jcesecuritymodule.java

java pos,你可以直接编译运行,

    /**
     * Generates a random clear key component.<br>
     * Used by Console, that's why it is package protected.
     * @param keyLength
     * @return clear key componenet
     * @throws SMException
     */
    String generateClearKeyComponent (short keyLength) throws SMException {
        String clearKeyComponenetHexString;
        SimpleMsg[] cmdParameters =  {
            new SimpleMsg("parameter", "Key Length", keyLength)
        };
        LogEvent evt = new LogEvent(this, "s-m-operation");
        evt.addMessage(new SimpleMsg("command", "Generate Clear Key Component", cmdParameters));
        
        try {
            Key clearKey = jceHandler.generateDESKey(keyLength);
            byte[] clearKeyData = jceHandler.extractDESKeyMaterial(keyLength, clearKey);
            clearKeyComponenetHexString = ISOUtil.hexString(clearKeyData);
            evt.addMessage(new SimpleMsg("result", "Generated Clear Key Componenet", clearKeyComponenetHexString));
        } catch (JCEHandlerException e) {
            evt.addMessage(e);
            throw  e;
        } finally {
            Logger.log(evt);
        }
        return  clearKeyComponenetHexString;
    }

    /**
     * Generates key check value.<br>
     * Though not confidential, it is used only by Console,
     * that's why it is package protected.
     * @param keyLength
     * @param keyType
     * @param KEYunderLMKHexString
     * @return SecureDESKey object with its check value set
     * @throws SMException
     */
    SecureDESKey generateKeyCheckValue (short keyLength, String keyType, String KEYunderLMKHexString) throws SMException {
        SecureDESKey secureDESKey = null;
        byte[] keyCheckValue;
        SimpleMsg[] cmdParameters =  {
            new SimpleMsg("parameter", "Key Length", keyLength),
            new SimpleMsg("parameter", "Key Type", keyType),
            new SimpleMsg("parameter", "Key under LMK", KEYunderLMKHexString),
        };
        LogEvent evt = new LogEvent(this, "s-m-operation");
        evt.addMessage(new SimpleMsg("command", "Generate Key Check Value", cmdParameters));
        try {
            secureDESKey = new SecureDESKey(keyLength, keyType,
                KEYunderLMKHexString, "");
            keyCheckValue = calculateKeyCheckValue(decryptFromLMK(secureDESKey));
            secureDESKey.setKeyCheckValue(keyCheckValue);
            evt.addMessage(new SimpleMsg("result", "Key with Check Value", secureDESKey));
        } catch (JCEHandlerException e) {
            evt.addMessage(e);
            throw  e;
        } finally {
            Logger.log(evt);
        }
        return  secureDESKey;
    }

    /**
     * Forms a key from 3 clear components and returns it encrypted under its corresponding LMK
     * The corresponding LMK is determined from the keyType
     * @param keyLength e.g. LENGTH_DES, LENGTH_DES3_2, LENGTH_DES3_3, ..
     * @param keyType possible values are those defined in the SecurityModule inteface. e.g., ZMK, TMK,...
     * @param clearComponent1HexString HexString containing the first component
     * @param clearComponent2HexString HexString containing the second component
     * @param clearComponent3HexString HexString containing the second component
     * @return forms an SecureDESKey from two clear components
     * @throws SMException
     */
    SecureDESKey formKEYfromThreeClearComponents (short keyLength, String keyType,
            String clearComponent1HexString, String clearComponent2HexString, String clearComponent3HexString) throws SMException {
        SecureDESKey secureDESKey;
        SimpleMsg[] cmdParameters =  {
            new SimpleMsg("parameter", "Key Length", keyLength),
            new SimpleMsg("parameter", "Key Type", keyType),
            new SimpleMsg("parameter", "Clear Componenent 1", clearComponent1HexString),
            new SimpleMsg("parameter", "Clear Componenent 2", clearComponent2HexString),
            new SimpleMsg("parameter", "Clear Componenent 3", clearComponent3HexString)
        };
        LogEvent evt = new LogEvent(this, "s-m-operation");
        evt.addMessage(new SimpleMsg("command", "Form Key from Three Clear Components", cmdParameters));
        try {
            byte[] clearComponent1 = ISOUtil.hex2byte(clearComponent1HexString);
            byte[] clearComponent2 = ISOUtil.hex2byte(clearComponent2HexString);
            byte[] clearComponent3 = ISOUtil.hex2byte(clearComponent3HexString);
            byte[] clearKeyBytes = ISOUtil.xor(ISOUtil.xor(clearComponent1, clearComponent2),
                    clearComponent3);
            Key clearKey = null;
            clearKey = jceHandler.formDESKey(keyLength, clearKeyBytes);
            secureDESKey = encryptToLMK(keyLength, keyType, clearKey);
            evt.addMessage(new SimpleMsg("result", "Formed Key", secureDESKey));
        } catch (JCEHandlerException e) {
            evt.addMessage(e);
            throw  e;
        } finally {
            Logger.log(evt);
        }
        return  secureDESKey;
    }

