From e438411685b22099332210251c8410c1862a07f0 Mon Sep 17 00:00:00 2001
From: usbharu <i@usbharu.dev>
Date: Mon, 23 Sep 2024 23:25:23 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20RSASSA-PSS=20Using=20SHA-512=E3=81=A7?=
 =?UTF-8?q?=E4=BD=9C=E6=88=90=E3=81=95=E3=82=8C=E3=81=9F=E7=BD=B2=E5=90=8D?=
 =?UTF-8?q?=E3=82=92=E6=A4=9C=E8=A8=BC=E3=81=A7=E3=81=8D=E3=82=8B=E3=82=88?=
 =?UTF-8?q?=E3=81=86=E3=81=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../v2/RsaPssSha512SignatureVerifier.kt       |  7 ++
 .../v2/RsaPssSignatureVerifier.kt             | 15 ++++
 .../v2/HttpMessageSignatureVerifierTest.kt    | 82 +++++++++++++++++++
 3 files changed, 104 insertions(+)
 create mode 100644 src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSha512SignatureVerifier.kt
 create mode 100644 src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSignatureVerifier.kt

diff --git a/src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSha512SignatureVerifier.kt b/src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSha512SignatureVerifier.kt
new file mode 100644
index 0000000..a435bc9
--- /dev/null
+++ b/src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSha512SignatureVerifier.kt
@@ -0,0 +1,7 @@
+package dev.usbharu.httpsignature.v2
+
+import java.security.spec.MGF1ParameterSpec
+import java.security.spec.PSSParameterSpec
+
+class RsaPssSha512SignatureVerifier(salt: Int = 64) :
+    RsaPssSignatureVerifier(PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, salt, 1))
\ No newline at end of file
diff --git a/src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSignatureVerifier.kt b/src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSignatureVerifier.kt
new file mode 100644
index 0000000..d155771
--- /dev/null
+++ b/src/main/kotlin/dev/usbharu/httpsignature/v2/RsaPssSignatureVerifier.kt
@@ -0,0 +1,15 @@
+package dev.usbharu.httpsignature.v2
+
+import java.security.PublicKey
+import java.security.Signature
+import java.security.spec.PSSParameterSpec
+
+open class RsaPssSignatureVerifier(private val pssParameterSpec: PSSParameterSpec) : SignatureVerifier {
+    override fun verify(byteArray: ByteArray, signature: ByteArray, publicKey: PublicKey): Boolean {
+        val verifier = Signature.getInstance("RSASSA-PSS")
+        verifier.setParameter(pssParameterSpec)
+        verifier.initVerify(publicKey)
+        verifier.update(byteArray)
+        return verifier.verify(signature)
+    }
+}
\ No newline at end of file
diff --git a/src/test/kotlin/dev/usbharu/httpsignature/v2/HttpMessageSignatureVerifierTest.kt b/src/test/kotlin/dev/usbharu/httpsignature/v2/HttpMessageSignatureVerifierTest.kt
index fdf99f9..84b5ebe 100644
--- a/src/test/kotlin/dev/usbharu/httpsignature/v2/HttpMessageSignatureVerifierTest.kt
+++ b/src/test/kotlin/dev/usbharu/httpsignature/v2/HttpMessageSignatureVerifierTest.kt
@@ -7,6 +7,7 @@ import java.security.interfaces.RSAPrivateKey
 import java.security.interfaces.RSAPublicKey
 import java.security.spec.PKCS8EncodedKeySpec
 import java.security.spec.X509EncodedKeySpec
+import java.time.Instant
 import java.util.*
 
 class HttpMessageSignatureVerifierTest {
@@ -83,4 +84,85 @@ class HttpMessageSignatureVerifierTest {
 
