public void verify(String from) throws SignatureException { String actualFrom = getFrom(); if (!actualFrom.equals(from)) { throw new SignatureException("from mismatch"); } }
public static byte[] signatureToKeyBytes(byte[] messageHash, ECDSASignature sig) throws SignatureException { check(messageHash.length == 32, "messageHash argument has length " + messageHash.length); int header = sig.v; // The header byte: 0x1B = first key with even y, 0x1C = first key with odd y, // 0x1D = second key with even y, 0x1E = second key with odd y if (header < 27 || header > 34) throw new SignatureException("Header byte out of range: " + header); if (header >= 31) { header -= 4; } int recId = header - 27; byte[] key = ECKey.recoverPubBytesFromSignature(recId, sig, messageHash); if (key == null) throw new SignatureException("Could not recover public key from signature"); return key; }
/** * Updates the data to be verified or to be signed, using the specified * {@code byte}. * * @param b * the byte to update with. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(byte b) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } engineUpdate(b); }
/** * Updates the data to be verified or to be signed, using the specified * {@code byte[]}. * * @param data * the byte array to update with. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(byte[] data) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } engineUpdate(data, 0, data.length); }
/** * Updates the data to be verified or to be signed, using the specified * {@code ByteBuffer}. * * @param data * the {@code ByteBuffer} to update with. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(ByteBuffer data) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } engineUpdate(data); }
public static boolean verify(Map<String, byte[]> obj, PublicKey key) throws SignatureException, InvalidKeyException { if(!obj.containsKey(signatureString)) throw new SignatureException("No signature supplied"); Signature signature; try { signature = Signature.getInstance("SHA256withRSA"); } catch (NoSuchAlgorithmException e) { return false; //does not happen } byte[] sigString = obj.get(signatureString); byte[] sig = Base64.getDecoder().decode(sigString); obj.remove(signatureString); signature.initVerify(key); signature.update(obj.toString().getBytes(StandardCharsets.UTF_8)); boolean res = signature.verify(sig); obj.put(signatureString, sigString); return res; }
/** * Generates and returns the signature of all updated data. * <p> * This {@code Signature} instance is reset to the state of its last * initialization for signing and thus can be used for another signature * from the same identity. * * @return the signature of all updated data. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final byte[] sign() throws SignatureException { if (state != SIGN) { throw new SignatureException("Signature object is not initialized properly"); } return engineSign(); }
/** * Indicates whether the given {@code signature} can be verified using the * public key or a certificate of the signer. * <p> * This {@code Signature} instance is reset to the state of its last * initialization for verifying and thus can be used to verify another * signature of the same signer. * * @param signature * the signature to verify. * @return {@code true} if the signature was verified, {@code false} * otherwise. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final boolean verify(byte[] signature) throws SignatureException { if (state != VERIFY) { throw new SignatureException("Signature object is not initialized properly"); } return engineVerify(signature); }
/** * Updates the data to be verified or to be signed, using the given {@code * byte[]}, starting form the specified index for the specified length. * * @param data * the byte array to update with. * @param off * the start index in {@code data} of the data. * @param len * the number of bytes to use. * @throws SignatureException * if this {@code Signature} instance is not initialized * properly. */ public final void update(byte[] data, int off, int len) throws SignatureException { if (state == UNINITIALIZED) { throw new SignatureException("Signature object is not initialized properly"); } if (data == null || off < 0 || len < 0 || off + len > data.length) { throw new IllegalArgumentException(); } engineUpdate(data, off, len); }
@Override public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { Signature signature = Signature.getInstance(getSigAlgName()); signature.initVerify(key); // retrieve the encoding of the TBSCertificate structure byte[] tbsCertificateLocal = getTbsCertificateInternal(); // compute and verify the signature signature.update(tbsCertificateLocal, 0, tbsCertificateLocal.length); if (!signature.verify(certificate.getSignatureValue())) { throw new SignatureException("Signature was not verified"); } }
@Override public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { Signature signature = Signature.getInstance(getSigAlgName(), sigProvider); signature.initVerify(key); // retrieve the encoding of the TBSCertificate structure byte[] tbsCertificateLocal = getTbsCertificateInternal(); // compute and verify the signature signature.update(tbsCertificateLocal, 0, tbsCertificateLocal.length); if (!signature.verify(certificate.getSignatureValue())) { throw new SignatureException("Signature was not verified"); } }
