Posted By

arunpjohny on 09/30/11


Tagged

java-security java-signature


Versions (?)

Java Signature And Verification Utils


 / Published in: Java
 

  1. import java.io.BufferedInputStream;
  2. import java.io.File;
  3. import java.io.FileInputStream;
  4. import java.io.FileNotFoundException;
  5. import java.io.FileOutputStream;
  6. import java.io.IOException;
  7. import java.security.InvalidKeyException;
  8. import java.security.Key;
  9. import java.security.KeyPair;
  10. import java.security.KeyStore;
  11. import java.security.KeyStoreException;
  12. import java.security.NoSuchAlgorithmException;
  13. import java.security.PrivateKey;
  14. import java.security.PublicKey;
  15. import java.security.Signature;
  16. import java.security.SignatureException;
  17. import java.security.UnrecoverableKeyException;
  18. import java.security.cert.CertificateException;
  19. import java.security.cert.CertificateFactory;
  20.  
  21. import org.apache.commons.io.output.ByteArrayOutputStream;
  22. import org.bouncycastle.util.encoders.Base64Encoder;
  23.  
  24. public class Utils {
  25.  
  26. private static final String STRING_ENCODING = "UTF-8";
  27.  
  28. public static KeyStore loadKeyStore(File file, String storePassword)
  29. return loadKeyStore(KeyStore.getDefaultType(), file, storePassword);
  30. }
  31.  
  32. public static KeyStore loadKeyStore(String storeType, File file,
  33. String storePassword) throws IOException, KeyStoreException,
  34. try {
  35. KeyStore keystore = KeyStore.getInstance(storeType);
  36. keystore.load(is,
  37. storePassword == null ? null : storePassword.toCharArray());
  38.  
  39. return keystore;
  40. } finally {
  41. is.close();
  42. }
  43. }
  44.  
  45. public static KeyPair getKeyPair(KeyStore keyStore, String alias,
  46. String keyPassword) throws UnrecoverableKeyException,
  47. PrivateKeyNotFoundException {
  48. Key key = getKey(keyStore, alias, keyPassword);
  49. if (key instanceof PrivateKey) {
  50. return new KeyPair(getPublicKey(keyStore, alias), (PrivateKey) key);
  51. } else {
  52. throw new PrivateKeyNotFoundException("The given key " + alias
  53. + " is not a private key.");
  54. }
  55. }
  56.  
  57. public static PublicKey getPublicKey(KeyStore keyStore, String alias)
  58. return keyStore.getCertificate(alias).getPublicKey();
  59. }
  60.  
  61. public static Key getKey(KeyStore keyStore, String alias, String keyPassword)
  62. return keyStore.getKey(alias,
  63. keyPassword == null ? null : keyPassword.toCharArray());
  64. }
  65.  
  66. public static PublicKey loadPublicKeyFromCertificate(File certificateFile)
  67. return loadPublicKeyFromCertificate(certificateFile, "X.509");
  68. }
  69.  
  70. public static PublicKey loadPublicKeyFromCertificate(File certificateFile,
  71. String certificateType) throws FileNotFoundException,
  72. PublicKey publicKey = null;
  73. FileInputStream fis = new FileInputStream(certificateFile);
  74. try {
  75.  
  76. .getInstance(certificateType);
  77. java.security.cert.Certificate cert = cf.generateCertificate(fis);
  78. publicKey = cert.getPublicKey();
  79. } finally {
  80. fis.close();
  81. }
  82. return publicKey;
  83. }
  84.  
  85. public static boolean verify(File certificateFile, File signatureFile,
  86. File dataFile, String signAlgorithm) throws FileNotFoundException,
  87. byte[] sigToVerify = null;
  88. FileInputStream sigfis = new FileInputStream(signatureFile);
  89. try {
  90. sigToVerify = new byte[sigfis.available()];
  91. sigfis.read(sigToVerify);
  92. } finally {
  93. sigfis.close();
  94. }
  95.  
  96. return verify(dataFile, sigToVerify, certificateFile, signAlgorithm);
  97. }
  98.  
  99. public static boolean verify(File dataFile, byte[] sigToVerify,
  100. File certificateFile, String signAlgorithm)
  101. FileInputStream keyfis = new FileInputStream(certificateFile);
  102. try {
  103. byte[] encKey = new byte[keyfis.available()];
  104. keyfis.read(encKey);
  105. } finally {
  106. keyfis.close();
  107. }
  108.  
  109. PublicKey pubKey = loadPublicKeyFromCertificate(certificateFile);
  110.  
  111. Signature sig = Signature.getInstance(signAlgorithm);
  112. sig.initVerify(pubKey);
  113.  
  114. FileInputStream datafis = new FileInputStream(dataFile);
  115.  
  116. try {
  117. try {
  118. byte[] buffer = new byte[1024];
  119. int len;
  120. while (bufin.available() != 0) {
  121. len = bufin.read(buffer);
  122. sig.update(buffer, 0, len);
  123. }
  124. } finally {
  125. if (bufin != null) {
  126. bufin.close();
  127. }
  128. }
  129. } finally {
  130. if (datafis != null) {
  131. datafis.close();
  132. }
  133.  
  134. }
  135.  
  136. return sig.verify(sigToVerify);
  137. }
  138.  
