feat: RSASSA-PKCS1-v1_5 Using SHA-256で作成された署名を検証できるように

This commit is contained in:
usbharu 2024-09-23 23:17:06 +09:00
parent a33bdd7fe9
commit bf3fa2c014
Signed by: usbharu
GPG Key ID: 95CBCF7046307B77
6 changed files with 141 additions and 7 deletions

View File

@ -0,0 +1,19 @@
package dev.usbharu.httpsignature.v2
import java.util.*
class HttpMessageSignatureVerifier {
fun verify(verifyMaterial: VerifyMaterial, signature: Signature, signatureVerifier: SignatureVerifier): Boolean {
val coveredComponents = verifyMaterial.signatureBase.coveredComponents()
signature.coveredComponents.all { coveredComponents.contains(it) }
val signatureBase = verifyMaterial.signatureBase.generateSignatureBase(signature.signatureParameters)
return signatureVerifier.verify(
signatureBase.toByteArray(Charsets.UTF_8),
Base64.getDecoder().decode(signature.signature),
verifyMaterial.publicKey
)
}
}

View File

@ -0,0 +1,13 @@
package dev.usbharu.httpsignature.v2
import java.security.PublicKey
import java.security.Signature
class RsaV1_5Sha256SignatureVerifier : SignatureVerifier {
override fun verify(byteArray: ByteArray, signature: ByteArray, publicKey: PublicKey): Boolean {
val instance = Signature.getInstance("SHA256withRSA")
instance.initVerify(publicKey)
instance.update(byteArray)
return instance.verify(signature)
}
}

View File

@ -2,18 +2,18 @@ package dev.usbharu.httpsignature.v2
class SignatureBase() {
private val list = mutableMapOf<String, Component>()
private val list = mutableListOf<Component>()
fun addComponent(component: Component) {
if (list[component.componentIdentifier] != null) {
if (list.indexOf(component) != -1) {
throw IllegalArgumentException("Component with identifier ${component.componentIdentifier} already exists.")
}
list[component.componentIdentifier] = component
list.add(component)
}
fun generateSignatureBase(signatureParameters: List<SignatureParameter>): String {
val signatureBase =
list.values.joinToString(
list.joinToString(
separator = "",
postfix = "\n"
) { component -> "${component.componentIdentifier}: ${component.componentValue}" }
@ -25,15 +25,15 @@ class SignatureBase() {
fun generateSignatureParameterString(signatureParameters: List<SignatureParameter>): String {
return (listOf(
list.keys.joinToString(
list.joinToString(
" ",
"(",
")"
)
) { it.componentIdentifier }
) + signatureParameters.map { "${it.name}=${it.value}" }).joinToString(";")
}
fun coveredComponents(): List<String> {
return list.map { it.key }
return list.map { it.componentIdentifier }
}
}

View File

@ -0,0 +1,7 @@
package dev.usbharu.httpsignature.v2
import java.security.PublicKey
interface SignatureVerifier {
fun verify(byteArray: ByteArray, signature: ByteArray, publicKey: PublicKey): Boolean
}

View File

@ -0,0 +1,9 @@
package dev.usbharu.httpsignature.v2
import java.security.PublicKey
data class VerifyMaterial(
val signatureBase: SignatureBase,
val publicKey: PublicKey,
val label: String
)

