java - Android签名initVerify导致异常
问题描述
我创建了一个服务器,它可以用随机点响应客户端。服务器代码
private static void generateKeys() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
ECGenParameterSpec ecSpec = new ECGenParameterSpec(SPEC);
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
g.initialize(ecSpec, new SecureRandom());
KeyPair keypair = g.generateKeyPair();
publicKey = keypair.getPublic();
privateKey = keypair.getPrivate();
}
private static JSONObject getPoints() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
if(null == publicKey && null == privateKey)
generateKeys();
JSONObject object = new JSONObject();
String falseSignature = "AAAaaaAAAaaa111AAAaaaAAAaaa111111AAAaaaAAAAAAAAAAAAAAAaaaaaaa111AAAAAAAAAAAAAAAAAaaaaaAAAAAAaaa1";
try {
Signature ecdsaSign = Signature.getInstance(ALGO);
String pub = Base64.getEncoder().encodeToString(publicKey.getEncoded());
List<Point> points = generatePointsList(10);
JSONArray array = new JSONArray();
JSONArray finalArray = array;
points.forEach(
i -> {
try {
ecdsaSign.initSign(privateKey);
JSONObject obj = new JSONObject();
ecdsaSign.update(i.getString().getBytes(StandardCharsets.UTF_8));
byte[] signature = ecdsaSign.sign();
String sig = Base64.getEncoder().encodeToString(signature);
obj.put("signature", sig);
obj.put("point", i.toJson());
finalArray.put(obj);
} catch (SignatureException | InvalidKeyException e) {
e.printStackTrace();
}
}
);
List<Point> falsePoints = generatePointsList(5);
falsePoints.forEach(
i -> {
JSONObject obj = new JSONObject();
obj.put("signature", falseSignature);
obj.put("point", i.toJson());
finalArray.put(obj);
}
);
object.put("publicKey", pub);
object.put("algorithm", ALGO);
array = shuffleJsonArray(finalArray);
object.put("points", array);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
return object;
}
点代码:
public class Point {
private int x;
private int y;
public Point(int x, int y) {
this.x = x;
this.y = y;
}
public JSONObject toJson(){
JSONObject obj = new JSONObject();
obj.put("x", x);
obj.put("y", y);
return obj;
}
public String getString(){
return String.format("%s%s", x, y);
}
@Override
public String toString() {
return "Point{" +
"x=" + x +
", y=" + y +
'}';
}
结果是一个带有公钥和点数组的json及其签名:
{"publicKey":"MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEcWZ5gZI6R2GZQhQ78zDWP4O6wkkc968MzrTbnwETYWKvBdAFyJzlfXmn43ISWqtmFqsSeEmUPT1vabpkbJi9SQ==","algorithm":"SHA256withECDSA","points":[{"signature":"MEYCIQC4FytGoPJOspQDHp7yjsglGuHhv16MBctUUy1VgtVznQIhANV+7drv8aXinT7IBT7apaVlIFE9/Gz/UzPRkj+1dUp4","point":{"x":141,"y":33}},{"signature":"AAAaaaAAAaaa111AAAaaaAAAaaa111111AAAaaaAAAAAAAAAAAAAAAaaaaaaa111AAAAAAAAAAAAAAAAAaaaaaAAAAAAaaa1","point":{"x":88,"y":41}},{"signature":"MEUCIQDaCibfFoh9TVSVZVJuOkT/GTssjEFjYoIn0UdHg4wtTAIgf7Pa52udA4UVIWAPdM5m3wnkgo3/LqT8Q/qQs0USMGU=","point":{"x":119,"y":179}}}]
kotlin 上的 Android 客户端代码:
public fun getPoints(){
coroutineScope.launch {
val getPointsInfoDeferred = executeAsync { getPoints()}
try {
_status.value = ServerApiStatus.LOADING
val points = getPointsInfoDeferred.await()
algo = points.algorithm
publicKey = getPubKey(points.publicKey)
_pointsProp.value = points.points.map { ParselableInfo(points.publicKey,
checkPoints(it),
it) }
_status.value = ServerApiStatus.COMPLETED
}catch (e: Exception){
