in src/main/java/org/openvasp/client/service/impl/SignServiceImpl.java [66:107]
boolean verifySign(String payload, String sign, String pubKey) {
pubKey = Numeric.cleanHexPrefix(pubKey);
pubKey = pubKey.length() > 128 ? pubKey.substring(pubKey.length() - 128) : pubKey; // for compatibility with C# client
String expectedSignerAddress = Keys.getAddress(pubKey);
String MESSAGE_PREFIX = "\u0019Ethereum Signed Message:\n";
String prefix = MESSAGE_PREFIX + payload.length();
byte[] msgHash = Hash.sha3((prefix + payload).getBytes());
byte[] signatureBytes = Numeric.hexStringToByteArray(sign);
byte v = signatureBytes[64];
if (v < 27) {
v += 27;
}
Sign.SignatureData sd =
new Sign.SignatureData(
v,
(byte[]) Arrays.copyOfRange(signatureBytes, 0, 32),
(byte[]) Arrays.copyOfRange(signatureBytes, 32, 64));
String addressRecovered = null;
boolean match = false;
// Iterate for each possible key to recover
for (int i = 0; i < 4; i++) {
BigInteger publicKey =
Sign.recoverFromSignature(
(byte) i,
new ECDSASignature(
new BigInteger(1, sd.getR()), new BigInteger(1, sd.getS())),
msgHash);
if (publicKey != null) {
addressRecovered = Keys.getAddress(publicKey);
if (addressRecovered.equals(expectedSignerAddress)) {
match = true;
break;
}
}
}
return match;
}