Skip to content
This repository has been archived by the owner on Feb 10, 2021. It is now read-only.

Commit

Permalink
Implement JCA-based SHA1-RSA signature verification logic
Browse files Browse the repository at this point in the history
To be used for Travis's new authentication mechanism
Refs #43
  • Loading branch information
cvrebert committed Jan 22, 2017
1 parent 266c7a5 commit 9c1a2d6
Show file tree
Hide file tree
Showing 5 changed files with 96 additions and 0 deletions.
3 changes: 3 additions & 0 deletions build.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ libraryDependencies += "com.google.code.gson" % "gson" % "2.8.0"

libraryDependencies += "ch.qos.logback" % "logback-classic" % "1.1.9"

// For reading PEM ("-----BEGIN PUBLIC KEY-----"), which Travis's API uses for its public key.
libraryDependencies += "org.bouncycastle" % "bcpkix-jdk15on" % "1.56"

libraryDependencies ++= {
val akkaV = "2.3.16"
val sprayV = "1.3.4"
Expand Down
41 changes: 41 additions & 0 deletions src/main/scala/com/getbootstrap/savage/crypto/Pem.scala
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
package com.getbootstrap.savage.crypto

import scala.util.{Try,Success,Failure}
import java.io.StringReader
import java.security.spec.X509EncodedKeySpec
import org.bouncycastle.util.io.pem.PemReader
import org.bouncycastle.util.io.pem.PemObject


sealed class MalformedPemException(cause: Throwable) extends RuntimeException("The given data did not conform to the PEM format!", cause)

sealed class UnexpectedPemDataTypeException(expectedType: String, pemObj: PemObject)
extends RuntimeException(s"PEM contained data of unexpected type! Expected: ${expectedType} Actual: ${pemObj.getType}")

// PEM is the name for the format that involves "-----BEGIN PUBLIC KEY-----" etc.
object Pem {
private val PublicKeyPemType = "PUBLIC KEY"

@throws[MalformedPemException]("if there is a problem decoding the PEM data")
private def decode(pem: String): PemObject = {
val pemReader = new PemReader(new StringReader(pem))
val pemObjTry = Try { pemReader.readPemObject() }
val closeTry = Try { pemReader.close() }
(pemObjTry, closeTry) match {
case (Failure(readExc), _) => throw new MalformedPemException(readExc)
case (_, Failure(closeExc)) => throw new MalformedPemException(closeExc)
case (Success(pemObj), Success(_)) => pemObj
}
}

// Decodes PKCS8 data in PEM format into a X509EncodedKeySpec
// which can be handled by sun.security.rsa.RSAKeyFactory
@throws[UnexpectedPemDataTypeException]("if the PEM contains non-public-key data")
def decodePublicKeyIntoSpec(publicKeyInPem: String): X509EncodedKeySpec = {
val pemObj = decode(publicKeyInPem)
pemObj.getType match {
case PublicKeyPemType => new X509EncodedKeySpec(pemObj.getContent)
case unexpectedType => throw new UnexpectedPemDataTypeException(PublicKeyPemType, pemObj)
}
}
}
16 changes: 16 additions & 0 deletions src/main/scala/com/getbootstrap/savage/crypto/RsaPublicKey.scala
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package com.getbootstrap.savage.crypto

import scala.util.Try
import java.security.KeyFactory
import java.security.PublicKey
import java.security.spec.X509EncodedKeySpec


sealed case class RsaPublicKey private(publicKey: PublicKey)

object RsaPublicKey {
private val rsaKeyFactory = KeyFactory.getInstance("RSA") // Supported in all spec-compliant JVMs

def fromX509Spec(keySpec: X509EncodedKeySpec): Try[RsaPublicKey] = Try{ rsaKeyFactory.generatePublic(keySpec) }.map{ new RsaPublicKey(_) }
def fromPem(pem: String): Try[RsaPublicKey] = Try{ Pem.decodePublicKeyIntoSpec(pem) }.flatMap{ fromX509Spec(_) }
}
27 changes: 27 additions & 0 deletions src/main/scala/com/getbootstrap/savage/crypto/Sha1WithRsa.scala
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
package com.getbootstrap.savage.crypto

import java.security.Signature
import java.security.SignatureException
import java.security.InvalidKeyException


object Sha1WithRsa {
private val signatureAlgorithmName = "SHA1withRSA" // Supported in all spec-compliant JVMs
private def newSignatureVerifier(): Signature = Signature.getInstance(signatureAlgorithmName)

def verifySignature(signature: Array[Byte], publicKey: RsaPublicKey, signedData: Array[Byte]): SignatureVerificationStatus = {
val verifier = newSignatureVerifier()
try {
verifier.initVerify(publicKey.publicKey) // throws InvalidKeyException
verifier.update(signedData)// also accepts ByteBuffer; throws SignatureException
verifier.verify(signature) match {
case true => SuccessfullyVerified
case false => FailedVerification
}
}
catch {
case keyExc:InvalidKeyException => ExceptionDuringVerification(keyExc)
case sigExc:SignatureException => ExceptionDuringVerification(sigExc)
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
package com.getbootstrap.savage.crypto

sealed trait SignatureVerificationStatus

object SuccessfullyVerified extends SignatureVerificationStatus

trait FailedVerification extends SignatureVerificationStatus
object FailedVerification extends SignatureVerificationStatus
case class ExceptionDuringVerification(error: Throwable) extends FailedVerification

0 comments on commit 9c1a2d6

Please sign in to comment.