-
Bug
-
Resolution: Fixed
-
P2
-
5.0
-
tiger
-
generic
-
generic
-
Verified
according to
http://java.sun.com/j2se/1.4.2/docs/api/java/security/Signature.html#verify(byte[])
it said that
==========================================================================
true if the signature was verified, false if not.
Throws:
SignatureException - if this signature object is not
initialized properly, or the passed-in signature is
improperly encoded or of the wrong type, etc.
==========================================================================
Here are testing scenarios (negative testing)
a) Sign any data and get the signature
b) try to verify the correct signature with wrong public key
(the same key type and the same key size)
c) signature object should return a "false" to indicate
the failure of verification instead of throwing an exception
Actually, this is the Tiger b06 behavior (return false)
but this PIT build would throw exception instead
How to reproduce
==================================================================
import java.security.*;
public class test2 {
public static void main(String argv[]) {
byte[] signed_data;
boolean result;
try {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("rSA","SunRsaSign");
kpg.initialize(512);
KeyPair kp = kpg.genKeyPair();
PrivateKey signingKey = kp.getPrivate();
PublicKey publickey = kp.getPublic();
kp = kpg.genKeyPair();
PrivateKey signingKey2 = kp.getPrivate();
PublicKey publickey2 = kp.getPublic();
String str = "to-be-signed";
Signature signx = Signature.getInstance("Sha1withrSA", "SunRsaSign");
signx.initSign(signingKey);
signx.update(str.getBytes());
signed_data = signx.sign();
signx.initVerify(publickey2);
signx.update(str.getBytes());
result = signx.verify(signed_data);
if (result)
System.out.println("Status Failed: Verified ");
else
System.out.println("Status Passed: Unable to verified ");
}
catch(Exception ex) {
ex.printStackTrace();
System.out.println("STATUS:Failed. Unexpected Exception: " + ex );
}
}
}
==================================================================
http://java.sun.com/j2se/1.4.2/docs/api/java/security/Signature.html#verify(byte[])
it said that
==========================================================================
true if the signature was verified, false if not.
Throws:
SignatureException - if this signature object is not
initialized properly, or the passed-in signature is
improperly encoded or of the wrong type, etc.
==========================================================================
Here are testing scenarios (negative testing)
a) Sign any data and get the signature
b) try to verify the correct signature with wrong public key
(the same key type and the same key size)
c) signature object should return a "false" to indicate
the failure of verification instead of throwing an exception
Actually, this is the Tiger b06 behavior (return false)
but this PIT build would throw exception instead
How to reproduce
==================================================================
import java.security.*;
public class test2 {
public static void main(String argv[]) {
byte[] signed_data;
boolean result;
try {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("rSA","SunRsaSign");
kpg.initialize(512);
KeyPair kp = kpg.genKeyPair();
PrivateKey signingKey = kp.getPrivate();
PublicKey publickey = kp.getPublic();
kp = kpg.genKeyPair();
PrivateKey signingKey2 = kp.getPrivate();
PublicKey publickey2 = kp.getPublic();
String str = "to-be-signed";
Signature signx = Signature.getInstance("Sha1withrSA", "SunRsaSign");
signx.initSign(signingKey);
signx.update(str.getBytes());
signed_data = signx.sign();
signx.initVerify(publickey2);
signx.update(str.getBytes());
result = signx.verify(signed_data);
if (result)
System.out.println("Status Failed: Verified ");
else
System.out.println("Status Passed: Unable to verified ");
}
catch(Exception ex) {
ex.printStackTrace();
System.out.println("STATUS:Failed. Unexpected Exception: " + ex );
}
}
}
==================================================================