1 /* 2 * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @see SignUsingNONEwithRSA.sh 26 */ 27 28 import java.security.*; 29 import java.util.*; 30 31 public class SignUsingNONEwithRSA { 32 33 private static final List<byte[]> precomputedHashes = Arrays.asList( 34 // A MD5 hash 35 new byte[] { 36 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 37 0x11, 0x12, 0x13, 0x14, 0x15, 0x16 38 }, 39 // A SHA-1 hash 40 new byte[] { 41 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 42 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20 43 }, 44 // A concatenation of SHA-1 and MD5 hashes (used during SSL handshake) 45 new byte[] { 46 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 47 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 48 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 49 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 50 }, 51 // A SHA-256 hash 52 new byte[] { 53 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 54 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 55 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 56 0x31, 0x32 57 }, 58 // A SHA-384 hash 59 new byte[] { 60 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 61 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 62 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 63 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 64 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 65 }, 66 // A SHA-512 hash 67 new byte[] { 68 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 69 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 70 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 71 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 72 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x50, 73 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x60, 74 0x61, 0x62, 0x63, 0x64 75 }); 76 77 private static List<byte[]> generatedSignatures = new ArrayList<>(); 78 79 public static void main(String[] args) throws Exception { 80 81 Provider[] providers = Security.getProviders("Signature.NONEwithRSA"); 82 if (providers == null) { 83 System.out.println("No JCE providers support the " + 84 "'Signature.NONEwithRSA' algorithm"); 85 System.out.println("Skipping this test..."); 86 return; 87 88 } else { 89 System.out.println("The following JCE providers support the " + 90 "'Signature.NONEwithRSA' algorithm: "); 91 for (Provider provider : providers) { 92 System.out.println(" " + provider.getName()); 93 } 94 } 95 System.out.println("-------------------------------------------------"); 96 97 KeyPair keys = getKeysFromKeyStore(); 98 signAllUsing("SunMSCAPI", keys.getPrivate()); 99 System.out.println("-------------------------------------------------"); 100 101 verifyAllUsing("SunMSCAPI", keys.getPublic()); 102 System.out.println("-------------------------------------------------"); 103 104 verifyAllUsing("SunJCE", keys.getPublic()); 105 System.out.println("-------------------------------------------------"); 106 107 keys = generateKeys(); 108 signAllUsing("SunJCE", keys.getPrivate()); 109 System.out.println("-------------------------------------------------"); 110 111 verifyAllUsing("SunMSCAPI", keys.getPublic()); 112 System.out.println("-------------------------------------------------"); 113 114 } 115 116 private static KeyPair getKeysFromKeyStore() throws Exception { 117 KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI"); 118 ks.load(null, null); 119 System.out.println("Loaded keystore: Windows-MY"); 120 121 Enumeration e = ks.aliases(); 122 PrivateKey privateKey = null; 123 PublicKey publicKey = null; 124 125 while (e.hasMoreElements()) { 126 String alias = (String) e.nextElement(); 127 if (alias.equals("6578658")) { 128 System.out.println("Loaded entry: " + alias); 129 privateKey = (PrivateKey) ks.getKey(alias, null); 130 publicKey = (PublicKey) ks.getCertificate(alias).getPublicKey(); 131 } 132 } 133 if (privateKey == null || publicKey == null) { 134 throw new Exception("Cannot load the keys need to run this test"); 135 } 136 137 return new KeyPair(publicKey, privateKey); 138 } 139 140 141 private static KeyPair generateKeys() throws Exception { 142 KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); 143 keyGen.initialize(1024, null); 144 KeyPair pair = keyGen.generateKeyPair(); 145 PrivateKey privateKey = pair.getPrivate(); 146 PublicKey publicKey = pair.getPublic(); 147 148 if (privateKey == null || publicKey == null) { 149 throw new Exception("Cannot load the keys need to run this test"); 150 } 151 152 return new KeyPair(publicKey, privateKey); 153 } 154 155 private static void signAllUsing(String providerName, PrivateKey privateKey) 156 throws Exception { 157 Signature sig1 = Signature.getInstance("NONEwithRSA", providerName); 158 if (sig1 == null) { 159 throw new Exception("'NONEwithRSA' is not supported"); 160 } 161 if (sig1.getProvider() != null) { 162 System.out.println("Using NONEwithRSA signer from the " + 163 sig1.getProvider().getName() + " JCE provider"); 164 } else { 165 System.out.println( 166 "Using NONEwithRSA signer from the internal JCE provider"); 167 } 168 169 System.out.println("Using key: " + privateKey); 170 generatedSignatures.clear(); 171 for (byte[] hash : precomputedHashes) { 172 sig1.initSign(privateKey); 173 sig1.update(hash); 174 175 try { 176 177 byte [] sigBytes = sig1.sign(); 178 System.out.println("\nGenerated RSA signature over a " + 179 hash.length + "-byte hash (signature length: " + 180 sigBytes.length * 8 + " bits)"); 181 System.out.println(String.format("0x%0" + 182 (sigBytes.length * 2) + "x", 183 new java.math.BigInteger(1, sigBytes))); 184 generatedSignatures.add(sigBytes); 185 186 } catch (SignatureException se) { 187 System.out.println("Error generating RSA signature: " + se); 188 } 189 } 190 } 191 192 private static void verifyAllUsing(String providerName, PublicKey publicKey) 193 throws Exception { 194 Signature sig1 = Signature.getInstance("NONEwithRSA", providerName); 195 if (sig1.getProvider() != null) { 196 System.out.println("\nUsing NONEwithRSA verifier from the " + 197 sig1.getProvider().getName() + " JCE provider"); 198 } else { 199 System.out.println( 200 "\nUsing NONEwithRSA verifier from the internal JCE provider"); 201 } 202 203 System.out.println("Using key: " + publicKey); 204 205 int i = 0; 206 for (byte[] hash : precomputedHashes) { 207 208 byte[] sigBytes = generatedSignatures.get(i++); 209 System.out.println("\nVerifying RSA Signature over a " + 210 hash.length + "-byte hash (signature length: " + 211 sigBytes.length * 8 + " bits)"); 212 System.out.println(String.format("0x%0" + 213 (sigBytes.length * 2) + "x", 214 new java.math.BigInteger(1, sigBytes))); 215 216 sig1.initVerify(publicKey); 217 sig1.update(hash); 218 if (sig1.verify(sigBytes)) { 219 System.out.println("Verify PASSED"); 220 } else { 221 throw new Exception("Verify FAILED"); 222 } 223 } 224 } 225 }