org.bouncycastle.tls.crypto.impl.bc.BcTlsRSAVerifier Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of impersonator Show documentation
Show all versions of impersonator Show documentation
Spoof TLS/JA3/JA4 and HTTP/2 fingerprints in Java
The newest version!
package org.bouncycastle.tls.crypto.impl.bc;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.digests.NullDigest;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.GenericSigner;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.tls.DigitallySigned;
import org.bouncycastle.tls.SignatureAlgorithm;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsUtils;
/**
* Operator supporting the verification of RSASSA-PKCS1-v1_5 signatures using the BC light-weight API.
*/
public class BcTlsRSAVerifier
extends BcTlsVerifier
{
public BcTlsRSAVerifier(BcTlsCrypto crypto, RSAKeyParameters publicKey)
{
super(crypto, publicKey);
}
public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] hash)
{
Digest nullDigest = new NullDigest();
SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
Signer signer;
if (algorithm != null)
{
if (algorithm.getSignature() != SignatureAlgorithm.rsa)
{
throw new IllegalStateException("Invalid algorithm: " + algorithm);
}
/*
* RFC 5246 4.7. In RSA signing, the opaque vector contains the signature generated
* using the RSASSA-PKCS1-v1_5 signature scheme defined in [PKCS1].
*/
signer = new RSADigestSigner(nullDigest, TlsUtils.getOIDForHashAlgorithm(algorithm.getHash()));
}
else
{
/*
* RFC 5246 4.7. Note that earlier versions of TLS used a different RSA signature scheme
* that did not include a DigestInfo encoding.
*/
signer = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), nullDigest);
}
signer.init(false, publicKey);
signer.update(hash, 0, hash.length);
return signer.verifySignature(digitallySigned.getSignature());
}
}