/** * Verfies if the signature of a JSONObject is valid * @param obj the JSONObject * @param key the public key of the signature issuer * @return true if the signature is valid * @throws SignatureException if the JSONObject does not have a signature or something with the JSONObject is bogus * @throws InvalidKeyException if the key is not valid (for example not RSA) */ public static boolean verify(JSONObject obj, PublicKey key) throws SignatureException, InvalidKeyException { if(!obj.has(signatureString)) throw new SignatureException("No signature supplied"); Signature signature; try { signature = Signature.getInstance("SHA256withRSA"); } catch (NoSuchAlgorithmException e) { return false; //does not happen } String sigString = obj.getString(signatureString); byte[] sig = Base64.getDecoder().decode(sigString); obj.remove(signatureString); signature.initVerify(key); signature.update(obj.toString().getBytes(StandardCharsets.UTF_8)); boolean res = signature.verify(sig); obj.put(signatureString, sigString); return res; }
/** * @see java.security.cert.X509CRL#verify(PublicKey key) * method documentation for more info */ public void verify(PublicKey key) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { Signature signature = Signature.getInstance(getSigAlgName()); signature.initVerify(key); byte[] tbsEncoding = tbsCertList.getEncoded(); signature.update(tbsEncoding, 0, tbsEncoding.length); if (!signature.verify(crl.getSignatureValue())) { throw new SignatureException("Signature was not verified"); } }
/** * @see java.security.cert.X509CRL#verify(PublicKey key, String sigProvider) * method documentation for more info */ public void verify(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { Signature signature = Signature.getInstance( getSigAlgName(), sigProvider); signature.initVerify(key); byte[] tbsEncoding = tbsCertList.getEncoded(); signature.update(tbsEncoding, 0, tbsEncoding.length); if (!signature.verify(crl.getSignatureValue())) { throw new SignatureException("Signature was not verified"); } }
/** * Given a piece of text and a message signature encoded in base64, returns an ECKey * containing the public key that was used to sign it. This can then be compared to the expected public key to * determine if the signature was correct. * * @param messageHash a piece of human readable text that was signed * @param signatureBase64 The Ethereum-format message signature in base64 * * @return - * @throws SignatureException If the public key could not be recovered or if there was a signature format error. */ public static byte[] signatureToKeyBytes(byte[] messageHash, String signatureBase64) throws SignatureException { byte[] signatureEncoded; try { signatureEncoded = Base64.decode(signatureBase64); } catch (RuntimeException e) { // This is what you get back from Bouncy Castle if base64 doesn't decode :( throw new SignatureException("Could not decode base64", e); } // Parse the signature bytes into r/s and the selector value. if (signatureEncoded.length < 65) throw new SignatureException("Signature truncated, expected 65 bytes and got " + signatureEncoded.length); return signatureToKeyBytes( messageHash, ECDSASignature.fromComponents( Arrays.copyOfRange(signatureEncoded, 1, 33), Arrays.copyOfRange(signatureEncoded, 33, 65), (byte) (signatureEncoded[0] & 0xFF))); }
private static byte[] generateApkSignatureSchemeV2Block( List<SignerConfig> signerConfigs, Map<ContentDigestAlgorithm, byte[]> contentDigests) throws InvalidKeyException, SignatureException { // FORMAT: // * length-prefixed sequence of length-prefixed signer blocks. List<byte[]> signerBlocks = new ArrayList<>(signerConfigs.size()); int signerNumber = 0; for (SignerConfig signerConfig : signerConfigs) { signerNumber++; byte[] signerBlock; try { signerBlock = generateSignerBlock(signerConfig, contentDigests); } catch (InvalidKeyException e) { throw new InvalidKeyException("Signer #" + signerNumber + " failed", e); } catch (SignatureException e) { throw new SignatureException("Signer #" + signerNumber + " failed", e); } signerBlocks.add(signerBlock); } return encodeAsSequenceOfLengthPrefixedElements( new byte[][] { encodeAsSequenceOfLengthPrefixedElements(signerBlocks), }); }
"Failed to sign using signer \"" + signerName + "\"", e); } catch (SignatureException e) { throw new SignatureException( "Failed to sign using signer \"" + signerName + "\"", e);
static BigInteger signedMessageHashToKey( byte[] messageHash, SignatureData signatureData) throws SignatureException { byte[] r = signatureData.getR(); byte[] s = signatureData.getS(); verifyPrecondition(r != null && r.length == 32, "r must be 32 bytes"); verifyPrecondition(s != null && s.length == 32, "s must be 32 bytes"); int header = signatureData.getV() & 0xFF; // The header byte: 0x1B = first key with even y, 0x1C = first key with odd y, // 0x1D = second key with even y, 0x1E = second key with odd y if (header < 27 || header > 34) { throw new SignatureException("Header byte out of range: " + header); } ECDSASignature sig = new ECDSASignature( new BigInteger(1, signatureData.getR()), new BigInteger(1, signatureData.getS())); int recId = header - 27; BigInteger key = recoverFromSignature(recId, sig, messageHash); if (key == null) { throw new SignatureException("Could not recover public key from signature"); } return key; }
throw new IOException("Failed to read APK being signed", e); } catch (DigestException e) { throw new SignatureException("Failed to compute digests of APK", e);
throw new SignatureException("Failed to generate signature", e);