Sample Code - Vayana Auth Token Generation - Java
This sample code does both sign and verify. In reality you will do the signing and VayanaGSP server will do the verification. So you will work with your private key and do the signing. Usage of public key and verification is VayanaGSP responsibility. But you can use this code (or equivalent code in your programming language) to gain confidence that you are signing correctly. And then remove the public key and verification related code
Note: You should load Bouncycastle security provider to be able to use the code below. For further information also see Introduction to BouncyCastle with Java
private void showAuthenticationPem(String privateKeyPath, String publicKeyPath)
throws KeyStoreException, UnrecoverableKeyException, CertificateException,
NoSuchAlgorithmException, IOException, SignatureException, InvalidKeyException,
InvalidKeySpecException {
String message = "a quick brown fox jumped over the crazy dog";
PrivateKey privateKey = readPemPrivateKey(privateKeyPath);
PublicKey publicKey = readPemPublicKey(publicKeyPath);
signAndVerify(message, privateKey, publicKey);
}
private void signAndVerify(String message, PrivateKey privateKey, PublicKey publicKey)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException {
String signature = sign(message, privateKey);
Boolean verified = verify(message, signature, publicKey);
}
private PublicKey readPemPublicKey(String publicKeyPath) throws
CertificateException, IOException, NoSuchAlgorithmException, InvalidKeySpecException {
File file = new File(publicKeyPath);
DataInputStream is = new DataInputStream(new FileInputStream(file));
byte[] keyBytes = new byte[(int) file.length()];
is.readFully(keyBytes);
is.close();
String temp = new String(keyBytes);
String pubKeyPEM = temp.replace("-----BEGIN PUBLIC KEY-----", "");
pubKeyPEM = pubKeyPEM.replace("-----END PUBLIC KEY-----", "");
pubKeyPEM = pubKeyPEM.replace("\n", "");
Base64.Decoder b64=Base64.getDecoder();
byte[] decoded = b64.decode(pubKeyPEM);
X509EncodedKeySpec spec = new X509EncodedKeySpec(decoded);
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey publicKey = kf.generatePublic(spec);
return publicKey;
}
private PrivateKey readPemPrivateKey(String privateKeyPath) throws
CertificateException, IOException, NoSuchAlgorithmException, InvalidKeySpecException {
File file = new File(privateKeyPath);
DataInputStream is = new DataInputStream(new FileInputStream(file));
byte[] keyBytes = new byte[(int) file.length()];
is.readFully(keyBytes);
is.close();
String temp = new String(keyBytes);
String privKeyPEM = temp.replace("-----BEGIN RSA PRIVATE KEY-----", "");
privKeyPEM = privKeyPEM.replace("-----END RSA PRIVATE KEY-----", "");
privKeyPEM = privKeyPEM.replace("\n", "");
Base64.Decoder b64=Base64.getDecoder();
byte[] decoded = b64.decode(privKeyPEM);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decoded);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(spec);
return privateKey;
}
private Boolean verify(String message, String signature, PublicKey publicKey)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException {
Signature sig = Signature.getInstance( "SHA1withRSA" );
sig.initVerify( publicKey );
sig.update( message.getBytes( ) );
Boolean verified = sig.verify( Base64.getDecoder().decode(signature));
System.out.println("Verification status is: " + verified);
return verified;
}
private String sign(String message, PrivateKey privateKey) throws
NoSuchAlgorithmException, InvalidKeyException, SignatureException {
Signature sig = Signature.getInstance("SHA1WithRSA");
sig.initSign(privateKey);
sig.update(message.getBytes());
byte[] signatureBytes = sig.sign();
String signature = Base64.getEncoder().encodeToString(signatureBytes);
System.out.println("Signature:" + signature);
return signature;
}