/// <summary>
/// Verify the buffer against the signature using the public key.
/// </summary>
///
/// <param name="buffer">The input buffer to verify.</param>
/// <param name="signature">The signature bytes.</param>
/// <param name="publicKey">The object containing the public key.</param>
/// <param name="digestAlgorithm">The digest algorithm.</param>
/// <returns>True if verification succeeds, false if verification fails.</returns>
/// <exception cref="System.ArgumentException">for an invalid public key type ordigestAlgorithm.</exception>
public static bool verifySignature(ByteBuffer buffer, byte[] signature,
PublicKey publicKey, DigestAlgorithm digestAlgorithm)
{
if (digestAlgorithm == net.named_data.jndn.security.DigestAlgorithm.SHA256)
{
if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA)
{
try {
KeyFactory keyFactory = System.KeyFactory.getInstance("RSA");
System.SecurityPublicKey securityPublicKey = keyFactory
.generatePublic(new X509EncodedKeySpec(publicKey
.getKeyDer().getImmutableArray()));
System.SecuritySignature rsaSignature = System.SecuritySignature
.getInstance("SHA256withRSA");
rsaSignature.initVerify(securityPublicKey);
rsaSignature.update(buffer);
return(rsaSignature.verify(signature));
} catch (Exception ex) {
return(false);
}
}
else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC)
{
try {
KeyFactory keyFactory_0 = System.KeyFactory.getInstance("EC");
System.SecurityPublicKey securityPublicKey_1 = keyFactory_0
.generatePublic(new X509EncodedKeySpec(publicKey
.getKeyDer().getImmutableArray()));
System.SecuritySignature ecdsaSignature = System.SecuritySignature
.getInstance("SHA256withECDSA");
ecdsaSignature.initVerify(securityPublicKey_1);
ecdsaSignature.update(buffer);
return(ecdsaSignature.verify(signature));
} catch (Exception ex_2) {
return(false);
}
}
else
{
throw new ArgumentException(
"verifySignature: Invalid key type");
}
}
else
{
throw new ArgumentException(
"verifySignature: Invalid digest algorithm");
}
}
/// <summary>
/// Sign the data with this private key, returning a signature Blob.
/// </summary>
///
/// <param name="data">The input byte buffer.</param>
/// <param name="digestAlgorithm">the digest algorithm.</param>
/// <returns>The signature Blob, or an isNull Blob if this private key is not
/// initialized.</returns>
/// <exception cref="TpmPrivateKey.Error">for unrecognized digestAlgorithm or an errorin signing.</exception>
public Blob sign(ByteBuffer data, DigestAlgorithm digestAlgorithm)
{
if (digestAlgorithm != net.named_data.jndn.security.DigestAlgorithm.SHA256)
{
throw new TpmPrivateKey.Error(
"TpmPrivateKey.sign: Unsupported digest algorithm");
}
System.SecuritySignature signature = null;
if (keyType_ == net.named_data.jndn.security.KeyType.EC)
{
try {
signature = System.SecuritySignature
.getInstance("SHA256withECDSA");
} catch (Exception e) {
// Don't expect this to happen.
throw new TpmPrivateKey.Error(
"SHA256withECDSA algorithm is not supported");
}
}
else if (keyType_ == net.named_data.jndn.security.KeyType.RSA)
{
try {
signature = System.SecuritySignature
.getInstance("SHA256withRSA");
} catch (Exception e_0) {
// Don't expect this to happen.
throw new TpmPrivateKey.Error(
"SHA256withRSA algorithm is not supported");
}
}
else
{
return(new Blob());
}
try {
signature.initSign(privateKey_);
} catch (InvalidKeyException exception) {
throw new TpmPrivateKey.Error("InvalidKeyException: "
+ exception.Message);
}
try {
signature.update(data);
return(new Blob(signature.sign(), false));
} catch (SignatureException exception_1) {
throw new TpmPrivateKey.Error("SignatureException: "
+ exception_1.Message);
}
}
/// <summary>
/// Verify the ECDSA signature on the SignedBlob using the given public key.
/// </summary>
///
/// <param name="signature">The signature bits.</param>
/// <param name="signedBlob">the SignedBlob with the signed portion to verify.</param>
/// <param name="publicKeyDer">The DER-encoded public key used to verify the signature.</param>
/// <returns>true if the signature verifies, false if not.</returns>
protected static internal bool verifySha256WithEcdsaSignature(Blob signature,
SignedBlob signedBlob, Blob publicKeyDer)
{
KeyFactory keyFactory = null;
try {
keyFactory = System.KeyFactory.getInstance("EC");
} catch (Exception exception) {
// Don't expect this to happen.
throw new SecurityException("EC is not supported: "
+ exception.Message);
}
System.SecurityPublicKey publicKey = null;
try {
publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(
publicKeyDer.getImmutableArray()));
} catch (InvalidKeySpecException exception_0) {
// Don't expect this to happen.
throw new SecurityException("X509EncodedKeySpec is not supported: "
+ exception_0.Message);
}
System.SecuritySignature ecSignature = null;
try {
ecSignature = System.SecuritySignature
.getInstance("SHA256withECDSA");
} catch (Exception e) {
// Don't expect this to happen.
throw new SecurityException(
"SHA256withECDSA algorithm is not supported");
}
try {
ecSignature.initVerify(publicKey);
} catch (InvalidKeyException exception_1) {
throw new SecurityException("InvalidKeyException: "
+ exception_1.Message);
}
try {
ecSignature.update(signedBlob.signedBuf());
return(ecSignature.verify(signature.getImmutableArray()));
} catch (SignatureException exception_2) {
throw new SecurityException("SignatureException: "
+ exception_2.Message);
}
}
/// <summary>
/// Fetch the private key for keyName and sign the data, returning a signature
/// Blob.
