Get the Signature Value from X509 Certificate

0
votes

I want to make a small program that gets as inputs (1) A X509 Certificate (2) the corresponding CA that signed this certificate. It should verify this certificate if it is intact or not by verifying the signature. To do so, I believe first I need to extract two things: (1) The Signature Value (2) the remaining certificate fields. The following code works fine for getting the public key but I need the signature value for my purpose.

URL httpslink = new URL("https://mail.yahoo.com");
HttpsURLConnection con = (HttpsURLConnection) httpslink.openConnection();
con.connect();
Certificate ct[] = con.getServerCertificates();

X509Certificate c = ((X509Certificate) ct[0]);
System.out.println(c.getPublicKey().toString());

I tried many ways to get the signature value but I failed. Can you guys give me at least a hit to do so. THANK YOU

1
javasslx509certificatedigital-signature
Have you tried the getSignature method? docs.oracle.com/javase/7/docs/api/java/security/cert/…Jumbogram
Yes, I have .. it doesn't show me the signature value though! It show me this strange value => [B@5fa34e31user3317181
That's the result of calling toString() on a byte[] array. The contents are still the signature.user207421
This question appears to be off-topic because it is founded on a mistake.user207421

1 Answers

2
votes

As comments already indicate, using the getSignature method you do get the signature. It is a byte[], though. Thus, you should not expect anything usable from its toString value.

Concerning your original objective, though:

verify this certificate if it is intact or not by verifying the signature.

You do not need to do all that stuff manually. Instead your should use the Certificate methods getPublicKey and verify:

boolean check (Certificate testCert, Certificate caCert)
{
    try
    {
        testCert.verify(caCert.getPublicKey());
        return true;
    }
    catch (GeneralSecurityException e)
    {
        return false;
    }
]

Depending on the algorithms used you may need to use the other verify overload to supply an explicit provider.

For those in doubt the according Certificate method comments:

/**
 * Verifies that this certificate was signed using the
 * private key that corresponds to the specified public key.
 *
 * @param key the PublicKey used to carry out the verification.
 *
 * ...
 */
public abstract void verify(PublicKey key)

/**
 * Gets the public key from this certificate.
 *
 * @return the public key.
 */
public abstract PublicKey getPublicKey()