1 /* 2 * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @see SignUsingSHA2withRSA.sh 26 */ 27 28 import java.security.*; 29 import java.util.*; 30 31 public class SignUsingSHA2withRSA { 32 33 private static final byte[] toBeSigned = new byte[] { 34 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10 35 }; 36 37 private static List<byte[]> generatedSignatures = new ArrayList<>(); 38 39 public static void main(String[] args) throws Exception { 40 41 Provider[] providers = Security.getProviders("Signature.SHA256withRSA"); 42 if (providers == null) { 43 System.out.println("No JCE providers support the " + 44 "'Signature.SHA256withRSA' algorithm"); 45 System.out.println("Skipping this test..."); 46 return; 47 48 } else { 49 System.out.println("The following JCE providers support the " + 50 "'Signature.SHA256withRSA' algorithm: "); 51 for (Provider provider : providers) { 52 System.out.println(" " + provider.getName()); 53 } 54 } 55 System.out.println("-------------------------------------------------"); 56 57 KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI"); 58 ks.load(null, null); 59 System.out.println("Loaded keystore: Windows-MY"); 60 61 Enumeration<String> e = ks.aliases(); 62 PrivateKey privateKey = null; 63 PublicKey publicKey = null; 64 65 while (e.hasMoreElements()) { 66 String alias = e.nextElement(); 67 if (alias.equals("6753664")) { 68 System.out.println("Loaded entry: " + alias); 69 privateKey = (PrivateKey) ks.getKey(alias, null); 70 publicKey = (PublicKey) ks.getCertificate(alias).getPublicKey(); 71 } 72 } 73 if (privateKey == null || publicKey == null) { 74 throw new Exception("Cannot load the keys need to run this test"); 75 } 76 System.out.println("-------------------------------------------------"); 77 78 generatedSignatures.add(signUsing("SHA256withRSA", privateKey)); 79 generatedSignatures.add(signUsing("SHA384withRSA", privateKey)); 80 generatedSignatures.add(signUsing("SHA512withRSA", privateKey)); 81 82 System.out.println("-------------------------------------------------"); 83 84 verifyUsing("SHA256withRSA", publicKey, generatedSignatures.get(0)); 85 verifyUsing("SHA384withRSA", publicKey, generatedSignatures.get(1)); 86 verifyUsing("SHA512withRSA", publicKey, generatedSignatures.get(2)); 87 88 System.out.println("-------------------------------------------------"); 89 } 90 91 private static byte[] signUsing(String signAlgorithm, 92 PrivateKey privateKey) throws Exception { 93 94 // Must explicitly specify the SunMSCAPI JCE provider 95 // (otherwise SunJCE is chosen because it appears earlier in the list) 96 Signature sig1 = Signature.getInstance(signAlgorithm, "SunMSCAPI"); 97 if (sig1 == null) { 98 throw new Exception("'" + signAlgorithm + "' is not supported"); 99 } 100 System.out.println("Using " + signAlgorithm + " signer from the " + 101 sig1.getProvider().getName() + " JCE provider"); 102 103 System.out.println("Using key: " + privateKey); 104 sig1.initSign(privateKey); 105 sig1.update(toBeSigned); 106 byte [] sigBytes = null; 107 108 try { 109 sigBytes = sig1.sign(); 110 System.out.println("Generated RSA signature over a " + 111 toBeSigned.length + "-byte data (signature length: " + 112 sigBytes.length * 8 + " bits)"); 113 System.out.println(String.format("0x%0" + 114 (sigBytes.length * 2) + "x", 115 new java.math.BigInteger(1, sigBytes))); 116 117 } catch (SignatureException se) { 118 System.out.println("Error generating RSA signature: " + se); 119 } 120 121 return sigBytes; 122 } 123 124 private static void verifyUsing(String signAlgorithm, PublicKey publicKey, 125 byte[] signature) throws Exception { 126 127 // Must explicitly specify the SunMSCAPI JCE provider 128 // (otherwise SunJCE is chosen because it appears earlier in the list) 129 Signature sig1 = Signature.getInstance(signAlgorithm, "SunMSCAPI"); 130 if (sig1 == null) { 131 throw new Exception("'" + signAlgorithm + "' is not supported"); 132 } 133 System.out.println("Using " + signAlgorithm + " verifier from the " 134 + sig1.getProvider().getName() + " JCE provider"); 135 136 System.out.println("Using key: " + publicKey); 137 138 System.out.println("\nVerifying RSA Signature over a " + 139 toBeSigned.length + "-byte data (signature length: " + 140 signature.length * 8 + " bits)"); 141 System.out.println(String.format("0x%0" + (signature.length * 2) + 142 "x", new java.math.BigInteger(1, signature))); 143 144 sig1.initVerify(publicKey); 145 sig1.update(toBeSigned); 146 147 if (sig1.verify(signature)) { 148 System.out.println("Verify PASSED\n"); 149 } else { 150 throw new Exception("Verify FAILED"); 151 } 152 } 153 }