/// </summary>
///
/// <param name="data">Pointer the input byte buffer to sign.</param>
/// <param name="keyName">The name of the signing key.</param>
/// <param name="digestAlgorithm">the digest algorithm.</param>
/// <returns>The signature Blob.</returns>
/// <exception cref="System.Security.SecurityException"></exception>
public override Blob sign(ByteBuffer data, Name keyName,
DigestAlgorithm digestAlgorithm)
{
if (digestAlgorithm != net.named_data.jndn.security.DigestAlgorithm.SHA256)
{
throw new SecurityException(
"MemoryPrivateKeyStorage.sign: Unsupported digest algorithm");
}
// Find the private key and sign.
MemoryPrivateKeyStorage.PrivateKey privateKey = (MemoryPrivateKeyStorage.PrivateKey)ILOG.J2CsMapping.Collections.Collections.Get(privateKeyStore_, keyName
.toUri());
if (privateKey == null)
{
throw new SecurityException(
"MemoryPrivateKeyStorage: Cannot find private key "
+ keyName.toUri());
}
System.SecuritySignature signature = null;
if (privateKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA)
{
try {
signature = System.SecuritySignature
.getInstance("SHA256withRSA");
} catch (Exception e) {
// Don't expect this to happen.
throw new SecurityException(
"SHA256withRSA algorithm is not supported");
}
}
else if (privateKey.getKeyType() == net.named_data.jndn.security.KeyType.ECDSA)
{
try {
signature = System.SecuritySignature
.getInstance("SHA256withECDSA");
} catch (Exception e_0) {
// Don't expect this to happen.
throw new SecurityException(
"SHA256withECDSA algorithm is not supported");
}
}
else
{
// We don't expect this to happen.
throw new SecurityException("Unrecognized private key type");
}
try {
signature.initSign(privateKey.getPrivateKey());
} catch (InvalidKeyException exception) {
throw new SecurityException("InvalidKeyException: "
+ exception.Message);
}
try {
signature.update(data);
return(new Blob(signature.sign(), false));
} catch (SignatureException exception_1) {
throw new SecurityException("SignatureException: "
+ exception_1.Message);
}
}
/// <summary>
/// Fetch the private key for keyName and sign the data, returning a signature
/// Blob.
/// </summary>
///
/// <param name="data">Pointer the input byte buffer to sign.</param>
/// <param name="keyName">The name of the signing key.</param>
/// <param name="digestAlgorithm">the digest algorithm.</param>
/// <returns>The signature Blob.</returns>
/// <exception cref="System.Security.SecurityException"></exception>
public sealed override Blob sign(ByteBuffer data, Name keyName,
DigestAlgorithm digestAlgorithm)
{
if (!doesKeyExist(keyName, net.named_data.jndn.security.KeyClass.PRIVATE))
{
throw new SecurityException(
"FilePrivateKeyStorage.sign: private key doesn't exist");
}
if (digestAlgorithm != net.named_data.jndn.security.DigestAlgorithm.SHA256)
{
throw new SecurityException(
"FilePrivateKeyStorage.sign: Unsupported digest algorithm");
}
// Retrieve the private key.
KeyType[] keyType = new KeyType[1];
PrivateKey privateKey = getPrivateKey(keyName, keyType);
// Sign.
System.SecuritySignature signature = null;
if (keyType[0] == net.named_data.jndn.security.KeyType.RSA)
{
try {
signature = System.SecuritySignature
.getInstance("SHA256withRSA");
} catch (Exception e) {
// Don't expect this to happen.
throw new SecurityException(
"FilePrivateKeyStorage: The SHA256withRSA algorithm is not supported");
}
}
else if (keyType[0] == net.named_data.jndn.security.KeyType.EC)
{
try {
signature = System.SecuritySignature
.getInstance("SHA256withECDSA");
} catch (Exception e_0) {
// Don't expect this to happen.
throw new SecurityException(
"FilePrivateKeyStorage: The SHA256withECDSA algorithm is not supported");
}
}
else
{
// We don't expect this to happen since getPrivateKey checked it.
throw new SecurityException(
"FilePrivateKeyStorage: Unsupported signature key type "
+ keyType[0]);
}
try {
signature.initSign(privateKey);
} catch (InvalidKeyException exception) {
throw new SecurityException(
"FilePrivateKeyStorage: InvalidKeyException: "
+ exception.Message);
}
try {
signature.update(data);
return(new Blob(signature.sign(), false));
} catch (SignatureException exception_1) {
throw new SecurityException(
"FilePrivateKeyStorage: SignatureException: "
+ exception_1.Message);
}
}
