Examples of java.security.Signature$CipherAdapter

• java.security.Signature
  This Signature class is used to provide applications the functionality of a digital signature algorithm. Digital signatures are used for authentication and integrity assurance of digital data.

  The signature algorithm can be, among others, the NIST standard DSA, using DSA and SHA-1. The DSA algorithm using the SHA-1 message digest algorithm can be specified as SHA1withDSA. In the case of RSA, there are multiple choices for the message digest algorithm, so the signing algorithm could be specified as, for example, MD2withRSA, MD5withRSA, or SHA1withRSA. The algorithm name must be specified, as there is no default.

  A Signature object can be used to generate and verify digital signatures.

  There are three phases to the use of a Signature object for either signing data or verifying a signature:

  1. Initialization, with either
     • a public key, which initializes the signature for verification (see {@link #initVerify(PublicKey) initVerify}), or
     • a private key (and optionally a Secure Random Number Generator), which initializes the signature for signing (see {@link #initSign(PrivateKey)}and {@link #initSign(PrivateKey,SecureRandom)}).

  2. Updating

     Depending on the type of initialization, this will update the bytes to be signed or verified. See the {@link #update(byte) update} methods.

  3. Signing or Verifying a signature on all updated bytes. See the {@link #sign() sign} methods and the {@link #verify(byte[]) verify}method.

  Note that this class is abstract and extends from SignatureSpi for historical reasons. Application developers should only take notice of the methods defined in this Signature class; all the methods in the superclass are intended for cryptographic service providers who wish to supply their own implementations of digital signature algorithms. @author Benjamin Renaud @version 1.103, 04/21/06

  }

  private boolean validate(PublicKey publickey, JonasIdentity identity) throws Exception {

    // Build signature with data to validate (principal name + roles)
    Signature signature = null;
    try {
      signature = Signature.getInstance("SHA1withDSA");
    } catch (NoSuchAlgorithmException e) {
      if (logger.isLoggable(BasicLevel.ERROR))
        logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e);
      throw new Exception("Error while getting the algorithm 'SHA1withDSA' :" + e.getMessage());
    }

    try {
      signature.initVerify(publickey);
    } catch (InvalidKeyException e) {
      if (logger.isLoggable(BasicLevel.ERROR))
        logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e);
      throw new Exception("Cannot initialize the signature with the given public key:" + e.getMessage());
    }

    // Add principal name
    String principal = null;
    try {
      //signature.update(principal.getBytes());
      principal = identity.getPrincipal();
      if (logger.isLoggable(BasicLevel.DEBUG))
        logger.log(BasicLevel.DEBUG, "validate principal = " + principal);

      if (principal == null) {
        if (logger.isLoggable(BasicLevel.ERROR))
          logger.log(BasicLevel.ERROR, "EXCEPTION:: validate principal == null");
        throw new Exception("Cannot add the bytes for the principal name '" + principal + "'");
      }

      signature.update(principal.getBytes());

    } catch (SignatureException e) {
      if (logger.isLoggable(BasicLevel.ERROR))
        logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e);
      throw new Exception("Cannot add the bytes for the principal name '" + principal + "' :" + e.getMessage());
    }

    // Add roles
    Object[] roles = identity.getRoles();
    if (!Configuration.getBoolean(UNSORT_ROLES)) {
      // Sort roles before adding it to the signature to preserve the order
      Arrays.sort(roles);
    }
    for (int r = 0; r < roles.length; r++) {
      try {
        signature.update(((String)roles[r]).getBytes());
      } catch (SignatureException e) {
        if (logger.isLoggable(BasicLevel.ERROR))
          logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e);
        throw new Exception("Cannot add the bytes for the role '" + roles[r] + "' : " + e.getMessage());
      }
    }

    // Check signature
    boolean trusted = false;
    try {
      trusted = signature.verify(identity.getSignature());
    } catch (SignatureException e) {
      if (logger.isLoggable(BasicLevel.ERROR))
        logger.log(BasicLevel.ERROR, "EXCEPTION:: validate", e);
      throw new Exception("The signature found in the identity '" + this + "' is invalid:" + e.getMessage());
    }

      zis = new ZipInputStream(
          new BufferedInputStream( new FileInputStream( file ) ));

      byte[]    signature  = null;

      Signature  sig = Signature.getInstance("MD5withRSA" );

      sig.initVerify( key );

      while( true ){

        ZipEntry  entry = zis.getNextEntry();

        if ( entry == null ){

          break;
        }

        if ( entry.isDirectory()){

          continue;
        }

        String  name = entry.getName();

        ByteArrayOutputStream  output = null;

        if ( name.equalsIgnoreCase("azureus.sig")){

          output  = new ByteArrayOutputStream();
        }

        byte[]  buffer = new byte[65536];

        while( true ){

          int  len = zis.read( buffer );

          if ( len <= 0 ){

            break;
          }

          if ( output == null ){

            sig.update( buffer, 0, len );

          }else{

            output.write( buffer, 0, len );
          }
        }

        if ( output != null ){

          signature = output.toByteArray();
        }
      }

      if ( signature == null ){

        throw( new AEVerifierException( AEVerifierException.FT_SIGNATURE_MISSING, "Signature missing from file" ));
      }

      if ( !sig.verify( signature )){

        throw( new AEVerifierException( AEVerifierException.FT_SIGNATURE_BAD, "Signature doesn't match data" ));
      }
    }finally{

    RSAPublicKeySpec   public_key_spec =
      new RSAPublicKeySpec( new BigInteger(modulus,16), new BigInteger(pub_exp,16));

