hi, I was not able to recreate this issue. I only tested on Solaris, I'll try other platforms when I have time. If you still have this issue, please create a bug and provide as much info as possible.
thanks, glen Matej Spiller-Muys wrote: > Hi, > > can someone please confirm the following bug. It seems to be regression in > jss. > > signatureValue & publicKey & validData1 == valid signature (verify return > true in every version of jss) > > signatureValue & publicKey & validData2 == invalid signature (verify should > return false, since signatureValue is still in the same correct format, but > validData2 is different). > > Jss 3.3 and Jss 3.4 return true and false ... > > Jss 4.2.5 returns true and exception (instead of false) > > java.security.SignatureException: Failed to complete verification > operation > at org.mozilla.jss.pkcs11.PK11Signature.engineVerifyNative(Native > Method) > at > org.mozilla.jss.pkcs11.PK11Signature.engineVerify(PK11Signature.java:330) > at org.mozilla.jss.crypto.Signature.verify(Signature.java:156) > at > org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineVerify(JSSSignatureSpi.java:171) > at java.security.Signature$Delegate.engineVerify(Unknown Source) > at java.security.Signature.verify(Unknown Source) > > please see: > http://java.sun.com/j2se/1.5.0/docs/api/java/security/Signature.html#verify(byte[]) > SignatureException - if this signature object is not initialized properly, > the passed-in signature is improperly encoded or of the wrong type, if this > signature algorithm is unable to process the input data provided, etc. > > > > > > import java.security.InvalidKeyException; > > import java.security.NoSuchAlgorithmException; > > import java.security.NoSuchProviderException; > > import java.security.Signature; > > import java.security.SignatureException; > > > import org.apache.xml.security.exceptions.Base64DecodingException; > > import org.apache.xml.security.utils.Base64; > > import org.mozilla.jss.crypto.InvalidKeyFormatException; > > > > > > String signatureValue = > "kxtTIwIASGVZShKBYoRIEjG3ioFmVTi2Esa8dtP+nX71nyWCfPmTwXsjMbI6IMoLygTdDlH/wsjy81XnIPFGjLv8cyW9SCG4+l5pJq5ys1v2YJ+UT5Lb/vZAYZ5tMMHblGSmtzjxgo74zRGjGPfgCuo+SF/06hl6VFphj24F1zw="; > > String publicKey = > "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCfGkiYRb6lJOacUp8NcIbWZQ7sEbKc3+YGyx4\nn6yrIWKLzy0JSt8V84yeMXl43uxHDY41iQb+SJnamRSjGsZANl2WRONqlVsOVIik/PSzZHaRRxmD\nhB7mixO4DKg03Z90rPdml4C+86URxFzD+LxUyq1SXlbzUvWdHs2lPFwFXQIDAQAB"; > > String validData1 = > "PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CiAgIDwvU2lnbmVkSW5mbz4="; > > String validData2 = > "PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4="; > > > System.out.println(new String(Base64.decode(validData1))); > > System.out.println(new String(Base64.decode(validData2))); > > > Signature tmp = Signature.getInstance("SHA1withRSA", "Mozilla-JSS"); > > org.mozilla.jss.pkcs11.PK11PubKey pkConverted = > org.mozilla.jss.pkcs11.PK11RSAPublicKey.fromSPKI(Base64.decode(publicKey)); > > tmp.initVerify(pkConverted); > > tmp.update(Base64.decode(validData2)); > > System.out.println(tmp.verify(Base64.decode(signatureValue))); > > > tmp.initVerify(pkConverted); > > tmp.update(Base64.decode(validData1)); > > System.out.println(tmp.verify(Base64.decode(signatureValue))); > > > > > > Matej Spiller-Muys > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto