SecurityException e) { log.error("Error during URL signing process", e); throw new MessageEncodingException("Unable to sign form control string", e); } catch (UnsupportedEncodingException e) { // UTF-8 encoding is required to be supported by all JVMs } return b64Signature; }
if (SigningUtil.verifyWithURI(candidateCredential, algorithmURI, signature, content)) { log.debug("Successfully verified raw signature using supplied candidate credential"); log.debug("Attempting to establish trust of supplied candidate credential");
/** * Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC * value. * * It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key * supplied. * * @param verificationKey the key with which to compute and verify the MAC * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param signature the computed MAC value received from the signer * @param input the input over which the MAC is computed and verified * @return true if the MAC value computed over the input using the supplied key and algorithm ID is identical to the * supplied MAC signature value * @throws SecurityException thrown if the MAC computation or verification process results in an error */ public static boolean verifyMAC(Key verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input) throws SecurityException { Logger log = getLogger(); log.debug("Verifying MAC over input using key of type {} and JCA algorithm ID {}", verificationKey .getAlgorithm(), jcaAlgorithmID); // Java JCA/JCE Mac interface doesn't have a verification op, // so have to compute the Mac and compare the byte arrays manually. byte[] computed = signMAC(verificationKey, jcaAlgorithmID, input); return Arrays.equals(computed, signature); }
/** * Verify the signature value computed over the supplied input against the supplied signature value. * * It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key * supplied. * * @param verificationKey the key with which to compute and verify the signature * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param signature the computed signature value received from the signer * @param input the input over which the signature is computed and verified * @return true if the signature value computed over the input using the supplied key and algorithm ID is identical * to the supplied signature value * @throws SecurityException thrown if the signature computation or verification process results in an error */ public static boolean verify(PublicKey verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input) throws SecurityException { Logger log = getLogger(); log.debug("Verifying signature over input using public key of type {} and JCA algorithm ID {}", verificationKey .getAlgorithm(), jcaAlgorithmID); try { Signature sig = Signature.getInstance(jcaAlgorithmID); sig.initVerify(verificationKey); sig.update(input); return sig.verify(signature); } catch (GeneralSecurityException e) { log.error("Error during signature verification", e); throw new SecurityException("Error during signature verification", e); } }
/** * Verify the signature value computed over the supplied input against the supplied signature value. * * It is up to the caller to ensure that the specified algorithm URI are consistent with the type of verification * credential supplied. * * @param verificationCredential the credential containing the verification key * @param algorithmURI the algorithm URI to use * @param signature the computed signature value received from the signer * @param input the input over which the signature is computed and verified * @return true if the signature value computed over the input using the supplied key and algorithm ID is identical * to the supplied signature value * @throws SecurityException thrown if the signature computation or verification process results in an error */ public static boolean verifyWithURI(Credential verificationCredential, String algorithmURI, byte[] signature, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return verify(verificationCredential, jcaAlgorithmID, isHMAC, signature, input); }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm URI is consistent with the type of signing key * supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param algorithmURI the algorithm URI to use * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] signWithURI(Credential signingCredential, String algorithmURI, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return sign(signingCredential, jcaAlgorithmID, isHMAC, input); }
byte[] rawSignature = SigningUtil.signWithURI(signingCredential, algorithmURI, queryString .getBytes("UTF-8")); b64Signature = Base64.encodeBytes(rawSignature, Base64.DONT_BREAK_LINES);
Logger log = getLogger(); return verifyMAC(verificationKey, jcaAlgorithmID, signature, input); } else if (verificationKey instanceof PublicKey) { return verify((PublicKey) verificationKey, jcaAlgorithmID, signature, input); } else { log.error("No PublicKey present in verification credential for signature verification");
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of * signing key supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input) throws SecurityException { Logger log = getLogger(); Key signingKey = SecurityHelper.extractSigningKey(signingCredential); if (signingKey == null) { log.error("No signing key supplied in signing credential for signature computation"); throw new SecurityException("No signing key supplied in signing credential"); } if (isMAC) { return signMAC(signingKey, jcaAlgorithmID, input); } else if (signingKey instanceof PrivateKey) { return sign((PrivateKey) signingKey, jcaAlgorithmID, input); } else { log.error("No PrivateKey present in signing credential for signature computation"); throw new SecurityException("No PrivateKey supplied for signing"); } }
if (!SigningUtil.verifyWithURI(cred, getAlgorithmURIFromID(HTTPTransportUtils.urlDecode(samlSig)), DatatypeConverter.parseBase64Binary(HTTPTransportUtils.urlDecode(samlSigature)), sb.toString().getBytes("UTF-8"))) { throw new SAMLException("!SigningUtil.verifyWithURI");
/** * Compute the raw signature value over the supplied input. * * It is up to the caller to ensure that the specified algorithm ID is consistent with the type of signing key * supplied. * * @param signingKey the private key with which to compute the signature * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param input the input over which to compute the signature * @return the computed signature value * @throws SecurityException thrown if the signature computation results in an error */ public static byte[] sign(PrivateKey signingKey, String jcaAlgorithmID, byte[] input) throws SecurityException { Logger log = getLogger(); log.debug("Computing signature over input using private key of type {} and JCA algorithm ID {}", signingKey .getAlgorithm(), jcaAlgorithmID); try { Signature signature = Signature.getInstance(jcaAlgorithmID); signature.initSign(signingKey); signature.update(input); byte[] rawSignature = signature.sign(); log.debug("Computed signature: {}", new String(Hex.encode(rawSignature))); return rawSignature; } catch (GeneralSecurityException e) { log.error("Error during signature generation", e); throw new SecurityException("Error during signature generation", e); } }