Верификация JWT сертификатом CryptoPro
Помогите, пожалуйста, решить проблему. Пытаюсь верифицировать JWT, но безуспешно.
private boolean verifyJwt(String token, X509Certificate certificate) {
boolean result = false;
String[] parts = token.split("\\.");
byte[] tokenSign = Base64.getDecoder().decode(parts[2].getBytes(StandardCharsets.UTF_8));
String head = parts[0];
String payload = parts[1];
String headWithPayload = head + "." + payload;
try {
Signature signature = Signature.getInstance((certificate).getSigAlgName());
byte[] msgBytes = headWithPayload.getBytes(StandardCharsets.UTF_8);
PublicKey publicKey = certificate.getPublicKey();
signature.initVerify(publicKey);
signature.update(msgBytes);
result = signature.verify(tokenSign);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
throw new RuntimeException(e);
} catch (InvalidKeyException e) {
e.printStackTrace();
throw new RuntimeException(e);
} catch (SignatureException e) {
e.printStackTrace();
throw new RuntimeException(e);
}
return result;
}
private void signJWT(InputStream dataInputStream, OutputStream signOutputStream) throws Exception{
InputStream inputStream = dataInputStream;
String jwt = new BufferedReader(new InputStreamReader(inputStream)).lines().collect(Collectors.joining("\n"));
String[] parts = jwt.split("\\.");
String dataForSign = parts[0] + "." + parts[1];
byte[] dataBytes = dataForSign.getBytes(StandardCharsets.UTF_8);
byte[] finalData = computeDigestWithStream(inputStream, JCP.GOST_DIGEST_2012_256_NAME, "JCSP");
Signature signatureProcessor;
try {
signatureProcessor = Signature.getInstance(this.algorithmSign, this.providerSign);
PrivateKey privateKey = getInnerPrivateKey();
signatureProcessor.initSign(privateKey);
signatureProcessor.update(finalData);
byte[] signData = signatureProcessor.sign();
ByteArrayOutputStream out = new ByteArrayOutputStream();
out.write(signData);
String signature1 = Base64.getUrlEncoder().withoutPadding().encodeToString(out.toByteArray());
String result = parts[0] + "." + parts[1] + "." + signature1;
signOutputStream.write(signature1.getBytes());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
}
private byte[] computeDigestWithStream(InputStream dataSteam, String algName, String provider) throws Exception {
final MessageDigest digest = MessageDigest.getInstance(algName, provider);
final DigestInputStream digestStream = new DigestInputStream(dataSteam, digest);
while (digestStream.available() != 0)
digestStream.read();
return digest.digest();
}
private PrivateKey getInnerPrivateKey() throws KeyStoreException, IOException,
CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
String STORE_TYPE = "Aktiv Rutoken";
String storePath = "/opt/cert.keystore";
String alias = "01234567-0123-0123-0123-0123456789012";
String STORE_PASS = "01234567";
final KeyStore keyStore = KeyStore.getInstance(STORE_TYPE);
final File file = new File(storePath);
if (!file.exists()) {
throw new FileNotFoundException("File " + STORE_TYPE + " not found while retrieving private key");
}
keyStore.load(new FileInputStream(file), STORE_PASS.toCharArray());
return (PrivateKey) keyStore.getKey(alias, STORE_PASS.toCharArray());
}
Т.е. после выполнения метода signJWT() подпись успешно возвращается, но при попытки проверить эту же подпись на этом же сертификате с помощью метода verifyJwt() возвращается false.