1 /*
   2  * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /**
  25  * @see SignUsingSHA2withRSA.sh
  26  */
  27 
  28 import java.security.*;
  29 import java.util.*;
  30 
  31 public class SignUsingSHA2withRSA {
  32 
  33     private static final byte[] toBeSigned = new byte[] {
  34         0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10
  35     };
  36 
  37     private static List<byte[]> generatedSignatures = new ArrayList<>();
  38 
  39     public static void main(String[] args) throws Exception {
  40 
  41         Provider[] providers = Security.getProviders("Signature.SHA256withRSA");
  42         if (providers == null) {
  43             System.out.println("No JCE providers support the " +
  44                 "'Signature.SHA256withRSA' algorithm");
  45             System.out.println("Skipping this test...");
  46             return;
  47 
  48         } else {
  49             System.out.println("The following JCE providers support the " +
  50                 "'Signature.SHA256withRSA' algorithm: ");
  51             for (Provider provider : providers) {
  52                 System.out.println("    " + provider.getName());
  53             }
  54         }
  55         System.out.println("-------------------------------------------------");
  56 
  57         KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
  58         ks.load(null, null);
  59         System.out.println("Loaded keystore: Windows-MY");
  60 
  61         Enumeration<String> e = ks.aliases();
  62         PrivateKey privateKey = null;
  63         PublicKey publicKey = null;
  64 
  65         while (e.hasMoreElements()) {
  66             String alias = e.nextElement();
  67             if (alias.equals("6753664")) {
  68                 System.out.println("Loaded entry: " + alias);
  69                 privateKey = (PrivateKey) ks.getKey(alias, null);
  70                 publicKey = (PublicKey) ks.getCertificate(alias).getPublicKey();
  71             }
  72         }
  73         if (privateKey == null || publicKey == null) {
  74             throw new Exception("Cannot load the keys need to run this test");
  75         }
  76         System.out.println("-------------------------------------------------");
  77 
  78         generatedSignatures.add(signUsing("SHA256withRSA", privateKey));
  79         generatedSignatures.add(signUsing("SHA384withRSA", privateKey));
  80         generatedSignatures.add(signUsing("SHA512withRSA", privateKey));
  81 
  82         System.out.println("-------------------------------------------------");
  83 
  84         verifyUsing("SHA256withRSA", publicKey, generatedSignatures.get(0));
  85         verifyUsing("SHA384withRSA", publicKey, generatedSignatures.get(1));
  86         verifyUsing("SHA512withRSA", publicKey, generatedSignatures.get(2));
  87 
  88         System.out.println("-------------------------------------------------");
  89     }
  90 
  91     private static byte[] signUsing(String signAlgorithm,
  92         PrivateKey privateKey) throws Exception {
  93 
  94         // Must explicitly specify the SunMSCAPI JCE provider
  95         // (otherwise SunJCE is chosen because it appears earlier in the list)
  96         Signature sig1 = Signature.getInstance(signAlgorithm, "SunMSCAPI");
  97         if (sig1 == null) {
  98             throw new Exception("'" + signAlgorithm + "' is not supported");
  99         }
 100         System.out.println("Using " + signAlgorithm + " signer from the " +
 101             sig1.getProvider().getName() + " JCE provider");
 102 
 103         System.out.println("Using key: " + privateKey);
 104         sig1.initSign(privateKey);
 105         sig1.update(toBeSigned);
 106         byte [] sigBytes = null;
 107 
 108         try {
 109             sigBytes = sig1.sign();
 110             System.out.println("Generated RSA signature over a " +
 111                 toBeSigned.length + "-byte data (signature length: " +
 112                 sigBytes.length * 8 + " bits)");
 113             System.out.println(String.format("0x%0" +
 114                 (sigBytes.length * 2) + "x",
 115                 new java.math.BigInteger(1, sigBytes)));
 116 
 117         } catch (SignatureException se) {
 118                 System.out.println("Error generating RSA signature: " + se);
 119         }
 120 
 121         return sigBytes;
 122     }
 123 
 124     private static void verifyUsing(String signAlgorithm, PublicKey publicKey,
 125         byte[] signature) throws Exception {
 126 
 127         // Must explicitly specify the SunMSCAPI JCE provider
 128         // (otherwise SunJCE is chosen because it appears earlier in the list)
 129         Signature sig1 = Signature.getInstance(signAlgorithm, "SunMSCAPI");
 130         if (sig1 == null) {
 131             throw new Exception("'" + signAlgorithm + "' is not supported");
 132         }
 133         System.out.println("Using " + signAlgorithm + " verifier from the "
 134             + sig1.getProvider().getName() + " JCE provider");
 135 
 136         System.out.println("Using key: " + publicKey);
 137 
 138         System.out.println("\nVerifying RSA Signature over a " +
 139             toBeSigned.length + "-byte data (signature length: " +
 140             signature.length * 8 + " bits)");
 141         System.out.println(String.format("0x%0" + (signature.length * 2) +
 142             "x", new java.math.BigInteger(1, signature)));
 143 
 144         sig1.initVerify(publicKey);
 145         sig1.update(toBeSigned);
 146 
 147         if (sig1.verify(signature)) {
 148             System.out.println("Verify PASSED\n");
 149         } else {
 150             throw new Exception("Verify FAILED");
 151         }
 152     }
 153 }