         assertTrue(actual)
     }
+
+    @Test
+    fun verify2() {
+        val key = KeyFactory.getInstance("RSASSA-PSS").generatePrivate(
+            PKCS8EncodedKeySpec(
+                Base64.getDecoder().decode(
+                    "MIIEvgIBADALBgkqhkiG9w0BAQoEggSqMIIEpgIBAAKCAQEAr4tmm3r20Wd/Pbqv" +
+                            "P1s2+QEtvpuRaV8Yq40gjUR8y2Rjxa6dpG2GXHbPfvMs8ct+Lh1GH45x28Rw3Ry5" +
+                            "3mm+oAXjyQ86OnDkZ5N8lYbggD4O3w6M6pAvLkhk95AndTrifbIFPNU8PPMO7Oyr" +
+                            "FAHqgDsznjPFmTOtCEcN2Z1FpWgchwuYLPL+Wokqltd11nqqzi+bJ9cvSKADYdUA" +
+                            "AN5WUtzdpiy6LbTgSxP7ociU4Tn0g5I6aDZJ7A8Lzo0KSyZYoA485mqcO0GVAdVw" +
+                            "9lq4aOT9v6d+nb4bnNkQVklLQ3fVAvJm+xdDOp9LCNCN48V2pnDOkFV6+U9nV5oy" +
+                            "c6XI2wIDAQABAoIBAQCUB8ip+kJiiZVKF8AqfB/aUP0jTAqOQewK1kKJ/iQCXBCq" +
+                            "pbo360gvdt05H5VZ/RDVkEgO2k73VSsbulqezKs8RFs2tEmU+JgTI9MeQJPWcP6X" +
+                            "aKy6LIYs0E2cWgp8GADgoBs8llBq0UhX0KffglIeek3n7Z6Gt4YFge2TAcW2WbN4" +
+                            "XfK7lupFyo6HHyWRiYHMMARQXLJeOSdTn5aMBP0PO4bQyk5ORxTUSeOciPJUFktQ" +
+                            "HkvGbym7KryEfwH8Tks0L7WhzyP60PL3xS9FNOJi9m+zztwYIXGDQuKM2GDsITeD" +
+                            "2mI2oHoPMyAD0wdI7BwSVW18p1h+jgfc4dlexKYRAoGBAOVfuiEiOchGghV5vn5N" +
+                            "RDNscAFnpHj1QgMr6/UG05RTgmcLfVsI1I4bSkbrIuVKviGGf7atlkROALOG/xRx" +
+                            "DLadgBEeNyHL5lz6ihQaFJLVQ0u3U4SB67J0YtVO3R6lXcIjBDHuY8SjYJ7Ci6Z6" +
+                            "vuDcoaEujnlrtUhaMxvSfcUJAoGBAMPsCHXte1uWNAqYad2WdLjPDlKtQJK1diCm" +
+                            "rqmB2g8QE99hDOHItjDBEdpyFBKOIP+NpVtM2KLhRajjcL9Ph8jrID6XUqikQuVi" +
+                            "4J9FV2m42jXMuioTT13idAILanYg8D3idvy/3isDVkON0X3UAVKrgMEne0hJpkPL" +
+                            "FYqgetvDAoGBAKLQ6JZMbSe0pPIJkSamQhsehgL5Rs51iX4m1z7+sYFAJfhvN3Q/" +
+                            "OGIHDRp6HjMUcxHpHw7U+S1TETxePwKLnLKj6hw8jnX2/nZRgWHzgVcY+sPsReRx" +
+                            "NJVf+Cfh6yOtznfX00p+JWOXdSY8glSSHJwRAMog+hFGW1AYdt7w80XBAoGBAImR" +
+                            "NUugqapgaEA8TrFxkJmngXYaAqpA0iYRA7kv3S4QavPBUGtFJHBNULzitydkNtVZ" +
+                            "3w6hgce0h9YThTo/nKc+OZDZbgfN9s7cQ75x0PQCAO4fx2P91Q+mDzDUVTeG30mE" +
+                            "t2m3S0dGe47JiJxifV9P3wNBNrZGSIF3mrORBVNDAoGBAI0QKn2Iv7Sgo4T/XjND" +
+                            "dl2kZTXqGAk8dOhpUiw/HdM3OGWbhHj2NdCzBliOmPyQtAr770GITWvbAI+IRYyF" +
+                            "S7Fnk6ZVVVHsxjtaHy1uJGFlaZzKR4AGNaUTOJMs6NadzCmGPAxNQQOCqoUjn4XR" +
+                            "rOjr9w349JooGXhOxbu8nOxX"
+                )
+            )
+        )
+
+        val signer = HttpMessageSignatureSigner()
+        val signatureBase = SignatureBaseBuilder()
+            .header("Host", "example.com")
+            .build()
+        val material = Material(
+            signatureBase,
+            key,
+            "sig"
+        )
+
+        val signatureParameters = SignatureParameters(
+            algorithm = "rsa-pss-sha512",
+            keyId = "a",
+            created = Instant.ofEpochSecond(1727076643),
+//            expires = Instant.ofEpochSecond(1727076943),
+            nonce = "a",
+            tag = "a"
+        )
+        val sign = signer.sign(
+            material,
+            signatureParameters.toParameterList(),
+            RsaPssSha512SignatureSigner()
+        )
+
+        val publicKey = KeyFactory.getInstance("RSA").generatePublic(
+            X509EncodedKeySpec(
+                Base64.getDecoder().decode(
+                    "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4tmm3r20Wd/PbqvP1s2" +
+                            "+QEtvpuRaV8Yq40gjUR8y2Rjxa6dpG2GXHbPfvMs8ct+Lh1GH45x28Rw3Ry53mm+" +
+                            "oAXjyQ86OnDkZ5N8lYbggD4O3w6M6pAvLkhk95AndTrifbIFPNU8PPMO7OyrFAHq" +
+                            "gDsznjPFmTOtCEcN2Z1FpWgchwuYLPL+Wokqltd11nqqzi+bJ9cvSKADYdUAAN5W" +
+                            "Utzdpiy6LbTgSxP7ociU4Tn0g5I6aDZJ7A8Lzo0KSyZYoA485mqcO0GVAdVw9lq4" +
+                            "aOT9v6d+nb4bnNkQVklLQ3fVAvJm+xdDOp9LCNCN48V2pnDOkFV6+U9nV5oyc6XI" +
+                            "2wIDAQAB"
+                )
+            )
+        )
+
+        HttpMessageSignatureVerifier().verify(
+            VerifyMaterial(signatureBase, publicKey, "sig"),
+            sign,
+            RsaPssSha512SignatureVerifier()
+        )
+
+    }
 }
\ No newline at end of file