Get the Signature Value from X509 Certificate

https://stackoverflow.com/questions/21818575

12-10-2022
|

Вопрос

I want to make a small program that gets as inputs (1) A X509 Certificate (2) the corresponding CA that signed this certificate. It should verify this certificate if it is intact or not by verifying the signature. To do so, I believe first I need to extract two things: (1) The Signature Value (2) the remaining certificate fields. The following code works fine for getting the public key but I need the signature value for my purpose.

URL httpslink = new URL("https://mail.yahoo.com");
HttpsURLConnection con = (HttpsURLConnection) httpslink.openConnection();
con.connect();
Certificate ct[] = con.getServerCertificates();

X509Certificate c = ((X509Certificate) ct[0]);
System.out.println(c.getPublicKey().toString());

I tried many ways to get the signature value but I failed. Can you guys give me at least a hit to do so. THANK YOU

Решение

As comments already indicate, using the getSignature method you do get the signature. It is a byte[], though. Thus, you should not expect anything usable from its toString value.

Concerning your original objective, though:

verify this certificate if it is intact or not by verifying the signature.

You do not need to do all that stuff manually. Instead your should use the Certificate methods getPublicKey and verify:

boolean check (Certificate testCert, Certificate caCert)
{
    try
    {
        testCert.verify(caCert.getPublicKey());
        return true;
    }
    catch (GeneralSecurityException e)
    {
        return false;
    }
]

Depending on the algorithms used you may need to use the other verify overload to supply an explicit provider.

For those in doubt the according Certificate method comments:

/**
 * Verifies that this certificate was signed using the
 * private key that corresponds to the specified public key.
 *
 * @param key the PublicKey used to carry out the verification.
 *
 * ...
 */
public abstract void verify(PublicKey key)

/**
 * Gets the public key from this certificate.
 *
 * @return the public key.
 */
public abstract PublicKey getPublicKey()

Лицензировано под: CC-BY-SA с атрибуция

Не связан с StackOverflow