    RSAPublicKey public_key   = (RSAPublicKey)key_factory.generatePublic( public_key_spec );

    Signature  sig = Signature.getInstance("MD5withRSA" );

    sig.initVerify( public_key );

    sig.update( data.getBytes( "UTF-8" ));

    if ( !sig.verify( signature )){

      throw( new AEVerifierException( AEVerifierException.FT_SIGNATURE_BAD, "Data verification failed, signature doesn't match data" ));
    }
  }

        PrivateKey      key,
        String          provider,
        SecureRandom    random)
        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
    {
        Signature sig = null;

        if (sigOID == null)
        {
            throw new IllegalStateException("no signature algorithm specified");
        }

        try
        {
            sig = Signature.getInstance(sigOID.getId(), provider);
        }
        catch (NoSuchAlgorithmException ex)
        {
            try
            {
                sig = Signature.getInstance(signatureAlgorithm, provider);
            }
            catch (NoSuchAlgorithmException e)
            {
                throw new SecurityException("exception creating signature: " + e.toString());
            }
        }

        if (random != null)
        {
            sig.initSign(key, random);
        }
        else
        {
            sig.initSign(key);
        }

        if (extensions != null)
        {
            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
        }

        TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

            dOut.writeObject(tbsCert);

            sig.update(bOut.toByteArray());
        }
        catch (Exception e)
        {
            throw new SecurityException("exception encoding TBS cert - " + e);
        }

        ASN1EncodableVector  v = new ASN1EncodableVector();

        v.add(tbsCert);
        v.add(sigAlgId);
        v.add(new DERBitString(sig.sign()));

        return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
    }

    if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
    {
      throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList.");
    }

    Signature sig = Signature.getInstance(getSigAlgName(), sigProvider);

    sig.initVerify(key);
    sig.update(this.getTBSCertList());
    if ( !sig.verify(this.getSignature()) )
    {
      throw new SignatureException("CRL does not verify with supplied public key.");
    }
  }

        final byte[] pad = getBytes( message, 65535 );

        remotePubKey = CryptoECCUtils.rawdataToPubkey(rawRemoteOtherPubkey);

        Signature check = CryptoECCUtils.getSignature(remotePubKey);

        check.update(rawRemoteOtherPubkey);

        check.update(rawRemoteEphemeralPubkey);

        if ( check.verify(remoteSig)){

          ecDH.doPhase(CryptoECCUtils.rawdataToPubkey(rawRemoteEphemeralPubkey), true);

          sharedSecret = ecDH.generateSecret();

        }else{

          throw( new CryptoManagerException( "Signature check failed" ));
        }

      }else{

        if ( sharedSecret == null ){

          throw( new CryptoManagerException( "phase error: keys not received" ));
        }

        final byte[] IV = getBytes( message, 65535 );

        final byte[] remoteSig = getBytes( message, 65535);

        Signature check = CryptoECCUtils.getSignature( remotePubKey );

        check.update(IV);

        check.update(sharedSecret);

        if ( !check.verify(remoteSig)){

          throw( new CryptoManagerException( "Signature check failed" ));
        }
      }
    }catch( CryptoManagerException  e ){

    try{
      putInt( buffer, VERSION, 255 );

      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

      Signature sig = CryptoECCUtils.getSignature(myPrivateKey);

      if ( keys ){

        final byte[] rawMyPubkey = CryptoECCUtils.keyToRawdata(myPublicKey);

        final byte[] rawEphemeralPubkey = CryptoECCUtils.keyToRawdata(ephemeralKeyPair.getPublic());

        sig.update(rawMyPubkey);

        sig.update(rawEphemeralPubkey);

        final byte[] rawSign = sig.sign();

        final byte[] pad = new byte[random.nextInt(32)];

        random.nextBytes(pad);

        putBytes( buffer, rawMyPubkey, 65535 );

        putBytes( buffer, rawEphemeralPubkey, 65535 );

        putBytes( buffer, rawSign, 65535 );

        putBytes( buffer, pad, 65535 );

      }else{

        if ( sharedSecret == null ){

          throw( new CryptoManagerException( "phase error: keys not received" ));
        }

        final byte[] IV = new byte[20 + random.nextInt(32)];

        random.nextBytes(IV);

        sig.update(IV);

        sig.update(sharedSecret);

        final byte[] rawSig = sig.sign();

        putBytes( buffer, IV, 65535 );

        putBytes( buffer, rawSig, 65535 );
      }

    throws CryptoManagerException
  {
    try
    {
      Signature ECCsig = Signature.getInstance("SHA1withECDSA", "BC");

      if( key instanceof ECPrivateKey ){

        ECCsig.initSign((ECPrivateKey)key);

      }else if( key instanceof ECPublicKey ){

        ECCsig.initVerify((ECPublicKey)key);

      }else{

        throw new CryptoManagerException("Invalid Key Type, ECC keys required");
      }

    throws CryptoManagerException
  {
    PrivateKey  priv = getMyPrivateKey( reason );

    Signature sig = CryptoECCUtils.getSignature( priv );

    try{
      sig.update( data );

      return( sig.sign());

    }catch( Throwable e ){

      throw( new CryptoManagerException( "Signature failed", e ));
    }

    throws CryptoManagerException
  {
    PublicKey  pub = CryptoECCUtils.rawdataToPubkey( public_key );

    Signature sig = CryptoECCUtils.getSignature( pub );

    try{
      sig.update( data );

      return( sig.verify( signature ));

    }catch( Throwable e ){

      throw( new CryptoManagerException( "Signature failed", e ));
    }