xkmsutil.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

	 * @param privateKeyType the JAXB version of the PrivateKey tag
	 * @param sharedSecret the shared secret, cannot be null.
	 * @return a java RSAPrivateKey 
	 * @throws StringprepException if the shared secret doesn't conform with the SASLprep profile as specified in the XKMS specification.
	 * @throws XMLEncryptionException if any other exception occurs during the processing.
	 */
	public static RSAPrivateKey getPrivateKeyFromEncryptedXML(PrivateKeyType privateKeyType, String sharedSecret) throws StringprepException, XMLEncryptionException{
		RSAPrivateKey privkey2 = null;
		try{
		DocumentBuilder db = dbf.newDocumentBuilder();
        Document privateKeyDoc = db.newDocument();
        marshaller.marshal(privateKeyType, privateKeyDoc);
        
        Element encryptedDataElement =
            (Element) privateKeyDoc.getElementsByTagNameNS(
                EncryptionConstants.EncryptionSpecNS,
                EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);

        SecretKey sk = getSecretKeyFromPassphrase(sharedSecret,true, 24, KEY_PRIVATEKEYDATA);
                        
        XMLCipher xmlDecipher = XMLCipher.getProviderInstance(ENCRYPTION_ALGORITHMURI,"BC");
        
        xmlDecipher.init(XMLCipher.DECRYPT_MODE, sk);
       
        xmlDecipher.doFinal(privateKeyDoc, encryptedDataElement);
        
        JAXBElement<RSAKeyPairType> rSAKeyPair = (JAXBElement<RSAKeyPairType>) unmarshaller.unmarshal(privateKeyDoc.getDocumentElement().getFirstChild());
        
        RSAKeyPairType rSAKeyPairType = rSAKeyPair.getValue();
        
                
        RSAPrivateCrtKeySpec rSAPrivateKeySpec = new RSAPrivateCrtKeySpec(new BigInteger(rSAKeyPairType.getModulus()), new BigInteger(rSAKeyPairType.getExponent()), 
        		             new BigInteger(rSAKeyPairType.getD()), new BigInteger(rSAKeyPairType.getP()), 
        		             new BigInteger(rSAKeyPairType.getQ()), new BigInteger(rSAKeyPairType.getDP()),
        		             new BigInteger(rSAKeyPairType.getDQ()), new BigInteger(rSAKeyPairType.getInverseQ())); 
        
        privkey2 = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(rSAPrivateKeySpec);
        
		} catch (InvalidKeySpecException e) {
			log.error("Error decrypting private key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (NoSuchAlgorithmException e) {
			log.error("Error decrypting private key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (XMLSecurityException e) {
			log.error("Error decrypting private key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (JAXBException e) {
			log.error("Error decrypting private key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (ParserConfigurationException e) {
			log.error("Error decrypting private key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (Exception e) {
			log.error("Error decrypting private key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		}
		
		return privkey2;
	}
	
	/**
	 * Genereates a secret key from a passphrase according to the 
	 * XKMS specifikation. The HMAC-SHA1 algorithm is used.
	 * 
	 * The passphrase is first checked against SALSPrep profile
	 * according to the XKMS specificatiom 
	 * 
	 * @param passphrase the passphrase to use, may no be null
	 * @param performSASLprep if sASLprep should be called on the input string.
	 * @param keylength the length of the key returned.
	 * @param keyType one of the initial KEY_ constants
	 * @return The SecretKey used in encryption/decryption
	 * @throws StringprepException if the passphrase doesn't fullfull the SASLPrep profile
	 * @throws XMLEncryptionException If any other exception occured during generation.
	 */
	public static SecretKey getSecretKeyFromPassphrase(String passphrase, boolean performSASLprep, int keylength, byte[] keyType) throws  StringprepException, XMLEncryptionException{
		SecretKey retval = null;
		try{
		byte[] finalKey = new byte[keylength];
		
		int keyIndex = 0;		
		byte[] currentKey = keyType;
       