View File

@ -0,0 +1,86 @@
package dev.usbharu.httpsignature.v2
import org.junit.jupiter.api.Assertions.assertTrue
import org.junit.jupiter.api.Test
import java.security.KeyFactory
import java.security.interfaces.RSAPrivateKey
import java.security.interfaces.RSAPublicKey
import java.security.spec.PKCS8EncodedKeySpec
import java.security.spec.X509EncodedKeySpec
import java.util.*
class HttpMessageSignatureVerifierTest {
@Test
fun verify() {
val privateKey = Base64.getDecoder().decode(
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH+8IRQdB9vhej" +
"eNQqwxlIutt4Xxjg3eZ5XYm7KgR4jAT/q7+cfsz2/fVTNwDOBpG2H1YJZRLUsrVI" +
"3Pia8k7oFyemYKEUN6kaKioO5C9hB0TaiTGlxAKI7syitvedH1YtHqf4zvqgtI2y" +
"Lv0NAXja3nUoWZWgZg8ZUHWAGhtHd/BpLiyvlwXAydFHl/eN5u8uCZhQD0bKI5KJ" +
"qi8Vcs59Q13+ZNHFdgvNjeD+Hc2AdOmbB5HrW2wREgd1sygBcZ77sSLyleeel8+d" +
"VkDsq/l4MQV5/0PeOn+PI8pJkyQUpqnExqzku354XW9ZE6XjREgBb9M0AEdyBLk5" +
"+YbZwiqrAgMBAAECggEAIDgmKB7xDDvYFcpIbytHo47B/+ldBL2Q0vTdqn3hLTAX" +
"OL80URj3b25dsVknPrToPO4HhTP3jgp3Z+nR/oS+Gb5r8O5DMBKs9+jbJdMK9G2g" +
"tjoW+ZypcTj9VynLSFEy0nTMndVwTlFIkvCRwcqpl07yk9xQXas+ZixZrJiIKeyW" +
"rCmBDJAjUSknljHDnULxAXvk6K7Y5uqPCv9DQ1362ZopY56H0++9ZMaJwr5PYJMT" +
"QoKVeZCGLvfY29rUrhV0/CvC7cfxrPbSuQ7Tr/WrpxFpz9H/Dnc8uePoUEmMP2GM" +
"ozjXaJDQrzOVMOpn/2uGinmrcR5/8ETsYruGG96kAQKBgQDoS4PyiZ93zTv5Yvo/" +
"aWX5IvieMO/w3kRvsdq0IM27Gd+Ck+0C7WBUqljuU4ql10mp67MFkj7ZmECWCAKa" +
"OfE3NtXKqnRgixDhM4Q7nfolhkN08CxRrYP3dBh7HJMDtb2YzPDdwV+PSbL6AM8o" +
"oOvxjABJQk6CaGdmL8sQwnHwgQKBgQDcZCJbwDyLPJo04dXkhPBWoH5hGjbtsAv9" +
"whhjY9IWFN/0KvJfzfoTWtgCkpYT3wgMYBVp0aTextbg1euim7X+iVL6TRq4QaVk" +
"Jv6dRnNZPrY7MlnXxIXE81z6syVjChrJBWi81s14SDKtGOpvghLiKUR29wvGjfER" +
"jY/X1MxFKwKBgAUyOz9fqLuLUb4gYqysdOV/zMPtIFDpB+rftZ615SQ8Te2j1Xdt" +
"S+xY6yhZog5XpIQyi4yiWtmPOFKi1zwP879icKHZ8kR+l+ARwPF8dS4FtNiWzsb8" +
"9KjCZhHK79bzZ8xVOUYcn0CbS2+gOQIVp3F9yjvZSdxM7ZMxmn9Dej0BAoGBAJuf" +
"ZZeOLfJPz8AJvCSKLr+swrDEdwbtqfn8xYXhJacMBHwAm3dFFhH2stNWOP09HwzG" +
"CDjZnWbl1zOaOrJu61saEurF6Vk0mZoX4vChn6/kFX/FdSVkEuVYx04LlBnUN8e8" +
"txGpSBtoN8h88IXevoDOjRbIKZuB/Tjc0jagf8FTAoGAWW8uXsWS4c2nBGNdodqL" +
"xJHcNZVMenHPqdkm7rHEYdf1sdbM7r7Q+oj0cifhbZwaRG9HiRGUAgJerLGEqe+x" +
"vNeYuKRF3A5xBFUTw/t+XFhUZ1sSyvOordp0uNahQqkAx1UQFWUBCEkG2k/X81fY" +
"trEnKP2IjOJDzoXGvc4TG0w="
)
val pkcS8EncodedKeySpec = PKCS8EncodedKeySpec(privateKey)
val rsaPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(pkcS8EncodedKeySpec) as RSAPrivateKey
val publicKey = Base64.getDecoder().decode(
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/vCEUHQfb4Xo3jUKsMZ" +
"SLrbeF8Y4N3meV2JuyoEeIwE/6u/nH7M9v31UzcAzgaRth9WCWUS1LK1SNz4mvJO" +
"6BcnpmChFDepGioqDuQvYQdE2okxpcQCiO7Morb3nR9WLR6n+M76oLSNsi79DQF4" +
"2t51KFmVoGYPGVB1gBobR3fwaS4sr5cFwMnRR5f3jebvLgmYUA9GyiOSiaovFXLO" +
"fUNd/mTRxXYLzY3g/h3NgHTpmweR61tsERIHdbMoAXGe+7Ei8pXnnpfPnVZA7Kv5" +
"eDEFef9D3jp/jyPKSZMkFKapxMas5Lt+eF1vWROl40RIAW/TNABHcgS5OfmG2cIq" +
"qwIDAQAB"
)
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
val signatureBase = SignatureBaseBuilder()
.header("Host", "example.com")
.build()
val material = Material(
signatureBase,
rsaPrivateKey,
"label"
)
val signer = HttpMessageSignatureSigner()
val sign = signer.sign(material, SignatureParameters().toParameterList(), RsaV1_5Sha256SignatureSigner())
val httpMessageSignatureVerifier = HttpMessageSignatureVerifier()
val actual = httpMessageSignatureVerifier.verify(
VerifyMaterial(
signatureBase, rsaPublicKey, "label"
),
sign, RsaV1_5Sha256SignatureVerifier()
)
assertTrue(actual)
}
}