org.bouncycastle.tls.crypto.impl.bc.BcTlsRSAVerifier Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bctls-debug-jdk15to18 Show documentation
Show all versions of bctls-debug-jdk15to18 Show documentation
The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.
The newest version!
package org.bouncycastle.tls.crypto.impl.bc;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.digests.NullDigest;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.GenericSigner;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.tls.DigitallySigned;
import org.bouncycastle.tls.SignatureAlgorithm;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsUtils;
/**
* Operator supporting the verification of RSASSA-PKCS1-v1_5 signatures using the BC light-weight API.
*/
public class BcTlsRSAVerifier
extends BcTlsVerifier
{
public BcTlsRSAVerifier(BcTlsCrypto crypto, RSAKeyParameters publicKey)
{
super(crypto, publicKey);
}
public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] hash)
{
Digest nullDigest = new NullDigest();
SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
Signer signer;
if (algorithm != null)
{
if (algorithm.getSignature() != SignatureAlgorithm.rsa)
{
throw new IllegalStateException("Invalid algorithm: " + algorithm);
}
/*
* RFC 5246 4.7. In RSA signing, the opaque vector contains the signature generated
* using the RSASSA-PKCS1-v1_5 signature scheme defined in [PKCS1].
*/
signer = new RSADigestSigner(nullDigest, TlsUtils.getOIDForHashAlgorithm(algorithm.getHash()));
}
else
{
/*
* RFC 5246 4.7. Note that earlier versions of TLS used a different RSA signature scheme
* that did not include a DigestInfo encoding.
*/
signer = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), nullDigest);
}
signer.init(false, publicKey);
signer.update(hash, 0, hash.length);
return signer.verifySignature(digitallySigned.getSignature());
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy