Итак, подпись в файле .pkpass (zip) используется для проверки файла Manifest.json .pkpass.
Как-то мне нужно ее проверить (я думаю, используя следующий сертификат Apple https ://developer.apple.com/certificationauthority/AppleWWDRCA.cer)
import java.io.File
import java.nio.file.Files
import java.security.MessageDigest
import java.security.Signature
import java.security.cert.CertificateFactory
fun main() {
val appleCertificateFile = File("AppleWWDRCA.cer")
val manifestJsonFile = File("manifest.json") // from .pkpass file
val signatureFile = File("signature") // from .pkpass file
println(
verifyManifestSignature(
manifestJsonFile = manifestJsonFile,
signatureFile = signatureFile,
certificateFile = appleCertificateFile
)
)
}
fun verifyManifestSignature(
manifestJsonFile: File,
signatureFile: File,
certificateFile: File
): Boolean {
// Step 1: Read the content of manifest.json
val manifestBytes = manifestJsonFile.readBytes()
// Step 2: Compute the SHA-256 hash of manifest.json
val messageDigest = MessageDigest.getInstance("SHA-256")
val computedHash = messageDigest.digest(manifestBytes)
println("computedHash ${computedHash.joinToString("") { "%02x".format(it) }}")
// Step 3: Extract the signature
val signatureBytes = signatureFile.readBytes()
// Step 4: Load the public key from the certificate
val certificateFactory = CertificateFactory.getInstance("X.509")
val certInputStream = Files.newInputStream(certificateFile.toPath())
val certificate = certificateFactory.generateCertificate(certInputStream)
val publicKey = certificate.publicKey
// Step 5: Verify the signature using the public key
val signature = Signature.getInstance("SHA256withRSA")
signature.initVerify(publicKey)
signature.update(computedHash)
// Verify the signature against the data (manifest.json)
val isVerified = signature.verify(signatureBytes)
return isVerified
}
Exception in thread "main" java.security.SignatureException: Bad signature length: got 3347 but was expecting 256
at java.base/sun.security.rsa.RSASignature.engineVerify(RSASignature.java:215)
at java.base/java.security.Signature$Delegate.engineVerify(Signature.java:1435)
at java.base/java.security.Signature.verify(Signature.java:789)
at PassSignatureKt.verifyManifestSignature(PassSignature.kt:50)
at PassSignatureKt.main(PassSignature.kt:13)
at PassSignatureKt.main(PassSignature.kt)
Я особо не работал с сертификатами, так как же правильно их все проверить?
Итак, подпись в файле .pkpass (zip) используется для проверки файла Manifest.json .pkpass. Как-то мне нужно ее проверить (я думаю, используя следующий сертификат Apple https ://developer.apple.com/certificationauthority/AppleWWDRCA.cer) [code]import java.io.File import java.nio.file.Files import java.security.MessageDigest import java.security.Signature import java.security.cert.CertificateFactory
fun main() { val appleCertificateFile = File("AppleWWDRCA.cer") val manifestJsonFile = File("manifest.json") // from .pkpass file val signatureFile = File("signature") // from .pkpass file
fun verifyManifestSignature( manifestJsonFile: File, signatureFile: File, certificateFile: File ): Boolean { // Step 1: Read the content of manifest.json val manifestBytes = manifestJsonFile.readBytes()
// Step 2: Compute the SHA-256 hash of manifest.json val messageDigest = MessageDigest.getInstance("SHA-256") val computedHash = messageDigest.digest(manifestBytes)
// Step 3: Extract the signature val signatureBytes = signatureFile.readBytes()
// Step 4: Load the public key from the certificate val certificateFactory = CertificateFactory.getInstance("X.509") val certInputStream = Files.newInputStream(certificateFile.toPath()) val certificate = certificateFactory.generateCertificate(certInputStream) val publicKey = certificate.publicKey
// Step 5: Verify the signature using the public key val signature = Signature.getInstance("SHA256withRSA") signature.initVerify(publicKey) signature.update(computedHash)
// Verify the signature against the data (manifest.json) val isVerified = signature.verify(signatureBytes) return isVerified } [/code] Но я получаю ошибку: [code]Exception in thread "main" java.security.SignatureException: Bad signature length: got 3347 but was expecting 256 at java.base/sun.security.rsa.RSASignature.engineVerify(RSASignature.java:215) at java.base/java.security.Signature$Delegate.engineVerify(Signature.java:1435) at java.base/java.security.Signature.verify(Signature.java:789) at PassSignatureKt.verifyManifestSignature(PassSignature.kt:50) at PassSignatureKt.main(PassSignature.kt:13) at PassSignatureKt.main(PassSignature.kt) [/code] Я особо не работал с сертификатами, так как же правильно их все проверить?
Мобильная версия