載入BC(可選):
...
Security.addProvider(new BouncyCastleProvider());
...
簽名:
public byte[] signData_SHA256withRSA(byte[] data, String p12file, String passwd) throws Exception {
FileInputStream fis = new FileInputStream(p12file);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, passwd.toCharArray());
fis.close();
String alias = "";
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
alias = aliases.nextElement();
break;
}
PrivateKey priKey = (PrivateKey) ks.getKey(alias, passwd.toCharArray());
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(priKey);
signature.update(data);
byte[] signedData = signature.sign();
return signedData;
}
驗籤:
RSA
public Boolean verifySign_SHA256withRSA(byte[] bData, byte[] bSign, byte[] bCert) throws Exception {
boolean result = false;
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
ByteArrayInputStream iData = new ByteArrayInputStream(bCert);
Certificate oCert = cf.generateCertificate(iData);
Provider oProvider = Security.getProvider("BC");
Signature oSig = Signature.getInstance("SHA256withRSA", oProvider);
oSig.initVerify(oCert.getPublicKey());
oSig.update(bData);
result = oSig.verify(bSign);
return result;
}
SM2
public boolean verifySign_SM3withSM2(byte[] bData, byte[] bSign, byte[] bCert) throws Exception {
boolean result = false;
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
ByteArrayInputStream iData = new ByteArrayInputStream(bCert);
Certificate oCert = cf.generateCertificate(iData);
Provider oProvider = Security.getProvider("BC");
Signature oSig = Signature.getInstance("SM3withSM2", oProvider);
oSig.initVerify(oCert.getPublicKey());
oSig.update(bData);
result = oSig.verify(bSign);
return result;
}
解密:
public byte[] encrypt(String certPath, byte data[]) throws Exception {
FileInputStream oFile = new FileInputStream(certPath);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate cert = cf.generateCertificate(oFile);
PublicKey pk = null;
try {
pk = cert.getPublicKey();
} catch (Exception e) {
e.printStackTrace();
return null;
}
Cipher cipher = null;
byte bRet[] = (byte[]) null;
try {
cipher = Cipher.getInstance("RSA");
} catch (Exception e) {
e.printStackTrace();
return null;
}
try {
cipher.init(1, pk);
} catch (Exception e) {
e.printStackTrace();
return null;
}
try {
bRet = cipher.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
return null;
}
return bRet;
}
解析證書:
public CertInfo getCertInfo(String cert) throws Exception {
CertInfo result = null;
byte[] bcert = Base64.decode(cert);
ASN1InputStream asn1Input = new ASN1InputStream(new ByteArrayInputStream(bcert));
ASN1Primitive asn1X509 = asn1Input.readObject();
org.bouncycastle.asn1.x509.Certificate x509 = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1X509);
asn1Input.close();
String certSn = x509.getSerialNumber().getValue().toString(16);
Date notBefore = x509.getStartDate().getDate();
Date notAfter = x509.getEndDate().getDate();
RDN dn = x509.getSubject().getRDNs(BCStyle.CN)[0];
String commonName = dn.getFirst().getValue().toString();
String something = "";
ASN1InputStream asnInputStream = null;
ByteArrayInputStream inStream = null;
try {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier("<oid of something>");
org.bouncycastle.asn1.x509.Extension ext = x509.getTBSCertificate().getExtensions().getExtension(oid);
DEROctetString oct = (DEROctetString) ext.getExtnValue();
inStream = new ByteArrayInputStream(oct.getOctets());
asnInputStream = new ASN1InputStream(inStream);
DERTaggedObject derObject = (DERTaggedObject) asnInputStream.readObject();
DERPrintableString s = (DERPrintableString) derObject.getObject();
something = s.getString();
} catch (Exception ex) {
log.warn("get something error", ex);
} finally {
if (inStream != null) {
inStream.close();
}
if (asnInputStream != null) {
asnInputStream.close();
}
}
result = new CertInfo();
result.certsn = certSn;
result.cn = commonName;
result.notbefore = notBefore;
result.notafter = notAfter;
result.something = something;
return result;
}
望指正