Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Signature verification works in .NEt, but not in Java

843811Jul 20 2005 — edited Aug 24 2005
I am receiving from a Base64 encoded XML string containing some signed data, a signature, and an X.509 certificate. Our existing code (.NET) can verify the sig, but doing the same work in Java results in a SignatureException (stack trace below).

A few issues I've considered are:
- I'm not testing against the correct data (but this should result in failed verification, not an exception)
- something to do with the provider
- endian issues

Any assistance would be greatly appreciated.



My code: 
    import org.apache.commons.codec.binary.Base64;
    ...
    public static boolean verify(String signedInfo,
                                 String b64SignatureData,
                                 String b64CertData) throws Exception
    {
        Base64 b64 = new Base64();

        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        byte[] certData = b64.decode(b64CertData.getBytes());
        InputStream in = new ByteArrayInputStream(certData);

        // sun.security.x509.X509CertImpl
        X509Certificate cert = (X509Certificate) cf.generateCertificate(in);

        byte[] signedData = signedInfo.getBytes();
        byte[] signatureData = b64.decode(b64SignatureData.getBytes());

        // MD5withRSA
        String algorithm = cert.getSigAlgName(); 

        // java.security.Signature$Delegate
        Signature signature = Signature.getInstance(algorithm);

        // sun.security.rsa.RSAPublicKeyImpl
        PublicKey publicKey = cert.getPublicKey();

        signature.initVerify(publicKey);
        signature.update(signedData);

        return signature.verify(signatureData);
    }
Signed Data: 
<SignedInfo>
    <Object ID="ecs">
        <user_id>W099</user_id>
    </Object>
    <Timestamp>1119984055467</Timestamp>
</SignedInfo>
Signature: 
CP57YoPX0qm+MHrVoSTGD7/S6JomPp7JP8ScCL4wlgkG7x1aRqN0I/gC+SFfGLYX
mwZv1X5EhSmCmSLvw6u8f5DGMueNip4dIXXdNQqjnuLK85GuKU7JwXUWfSc7gExS
9LdEyJwEhKu3nTqWKA4poiYCmjuN4QtcYkrGaciB1UY=
X.509 Cert data: 
MIICZjCCAc8CBEB9YHcwDQYJKoZIhvcNAQEEBQAwejELMAkGA1UEBhMCVVMxEzAR
BgNVBAgTCk5ldyBKZXJzZXkxEzARBgNVBAcTCkxpdmluZ3N0b24xJTAjBgNVBAoT
HEFNRVJJQ0FOIElOVEwgR1JPVVAgREFUQSBDVFIxDDAKBgNVBAsTA0VDUzEMMAoG
A1UEAxMDRUNTMB4XDTA0MDQxNDE2MDE1OVoXDTA1MDQxNDE2MDE1OVowejELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxEzARBgNVBAcTCkxpdmluZ3N0
b24xJTAjBgNVBAoTHEFNRVJJQ0FOIElOVEwgR1JPVVAgREFUQSBDVFIxDDAKBgNV
BAsTA0VDUzEMMAoGA1UEAxMDRUNTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCEOdfHeQ2T6U1sGsJYkrqaMtubae7EF9bu3MTMIwJ5svaklOTkotu+YGnC9YdA
R2T+V5hzGEyfxZWTJWLLhcZoWYBP2qIc/Ce0hNHzIIqpOilchp7MR78zpW/HGUHf
QTUcGXHlBg6MxTlrqx2PxdGcCC+l7CIhdjLVG4gjAIncOwIDAQABMA0GCSqGSIb3
DQEBBAUAA4GBAHiob6VyvTMInAZnuqMJ+pNzL9J8Jgmh6YoY19kTcWmuW0B3piVu
iomYhBt8SIk+hQlyw7YUzDH6onvRNqLg75/bIg+8RKWEHxfeKUUMBfII9CrM5NY8
JSTVYN9fLw4DxoH9jbMjpQGHeVwfu5Va2h86BvAvcsehBpnmYs5TvrFf
Exception occuring at Signature.verify(): 
java.security.SignatureException: Signature encoding error
	at sun.security.rsa.RSASignature.engineVerify(Unknown Source)
	at java.security.Signature$Delegate.engineVerify(Unknown Source)
	at java.security.Signature.verify(Unknown Source)
	at Test.verify(Test.java:327)
	...
Caused by: java.io.IOException: ObjectIdentifier mismatch: 1.3.14.3.2.26
	at sun.security.rsa.RSASignature.decodeSignature(Unknown Source)
	... 35 more
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 21 2005
Added on Jul 20 2005
#cryptography
10 comments
3,160 views