testP11

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.logging.Logger;
import java.security.cert.CertificateFactory;

public class TestPKCS11 {
    public static Logger log=Logger.global;
   
 public static void main(String[] args) {
  
  TestPKCS11 testPKCS11 = new TestPKCS11();
  String configName1 = "tianyupkcs11.cfg";
  String configName2 = "zhongchaopkcs11.cfg";
  String configName3 = "haitaipkcs11.cfg";
  try {
   testPKCS11.show_pkcs11_cfgfile(configName1);
   testPKCS11.init(configName1);
  }
  catch (Exception e) {
   Logger.global.severe("Exceptions");
   System.out.println(e.getMessage());
  }
  try {
   testPKCS11.show_pkcs11_cfgfile(configName2);
   testPKCS11.init(configName2);
  }
  catch (Exception e) {
   Logger.global.severe("Exceptions");
   System.out.println(e.getMessage());
  }
  try {
   testPKCS11.show_pkcs11_cfgfile(configName3);
   testPKCS11.init(configName3);
  }
  catch (Exception e) {
   Logger.global.severe("Exceptions");
   System.out.println(e.getMessage());
  }
  
  try{
   //testPKCS11.init(configName2);
   //testPKCS11.init(configName3);
      testPKCS11.token_login();
     
      /*
   if(configName.equals("deanjmjpkcs11.cfg")){
    testPKCS11.deanjmj_login();
   }else{
       testPKCS11.token_login();
   }
   */
   Logger.global.info("End!");
  } catch (Exception e) {
   Logger.global.severe("Exceptions");
   System.out.println(e.getMessage());
  }
 }
 

 /**
  * 功能：初始化PKCS11接口庫，安裝PKCS#11服務提供者
  * @param configName   PKCS#11配置文件
  * @throws Exception
  */
 public void init(String configName) throws Exception {
  Provider p = new sun.security.pkcs11.SunPKCS11(configName);
  Security.addProvider(p);
        log.info("Security.addProvider "+configName+" OK!");
        log.info(p.getName());
        /*
        for (Enumeration e = p.keys(); e.hasMoreElements() ;) {
         System.out.println(e.nextElement());
        }
        */       
 }
 
 /**
  * 功能:eKey登錄
  * @throws Exception
  */
 public void token_login() throws Exception{
  char[] pin = "111111".toCharArray();
  KeyStore ks = KeyStore.getInstance("PKCS11");
  ks.load(null, pin);
  System.out.println("zy");
  
     String strOld=null;
     String strNew=null;
     boolean bIsCertEntry=false;
     boolean bIsKeyEntry=false;
     X509Certificate cert=null;
        Signature mysign = Signature.getInstance("SHA1withRSA");    
  for (Enumeration e = ks.aliases() ; e.hasMoreElements() ;) {
   strOld = (String)e.nextElement();
         strNew = new String(strOld.getBytes("ISO8859_1"), "GBK");
         System.out.println("ALIAS:"+strNew);
         bIsCertEntry = ks.isCertificateEntry(strOld);
         if(bIsCertEntry) System.out.println("  is isCertificateEntry!");
         bIsKeyEntry = ks.isKeyEntry(strOld);
         if(bIsKeyEntry) System.out.println("   is KeyEntry!");
         // get my private key
         KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)ks.getEntry(strOld, null);
        
         PrivateKey myPrivateKey = pkEntry.getPrivateKey();
         mysign.initSign(myPrivateKey);
         mysign.update("Hello World!".getBytes());
         byte [] signData = mysign.sign();
         System.out.println(signData.length);
        
         Signature verifysign = Signature.getInstance("SHA1withRSA");
         //X509Certificate certsign = loadCert("002.cer");
            verifysign.initVerify(pkEntry.getCertificate().getPublicKey());
         //verifysign.initVerify(certsign);
         verifysign.update("Hello World!".getBytes());
         if(verifysign.verify(signData))
           System.out.println("  Verify Signature is OK!");
          
        cert = (X509Certificate)pkEntry.getCertificate();
        System.out.println(cert.getSubjectDN().getName());
        System.out.println(cert.getSerialNumber().toString(16));
       
        /*int p=4;
   byte[] tmp= cert.getExtensionValue("1.2.86.11.7.9");
   byte[] tmp1= new byte[tmp.length-p];
   for(int i=0;i<tmp1.length;i++){
    tmp1[i]=tmp[i+p];
   }
   System.out.println((new String(tmp1)));
   System.out.println((new String(tmp))); */
       
        boolean[] keyUsage = cert.getKeyUsage();
        for(int k=0;k<keyUsage.length;k++){
         if(!keyUsage[k]) continue;
         switch(k){
         case 0:System.out.println("/t/t  digitalSignature.");break;
         case 1:System.out.println("/t/t  nonRepudiation.");break;
         case 2:System.out.println("/t/t  keyEncipherment.");break;
         case 3:System.out.println("/t/t  dataEncipherment.");break;
         case 4:System.out.println("/t/t  keyAgreement.");break;
         case 5:System.out.println("/t/t  keyCertSign.");break;
         case 6:System.out.println("/t/t  cRLSign.");break;
         case 7:System.out.println("/t/t  encipherOnly.");break;
         case 8:System.out.println("/t/t  ecipherOnly.");break;
         default:System.out.println("/t/t unknown usage.");break;
         
         }
        }
          
       }
 

 }

 
 /**
  * 功能:顯示PKCS11配置文件
  * @param configName
  * @throws Exception
  */
 public void show_pkcs11_cfgfile(String configName) throws Exception {

  FileInputStream fis = new FileInputStream(configName);
  BufferedReader reader = new BufferedReader(new InputStreamReader(fis));
  String line = null;
  while (true) {
   line = reader.readLine();
   if (line == null) {
    break;
   }
   System.out.println(line);
  }
  reader.close();
  fis.close();
 }
 
 public static X509Certificate loadCert(String certFileName)
    throws Exception {
  CertificateFactory cf = CertificateFactory.getInstance("X.509");
  FileInputStream in = new FileInputStream(certFileName);
  X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
  in.close();
  return cert;
 }
}