package signver;

import java.security.interfaces.RSAPublicKey;
import java.security.Signature;
import java.security.KeyFactory;
import java.security.spec.X509EncodedKeySpec;
import java.io.FileInputStream;
import java.io.DataInputStream;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.net.URLCodec;

public class SignVer {

    // verification signature RSA des donnees avec cle publique

    private static boolean verify( byte[] dataBytes, byte[] sigBytes, String sigAlg, RSAPublicKey pubKey) throws Exception
    {
        Signature sig = Signature.getInstance(sigAlg);
        sig.initVerify(pubKey);
        sig.update(dataBytes);
        return sig.verify(sigBytes);
    }

    // chargement de la cle AU FORMAT der :
    // openssl rsa -inform PEM -in pbx_pubkey.pem -outform DER -pubin -out /tmp/pubkey.der

    private static RSAPublicKey getPubKey(String pubKeyFile) throws Exception
    {
        FileInputStream fis = new FileInputStream(pubKeyFile);
        DataInputStream dis = new DataInputStream(fis);
        byte[] pubKeyBytes = new byte[fis.available()];
        dis.readFully(pubKeyBytes);
        fis.close();
        dis.close();
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        // extraction cle
        X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubKeyBytes);
        RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubSpec);
        return pubKey;
     }
    
     // exemple de verification de la signature
    
     public static void main(String[] unused) throws Exception {
        
        String sData = "";          // donnees signees URL encodees
        String sSig  = "";          // signature Base64 et URL encodee 
        
        // decodage ...
        byte[] dataBytes = URLCodec.decodeUrl(sData.getBytes());
        byte[] sigBytes = Base64.decodeBase64( URLCodec.decodeUrl(sSig.getBytes()));
        
        // lecture de la cle publique       
        RSAPublicKey pubK = getPubKey("/tmp/pubkey.der");

        // verification signature
        boolean result = verify(dataBytes, sigBytes, "SHA1withRSA", pubK);
        
        // affichage resultat
        System.out.println("Resultat de la verification de signature : " + result);
    }
}