I want to sign data using a certificate installed on browser using java

Question

I know how to sign data using a certificate present on system(machine) but the requirement is to sign the data using certi present on browser. Below is the code. If anyone find my code wrong then please let me know because i am not sure regarding its correctness.
PS - This code works.

import java.io.FileInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

 public class class123 {
    public static void main(String[] args) {
    String input = "shubham";
    byte[] signature = createSignature(input.getBytes());
    System.out.println(createSignature(input.getBytes()));
    verifySignature(input.getBytes(), signature);
}

private static byte[] createSignature(byte[] file) {
    byte[] signature = null;
    String Password="abc";
    try {
        java.security.KeyStore keyStoreFile = java.security.KeyStore.getInstance("PKCS12");
        keyStoreFile.load(new FileInputStream("D:\\1.p12"), Password.toCharArray()); //address of certificate (pfx file) and corresponding password.
        Enumeration<String> aliases = keyStoreFile.aliases();
        String alias = aliases.nextElement();
        PrivateKey privateKey = (PrivateKey) keyStoreFile.getKey(alias, Password.toCharArray());

        Signature dsa = Signature.getInstance("SHA1withRSA");
        dsa.initSign(privateKey);
        dsa.update(file, 0, file.length);
        signature = dsa.sign();

    } catch (Exception e) {

        e.printStackTrace();
    }
    return signature;

}

private static void verifySignature(byte[] file, byte[] sign) {
    String Password="abc";
    try {
        java.security.KeyStore keyStoreFile =       java.security.KeyStore.getInstance("PKCS12");
        keyStoreFile.load(new FileInputStream("D:\\1.p12"),   Password.toCharArray());
        Enumeration<String> aliases = keyStoreFile.aliases();
        String alias = aliases.nextElement();
        Signature dsa = Signature.getInstance("SHA1withRSA");
        dsa.initVerify(((X509Certificate) keyStoreFile.getCertificate(alias)).getPublicKey());
        dsa.update(file);
        boolean ret = dsa.verify(sign);
        System.out.println(ret);


    } catch (Exception e) {

        e.printStackTrace();
    }


}

}

Forget to mention that it is for a web based application. – S.SAHU Sep 05 '16 at 07:32 — S.SAHU, Sep 05 '16 at 07:32

score -1 · Answer 1 · answered Sep 06 '16 at 08:18

-1

it's fine, Kindly check this blog post as I wrote it before while accessing the Microsoft Certificate store to sign and verify, it May help you.

answered Sep 06 '16 at 08:18

Muhammad Hamed

1,229
9
19

score -1 · Answer 2 · edited Sep 13 '16 at 07:08

import java.io.FileOutputStream;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;

public class CertificateFromBrowser {
    public static void main(String[] args) throws Exception {
        testConnectionTo(""); // pass the url (eg: https://www.example.com)
    }

    public static void testConnectionTo(String aURL) throws Exception {
        URL destinationURL = new URL(aURL);
        HttpsURLConnection conn = (HttpsURLConnection) destinationURL.openConnection();
        conn.connect();
        Certificate[] certs = conn.getServerCertificates();
        System.out.println("nb = " + certs.length);
        for (Certificate cert : certs) {
            System.out.println("");
            System.out.println("");
            System.out.println("");
            System.out.println("################################################################");
            System.out.println("");
            System.out.println("");
            System.out.println("");
            System.out.println("Certificate is: " + cert);
            if (cert instanceof X509Certificate) {
                try {
                    ((X509Certificate) cert).checkValidity();
                    System.out.println("Certificate is active for current date");

                } catch (CertificateExpiredException cee) {
                    System.out.println("Certificate is expired");
                }
            } else {
                System.err.println("Unknown certificate type: " + cert);
            }
        }
    }
}

This code does not perform a digital signature. You are reading the public part of the certificate of an SSL server, not browser. Also you need the private key, not the public — pedrofb, Oct 15 '16 at 15:06
Currently it is not possible due to lack of browser support to Java ( http://stackoverflow.com/a/37421135/6371459). There are some workaround such as use a local application connected via javascript or chrome messaging api, or use WebCryptographyApi and load user certificates. See http://security.stackexchange.com/a/140204/112160 — pedrofb, Nov 02 '16 at 14:03

I want to sign data using a certificate installed on browser using java

2 Answers2