assertTrue( clientHelper.checkDataWithPublicKey( KEY_ALIAS, data, signature ) ); assertFalse( clientHelper.checkDataWithPublicKey( KEY_ALIAS, "fake".getBytes( "UTF8" ), signature ) );
private void checkSignature( final ObjectInput stream, final KeyStoreHelper helper, final byte[] bytes, final String pubKeyAlias ) throws ClassNotFoundException, IOException { byte[] signature = (byte[]) stream.readObject(); try { if (!helper.checkDataWithPublicKey( pubKeyAlias, bytes, signature )) { throw new RuntimeDroolsException( "Signature does not match serialized package. This is a security violation. Deserialisation aborted." ); } } catch (InvalidKeyException e) { throw new RuntimeDroolsException( "Invalid key checking signature: " + e.getMessage(), e ); } catch (KeyStoreException e) { throw new RuntimeDroolsException( "Error accessing Key Store: " + e.getMessage(), e ); } catch (NoSuchAlgorithmException e) { throw new RuntimeDroolsException( "No algorithm available: " + e.getMessage(), e ); } catch (SignatureException e) { throw new RuntimeDroolsException( "Signature Exception: " + e.getMessage(), e ); } }
if ( !helper.checkDataWithPublicKey( _header.getSignature().getKeyAlias(), sessionbuff, _header.getSignature().getSignature().toByteArray() ) ) {