import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.logging.Logger;
import java.security.cert.CertificateFactory;
public class TestPKCS11 {
public static Logger log=Logger.global;
public static void main(String[] args) {
TestPKCS11 testPKCS11 = new TestPKCS11();
String configName1 = "tianyupkcs11.cfg";
String configName2 = "zhongchaopkcs11.cfg";
String configName3 = "haitaipkcs11.cfg";
try {
testPKCS11.show_pkcs11_cfgfile(configName1);
testPKCS11.init(configName1);
}
catch (Exception e) {
Logger.global.severe("Exceptions");
System.out.println(e.getMessage());
}
try {
testPKCS11.show_pkcs11_cfgfile(configName2);
testPKCS11.init(configName2);
}
catch (Exception e) {
Logger.global.severe("Exceptions");
System.out.println(e.getMessage());
}
try {
testPKCS11.show_pkcs11_cfgfile(configName3);
testPKCS11.init(configName3);
}
catch (Exception e) {
Logger.global.severe("Exceptions");
System.out.println(e.getMessage());
}
try{
//testPKCS11.init(configName2);
//testPKCS11.init(configName3);
testPKCS11.token_login();
/*
if(configName.equals("deanjmjpkcs11.cfg")){
testPKCS11.deanjmj_login();
}else{
testPKCS11.token_login();
}
*/
Logger.global.info("End!");
} catch (Exception e) {
Logger.global.severe("Exceptions");
System.out.println(e.getMessage());
}
}
/**
* 功能:初始化PKCS11接口庫,安裝PKCS#11服務提供者
* @param configName PKCS#11配置文件
* @throws Exception
*/
public void init(String configName) throws Exception {
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
log.info("Security.addProvider "+configName+" OK!");
log.info(p.getName());
/*
for (Enumeration e = p.keys(); e.hasMoreElements() ;) {
System.out.println(e.nextElement());
}
*/
}
/**
* 功能:eKey登錄
* @throws Exception
*/
public void token_login() throws Exception{
char[] pin = "111111".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, pin);
System.out.println("zy");
String strOld=null;
String strNew=null;
boolean bIsCertEntry=false;
boolean bIsKeyEntry=false;
X509Certificate cert=null;
Signature mysign = Signature.getInstance("SHA1withRSA");
for (Enumeration e = ks.aliases() ; e.hasMoreElements() ;) {
strOld = (String)e.nextElement();
strNew = new String(strOld.getBytes("ISO8859_1"), "GBK");
System.out.println("ALIAS:"+strNew);
bIsCertEntry = ks.isCertificateEntry(strOld);
if(bIsCertEntry) System.out.println(" is isCertificateEntry!");
bIsKeyEntry = ks.isKeyEntry(strOld);
if(bIsKeyEntry) System.out.println(" is KeyEntry!");
// get my private key
KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)ks.getEntry(strOld, null);
PrivateKey myPrivateKey = pkEntry.getPrivateKey();
mysign.initSign(myPrivateKey);
mysign.update("Hello World!".getBytes());
byte [] signData = mysign.sign();
System.out.println(signData.length);
Signature verifysign = Signature.getInstance("SHA1withRSA");
//X509Certificate certsign = loadCert("002.cer");
verifysign.initVerify(pkEntry.getCertificate().getPublicKey());
//verifysign.initVerify(certsign);
verifysign.update("Hello World!".getBytes());
if(verifysign.verify(signData))
System.out.println(" Verify Signature is OK!");
cert = (X509Certificate)pkEntry.getCertificate();
System.out.println(cert.getSubjectDN().getName());
System.out.println(cert.getSerialNumber().toString(16));
/*int p=4;
byte[] tmp= cert.getExtensionValue("1.2.86.11.7.9");
byte[] tmp1= new byte[tmp.length-p];
for(int i=0;i<tmp1.length;i++){
tmp1[i]=tmp[i+p];
}
System.out.println((new String(tmp1)));
System.out.println((new String(tmp))); */
boolean[] keyUsage = cert.getKeyUsage();
for(int k=0;k<keyUsage.length;k++){
if(!keyUsage[k]) continue;
switch(k){
case 0:System.out.println("/t/t digitalSignature.");break;
case 1:System.out.println("/t/t nonRepudiation.");break;
case 2:System.out.println("/t/t keyEncipherment.");break;
case 3:System.out.println("/t/t dataEncipherment.");break;
case 4:System.out.println("/t/t keyAgreement.");break;
case 5:System.out.println("/t/t keyCertSign.");break;
case 6:System.out.println("/t/t cRLSign.");break;
case 7:System.out.println("/t/t encipherOnly.");break;
case 8:System.out.println("/t/t ecipherOnly.");break;
default:System.out.println("/t/t unknown usage.");break;
}
}
}
}
/**
* 功能:顯示PKCS11配置文件
* @param configName
* @throws Exception
*/
public void show_pkcs11_cfgfile(String configName) throws Exception {
FileInputStream fis = new FileInputStream(configName);
BufferedReader reader = new BufferedReader(new InputStreamReader(fis));
String line = null;
while (true) {
line = reader.readLine();
if (line == null) {
break;
}
System.out.println(line);
}
reader.close();
fis.close();
}
public static X509Certificate loadCert(String certFileName)
throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(certFileName);
X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
in.close();
return cert;
}
}