CFCA public key verification
JAVA
<![CDATA[
public void bothVerifyHmacOrder(JSONObject json) {
LOGGER.info("resp json : {}", json);
if (json == null || Constants.ERROR.equals(json.getString(Constants.STATUS))) {
throw new RequestException(json);
}
if(StringUtils.isNotEmpty(json.getString("httpStatus"))){
int httpStatus = Integer.parseInt(json.getString("httpStatus"));
LOGGER.info("HttpStatus[" + httpStatus + "]");
if (httpStatus == 406) {
json.put("errorMessage", "Data error, Access denied. Http status is 406 !");
throw new ResponseException(json);
}
}
StringBuilder hmacSource = new StringBuilder();
appendKeys(json, hmacSource);
String source = hmacSource.toString();
LOGGER.info("bothVerifyHmacOrder source : {}",source);
LOGGER.debug("json : {}",json.toJSONString());
String hmac = json.getString(HMAC);
try {
String publicKey = certificateReader.readPublicKey();
boolean verify = RSAUtils.verify(RSAUtils.encryptSHA(source.getBytes("UTF-8")),publicKey,hmac);
if (!verify){
LOGGER.debug("verifyHmacOrder sign invalid ");
throw new HmacVerifyException(source, publicKey, hmac);
}
} catch (Exception e) {
e.printStackTrace();
throw new UnknownException(e);
}
}
]]>
PHP
<![CDATA[
function rsaPubilcSign($data,$path,$hmac){
$public_key=file_get_contents($path);
$pem1 = chunk_split(base64_encode($public_key),64,"\n");
$pem1 = "-----BEGIN CERTIFICATE-----\n".$pem1."-----END CERTIFICATE-----\n";
$pi_key = openssl_pkey_get_public($pem1);
$result=openssl_verify($data,base64_decode($hmac),$pem1,OPENSSL_ALGO_MD5);
return $result;
}
]]>
C#
<![CDATA[
public static bool VerifySign(string data, string publicKeyPath, string sign)
{
byte[] messagebytes = Convert.FromBase64String(data);
byte[] messagesign = Convert.FromBase64String(sign);
X509Certificate2 x509 = new X509Certificate2(publicKeyPath);
RSACryptoServiceProvider oRSA = new RSACryptoServiceProvider();
oRSA.FromXmlString(x509.PublicKey.Key.ToXmlString(false));
bool bVerify = oRSA.VerifyData(messagebytes, "MD5", messagesign);
return bVerify;
}
]]>
GOLang
<![CDATA[
//Verify the data according to the public key file
func VerifySign(data string,path string,sign string)(error){
var public *rsa.PublicKey
pubData,err := ioutil.ReadFile(path)
if err != nil {
return err
}
pub := base64.StdEncoding.EncodeToString(pubData)
var temp string
split(pub,&temp)
public_key := "\n-----BEGIN CERTIFICATE-----\n" + temp + "-----END CERTIFICATE-----\n"
var publicKey = []byte(public_key)
block, _ := pem.Decode(publicKey)
if block == nil {
return errors.New("public key error")
}
var cert* x509.Certificate
cert, _ = x509.ParseCertificate(block.Bytes)
public = cert.PublicKey.(*rsa.PublicKey)
datasign,err := base64.StdEncoding.DecodeString(data)
if err != nil {
return err
}
hash := md5.New()
hash.Write(datasign)
hashed := hash.Sum(nil)
signdata,err := base64.StdEncoding.DecodeString(sign)
if err != nil {
return err
}
//Verify Sign
return rsa.VerifyPKCS1v15(public, crypto.MD5, hashed[:], signdata)
}
]]>
Python
<![CDATA[
def verify_sign(data, sign):
path = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
doc = os.path.join(path, 'server.pem')
with open(doc) as pk:
key_data = pk.read()
key_data1 =key_data
private_keyBytes =base64.b64decode(key_data1)
priKey = RSA.importKey(private_keyBytes)
verifier = Signature_pkcs1_v1_5.new(priKey)
digest = MD5.new(data)
is_verify = verifier.verify(digest, base64.b64decode(sign))
return is_verify
]]>