		Document doc = dbf.newDocumentBuilder().newDocument();        
        SignatureAlgorithm sa = new SignatureAlgorithm(doc,
        		SHAREDSECRET_HASH_ALGORITH,
                33);
        
        // Make the string saslpreped
        String sASLPrepedPassword = passphrase;
        if(performSASLprep){
        	sASLPrepedPassword= Stringprep.saslprep(passphrase);
        }
        
        while(keyIndex < keylength){
        	SecretKey sk = new SecretKeySpec(currentKey,
        			sa.getJCEAlgorithmString());

        	Mac m = Mac.getInstance("HmacSHA1");
        	m.init(sk);
        	m.update(sASLPrepedPassword.getBytes("ISO8859-1"));
        	byte[] mac = m.doFinal();
        	for(int i=0;i<mac.length;i++){
               if(keyIndex < keylength){
            	   finalKey[keyIndex] = mac[i];
            	   keyIndex++;
               }else{
            	   break;
               }
        	}
        	mac[0] = (byte) (mac[0] ^ currentKey[0]);
        	currentKey = mac;
        	
        	retval = new SecretKeySpec(finalKey,
        			sa.getJCEAlgorithmString());
        }
		}catch(IllegalMonitorStateException e){
			
		} catch (ParserConfigurationException e) {
			log.error("Error generating secret key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (XMLSecurityException e) {
			log.error("Error generating secret key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (NoSuchAlgorithmException e) {
			log.error("Error generating secret key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (InvalidKeyException e) {
			log.error("Error generating secret key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (IllegalStateException e) {
			log.error("Error generating secret key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		} catch (UnsupportedEncodingException e) {
			log.error("Error generating secret key", e);
			throw new XMLEncryptionException(e.getMessage(),e);
		}
        
        return  retval;
	}
	
	/**
	 * Method appending a authorization keybinding element to
	 * a requestDoc
	 * 
	 * @param requestDoc
	 * @param passphrase
	 * @param prototypeKeyBindingId
	 * @return the requestDoc with authorization appended
	 * @throws StringprepException if the passphrase doesn't fullfull the SASLPrep profile
	 * @throws XMLSecurityException If any other exception occured during generation.
	 */
	public static Document appendKeyBindingAuthentication(Document requestDoc,String passphrase, String prototypeKeyBindingId) throws StringprepException, XMLSecurityException{
	   	SecretKey sk = XKMSUtil.getSecretKeyFromPassphrase(passphrase, true, 20, XKMSUtil.KEY_AUTHENTICATION);
		
		org.apache.xml.security.signature.XMLSignature authXMLSig = new org.apache.xml.security.signature.XMLSignature(requestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_MAC_HMAC_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
		org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(requestDoc);		
		transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
		authXMLSig.addDocument("#" + prototypeKeyBindingId, transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);        			
	
		authXMLSig.sign(sk); 
		
		Element authenticationElement = requestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "Authentication");
		Element keyBindingAuthenticationElement = requestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "KeyBindingAuthentication");
		keyBindingAuthenticationElement.appendChild(authXMLSig.getElement().cloneNode(true));
		authenticationElement.appendChild(keyBindingAuthenticationElement);
		requestDoc.getDocumentElement().appendChild(authenticationElement);
        
        return requestDoc;
	}

    public static Document appendProofOfPossession(Document requestDoc,PrivateKey privateKey, String prototypeKeyBindingId)throws XMLSecurityException{
		org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(requestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
		Transforms transforms = new org.apache.xml.security.transforms.Transforms(requestDoc);		
		transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
		
		xmlSig.addDocument("#" + prototypeKeyBindingId, transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);        			
	
		xmlSig.sign(privateKey);   
		
        Element pOPElement = requestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "ProofOfPossession");
        pOPElement.appendChild(xmlSig.getElement().cloneNode(true));
        requestDoc.getDocumentElement().appendChild(pOPElement);
        
        return requestDoc;
    }
	
}