    /**
     * Calculates a key check value over a clear key
     * @param key
     * @return the key check value
     * @exception SMException
     */
    byte[] calculateKeyCheckValue (Key key) throws SMException {
        byte[] encryptedZeroBlock = jceHandler.encryptData(zeroBlock, key);
        byte[] keyCheckValue = ISOUtil.trim(encryptedZeroBlock, 3);
        return  keyCheckValue;
    }

    /**
     * Encrypts a clear DES Key under LMK to form a SecureKey
     * @param keyLength
     * @param keyType
     * @param clearDESKey
     * @return secureDESKey
     * @throws SMException
     */
    private SecureDESKey encryptToLMK (short keyLength, String keyType, Key clearDESKey) throws SMException {
        SecureDESKey secureDESKey = null;
        byte[] encryptedKeyDataArray = jceHandler.encryptDESKey(keyLength, clearDESKey,
                getLMK(keyType));
        secureDESKey = new SecureDESKey(keyLength, keyType, encryptedKeyDataArray,
                calculateKeyCheckValue(clearDESKey));
        return  secureDESKey;
    }

    /**
     * Decrypts a secure DES key from encryption under LMK
     * @param secureDESKey (Key under LMK)
     * @return clear key
     * @throws SMException
     */
    private Key decryptFromLMK (SecureDESKey secureDESKey) throws SMException {
        Key key = null;
        byte[] keyBytes = secureDESKey.getKeyBytes();
        short keyLength = secureDESKey.getKeyLength();
        String keyType = secureDESKey.getKeyType();
        key = jceHandler.decryptDESKey(keyLength, keyBytes, getLMK(keyType), true);
        return  key;
    }

    /**
     * Calculates the clear PIN Block
     * @param pin as entered by the card holder on the PIN entry device
     * @param pinBlockFormat
     * @param accountNumber (the 12 right-most digits of the account number excluding the check digit)
     * @return The clear PIN Block
     * @throws SMException
     *
     */
    private byte[] calculatePINBlock (String pin, byte pinBlockFormat, String accountNumber) throws SMException {
        byte[] pinBlock = null;
        if (pin.length() > MAX_PIN_LENGTH)
            throw  new SMException("Invalid PIN length: " + pin.length());
        if (accountNumber.length() != 12)
            throw  new SMException("Invalid Account Number: " + accountNumber + ". The length of the account number must be 12 (the 12 right-most digits of the account number excluding the check digit)");
        switch (pinBlockFormat) {
            case FORMAT00: // same as FORMAT01
            case FORMAT01:
                {
                    // Block 1
                    String block1 = null;
                    byte[] block1ByteArray;
                    switch (pin.length()) {
                        // pin length then pad with 'F'
                        case 4:
                            block1 = "04" + pin + "FFFFFFFFFF";
                            break;
                        case 5:
                            block1 = "05" + pin + "FFFFFFFFF";
                            break;
                        case 6:
                            block1 = "06" + pin + "FFFFFFFF";
                            break;
                        default:
                            throw  new SMException("Unsupported PIN Length: " +
                                    pin.length());
                    }
                    block1ByteArray = ISOUtil.hex2byte(block1);
                    // Block 2
                    String block2;
                    byte[] block2ByteArray = null;
                    block2 = "0000" + accountNumber;
                    block2ByteArray = ISOUtil.hex2byte(block2);
                    // pinBlock
                    pinBlock = ISOUtil.xor(block1ByteArray, block2ByteArray);
                }
                ;
                break;
            case FORMAT03: 
                {
                    if(pin.length() < 4 || pin.length() > 12) 
                        throw new SMException("Unsupported PIN Length: " + 
                                pin.length());
                    pinBlock = ISOUtil.hex2byte (
                        pin + "FFFFFFFFFFFFFFFF".substring(pin.length(),16)
                    );
                }
                break;
            default:
                throw  new SMException("Unsupported PIN format: " + pinBlockFormat);
        }
        return  pinBlock;
    }

    /**
     * Calculates the clear pin (as entered by card holder on the pin entry device)
     * givin the clear PIN block
     * @param pinBlock clear PIN Block
     * @param pinBlockFormat
     * @param accountNumber
     * @return the pin
     * @throws SMException
     */
    private String calculatePIN (byte[] pinBlock, byte pinBlockFormat, String accountNumber) throws SMException {
        String pin = null;
        int pinLength;
        if (accountNumber.length() != 12)
            throw  new SMException("Invalid Account Number: " + accountNumber + ". The length of the account number must be 12 (the 12 right-most digits of the account number excluding the check digit)");
        switch (pinBlockFormat) {
            case FORMAT00: // same as format 01
            case FORMAT01:
                {
                    // Block 2
                    String block2;
                    block2 = "0000" + accountNumber;
                    byte[] block2ByteArray = ISOUtil.hex2byte(block2);
                    // get Block1
                    byte[] block1ByteArray = ISOUtil.xor(pinBlock, block2ByteArray);
                    pinLength = Math.abs (block1ByteArray[0]);
                    if (pinLength > MAX_PIN_LENGTH)
                        throw  new SMException("PIN Block Error");
                    // get pin