CODEWITHSUNDEEP
javacryptographyqr-codex509certificatex509certificatevalidator
jess
jess

Reputation: 1

Uidai QR Code Verification returning False

We have decompresed adhaar qr code sample data and we are able to verify mobile number and email but we stuck on last step of below Pdf document where we are not able to verify signed data with signature and certificate, We have tried with both certificate which uidai have provided on site in developer section.

Uidai document is given below : https://uidai.gov.in/images/resource/User_manulal_QR_Code_15032019.pdf

If anybody have worked on this please help.

Verification code is like below:

public static boolean validateqr(
        byte[] signature, String QrCodeDataa, String public_key_path)
        throws SAXException, MarshalException, XMLSignatureException, InvalidKeyException, SignatureException, UnsupportedEncodingException {

    System.out.println("finalOutput=================>" + new String(output, "ISO-8859-1"));
    System.out.println();
    System.out.println("QrCode Data=================>" + QrCodeDataa);
    System.out.println();
    System.out.println("signatureData============>" + new String(signature, "ISO-8859-1"));
    System.out.println();
    System.out.println("public_key_path============>" + public_key_path);
    System.out.println();

    boolean valid = false;

    try {
        //byte[] signature = signatureData;
        //System.out.println("signedData====>"+signedData);         
        FileInputStream fin = new FileInputStream(public_key_path);
        CertificateFactory f = CertificateFactory.getInstance("X.509");
        X509Certificate certificate = (X509Certificate) f.generateCertificate(fin);
        //System.out.println("certificate====>"+certificate);
        Signature sign = Signature.getInstance(SHA_256_WITH_RSA);
        sign.initVerify(certificate);
        sign.update(QrCodeDataa.getBytes());
        valid = sign.verify(signature);

    } catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException | IOException exp) {
        System.out.println("Error Occured Please Contact Your Administrator");
        exp.printStackTrace();
    }
    return valid;
}

Upvotes: 0

Views: 210

Answers (1)

Srikanth Lakshmanan
Srikanth Lakshmanan

Reputation: 1

You need to extract the public key from certificate and pass that to init verify.

sign.initVerify(certificate.getPublicKey());

The above should work. Also, the test data provided in the specification does not validate, but real Aadhaar QRs should work.

You may also want to look here for more test data / an errata on spec.

Upvotes: 0

Related Questions