_status.value = ServerApiStatus.ERROR
Log.i("OVERVIEW MODEL", "some exception: ${e.message}")
_pointsProp.value = listOf()
}
}
}
private fun getPubKey(pubkey:String): PublicKey {
val publicKeySpec: EncodedKeySpec = X509EncodedKeySpec(Base64.decode(pubkey, Base64.DEFAULT))
val keyFactory: KeyFactory = KeyFactory.getInstance("EC")
return keyFactory.generatePublic(publicKeySpec)
}
private fun getPointString(x: Int, y: Int): String{
return "$x$y"
}
private fun checkPoints(pointWithSign: PointWithSignature): Boolean{
val sign: Signature = Signature.getInstance(algo)
val point = pointWithSign.point
return try {
val a = String(publicKey.encoded)
sign.initVerify(publicKey)
sign.update(getPointString(point.x, point.y).toByteArray(StandardCharsets.UTF_8))
return sign.verify(pointWithSign.signature.toByteArray(StandardCharsets.UTF_8))
} catch (e: java.lang.Exception) {
false
}
}
所以“sign.initVerify(publicKey)”行导致异常 - 解析公钥错误,即使公钥对象是在函数“getPubKey”中创建的。我不知道我错在哪里。
堆栈跟踪:
java.security.InvalidKeyException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: Error parsing public key
at com.android.org.conscrypt.OpenSSLKey.fromPublicKey(OpenSSLKey.java:251)
at com.android.org.conscrypt.OpenSSLSignature.engineInitVerify(OpenSSLSignature.java:215)
at java.security.Signature$Delegate.init(Signature.java:1354)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1310)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1374)
at java.security.Signature.initVerify(Signature.java:601)
at com.example.disserclient.overview.OverviewModel.checkPoints(OverviewModel.kt:91)
at com.example.disserclient.overview.OverviewModel.access$checkPoints(OverviewModel.kt:22)
at com.example.disserclient.overview.OverviewModel$getPoints$1.invokeSuspend(OverviewModel.kt:57)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at kotlinx.coroutines.DispatchedTask.run(Dispatched.kt:241)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:214)
at android.app.ActivityThread.main(ActivityThread.java:7076)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:965)
Caused by: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: Error parsing public key
at com.android.org.conscrypt.NativeCrypto.EVP_parse_public_key(Native Method)
at com.android.org.conscrypt.OpenSSLKey.fromPublicKey(OpenSSLKey.java:249)
解决方案
所以我找到了解决方案。正如@Maarten - 恢复莫妮卡建议的那样,我尝试使用 Bouncy Castle 提供程序。它有效!在密钥对创建之前的服务器端,我添加了这一行:
Security.insertProviderAt(new BouncyCastleProvider(), 1);
在客户端,我做了一些更改:
val keyFactory: KeyFactory = KeyFactory.getInstance("EC", castleProvider)
和
val sign: Signature = Signature.getInstance(points.algorithm, castleProvider)
castleProvider 是 BouncyCastleProvider 来自
'org.bouncycastle',名称:'bcprov-jdk15on',版本:'1.64'
我也忘记了服务器端的 Base64 编码,所以我更改了签名验证:
sign.verify(Base64.decode(pointWithSign.signature, Base64.DEFAULT))
推荐阅读
- c# - 如何在 MVC 5 的 Bootstrap 3 导航中将链接左右对齐
- json - 什么是 axios.defaults.headers.post 'content-type' = 'application/json'
- c++ - 在 C++ 中使用 multipe recv() 和 send() 调用
- dictionary - 如何在 Tensorboard 中获取 mAP
- javascript - jquery ajax中的Javascript重定向
- symfony - Symfony Flex 配方如何知道要安装哪些包?
- highcharts-editor - 当我们在打开模态编辑器之前滚动页面时,Highcharts 模态编辑器无法正常工作
- ios - 在 iOS 中为我自己的框架添加“THIS 已重命名为 THAT”
- c++ - 寻找 boost::iterator_facade 的示例用法
- excel - 如何比较同一个单元格和另一个单元格的差异