  139. public static boolean verifyUsingBase64Decode(File certificateFile,
  140. File signatureFile, File dataFile, String signAlgorithm)
  141. byte[] sigToVerify = null;
  142. FileInputStream sigfis = new FileInputStream(signatureFile);
  143. try {
  144. sigToVerify = new byte[sigfis.available()];
  145. sigfis.read(sigToVerify);
  146. } finally {
  147. sigfis.close();
  148. }
  149.  
  150. new Base64Encoder().decode(sigToVerify, 0, sigToVerify.length,
  151. signStream);
  152. return verify(dataFile, signStream.toByteArray(), certificateFile,
  153. signAlgorithm);
  154. }
  155.  
  156. public static boolean verify(File certificateFile, File signatureFile,
  157. String data, String signAlgorithm) throws FileNotFoundException,
  158. byte[] sigToVerify = null;
  159. FileInputStream sigfis = new FileInputStream(signatureFile);
  160. try {
  161. sigToVerify = new byte[sigfis.available()];
  162. sigfis.read(sigToVerify);
  163. } finally {
  164. sigfis.close();
  165. }
  166.  
  167. return verify(data, sigToVerify, certificateFile, signAlgorithm);
  168. }
  169.  
  170. public static boolean verify(String dataFile, byte[] sigToVerify,
  171. File certificateFile, String signAlgorithm)
  172. FileInputStream keyfis = new FileInputStream(certificateFile);
  173. try {
  174. byte[] encKey = new byte[keyfis.available()];
  175. keyfis.read(encKey);
  176. } finally {
  177. keyfis.close();
  178. }
  179.  
  180. PublicKey pubKey = loadPublicKeyFromCertificate(certificateFile);
  181.  
  182. Signature sig = Signature.getInstance(signAlgorithm);
  183. sig.initVerify(pubKey);
  184.  
  185. sig.update(dataFile.getBytes(STRING_ENCODING));
  186.  
  187. return sig.verify(sigToVerify);
  188. }
  189.  
  190. public static boolean verifyUsingBase64Decode(File certificateFile,
  191. File signatureFile, String data, String signAlgorithm)
  192. byte[] sigToVerify = null;
  193. FileInputStream sigfis = new FileInputStream(signatureFile);
  194. try {
  195. sigToVerify = new byte[sigfis.available()];
  196. sigfis.read(sigToVerify);
  197. } finally {
  198. sigfis.close();
  199. }
  200.  
  201. new Base64Encoder().decode(sigToVerify, 0, sigToVerify.length,
  202. signStream);
  203. return verify(data, signStream.toByteArray(), certificateFile,
  204. signAlgorithm);
  205. }
  206.  
  207. protected static void writeToFileUsingBase64Encode(byte[] realSig, File f2)
  208. new Base64Encoder().encode(realSig, 0, realSig.length, sigfos2);
  209. sigfos2.close();
  210. }
  211.  
  212. protected static void writeToFile(File file, byte[] realSig)
  213. FileOutputStream sigfos = new FileOutputStream(file);
  214. try {
  215. sigfos.write(realSig);
  216. } finally {
  217. sigfos.close();
  218. }
  219. }
  220.  
  221. public static byte[] sign(File dataToSign, File keyStoreFile,
  222. String storePassword, String alias, String keyPassword,
  223. String signAlgorithm) throws IOException, KeyStoreException,
  224. UnrecoverableKeyException, PrivateKeyNotFoundException,
  225. Signature dsa = null;
  226.  
  227. KeyStore keyStore = loadKeyStore(keyStoreFile, storePassword);
  228. KeyPair pair = getKeyPair(keyStore, alias, keyPassword);
  229. PrivateKey priv = pair.getPrivate();
  230.  
  231. dsa = Signature.getInstance(signAlgorithm);
  232.  
  233. dsa.initSign(priv);
  234.  
  235. FileInputStream fis = new FileInputStream(dataToSign);
  236. try {
  237. try {
  238. byte[] buffer = new byte[1024];
  239. int len;
  240. while (bufin.available() != 0) {
  241. len = bufin.read(buffer);
  242. dsa.update(buffer, 0, len);
  243. }
  244. } finally {
  245. if (bufin != null) {
  246. bufin.close();
  247. }
  248. }
  249. } finally {
  250. if (fis != null) {
  251. fis.close();
  252. }
  253. }
  254.  
  255. return dsa.sign();
  256. }
  257.  
  258. public static byte[] sign(String dataToSign, File keyStoreFile,
  259. String storePassword, String alias, String keyPassword,
  260. String signAlgorithm) throws IOException, KeyStoreException,
  261. UnrecoverableKeyException, PrivateKeyNotFoundException,
  262. Signature dsa = null;
  263.  
  264. KeyStore keyStore = loadKeyStore(keyStoreFile, storePassword);
  265. KeyPair pair = getKeyPair(keyStore, alias, keyPassword);
  266. PrivateKey priv = pair.getPrivate();
  267. dsa = Signature.getInstance(signAlgorithm);
  268. dsa.initSign(priv);
  269. dsa.update(dataToSign.getBytes(STRING_ENCODING));
  270. return dsa.sign();
  271. }
  272.  
  273. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: myforum on October 1, 2011

Why did not you add some comment ?

Posted By: arunpjohny on December 12, 2011

These are some utility methods used to validate/generate security signatures.

You need to login to post a comment.