📄 pkcs11signer.java

📁 java 实现的签名方案
💻 JAVA
📖 第 1 页 / 共 4 页
字号:
        long certificateHandle = -1L;        if (sessionHandle < 0 || id == null)            return -1L;        log.println("find certificate from id.");        // now get the certificate with the same ID as the signature key        CK_ATTRIBUTE[] attributeTemplateList = new CK_ATTRIBUTE[2];        attributeTemplateList[0] = new CK_ATTRIBUTE();        attributeTemplateList[0].type = PKCS11Constants.CKA_CLASS;        attributeTemplateList[0].pValue = new Long(                PKCS11Constants.CKO_CERTIFICATE);        attributeTemplateList[1] = new CK_ATTRIBUTE();        attributeTemplateList[1].type = PKCS11Constants.CKA_ID;        attributeTemplateList[1].pValue = id;        pkcs11Module.C_FindObjectsInit(getSession(), attributeTemplateList);        long[] availableCertificates = pkcs11Module.C_FindObjects(getSession(),                100);        //maximum of 100 at once        if (availableCertificates == null) {            log.println("null returned - no certificate found");        } else {            log.println("found " + availableCertificates.length                    + " certificates with matching ID");            for (int i = 0; i < availableCertificates.length; i++) {                if (i == 0) { // the first we find, we take as our certificate                    certificateHandle = availableCertificates[i];                    System.out.print("for verification we use ");                }                log.println("certificate " + i);            }        }        pkcs11Module.C_FindObjectsFinal(getSession());        return certificateHandle;    }    /**     * Finds a certificate matching the given textual label.     *      * @param label     * @return the handle of the certificate, or -1 if not found.     * @throws PKCS11Exception     */    public long findCertificateFromLabel(char[] label) throws PKCS11Exception {        long sessionHandle = getSession();        long certificateHandle = -1L;        if (sessionHandle < 0 || label == null)            return -1L;        log.println("find certificate from label.");        // now get the certificate with the same ID as the signature key        CK_ATTRIBUTE[] attributeTemplateList = new CK_ATTRIBUTE[2];        attributeTemplateList[0] = new CK_ATTRIBUTE();        attributeTemplateList[0].type = PKCS11Constants.CKA_CLASS;        attributeTemplateList[0].pValue = new Long(                PKCS11Constants.CKO_CERTIFICATE);        attributeTemplateList[1] = new CK_ATTRIBUTE();        attributeTemplateList[1].type = PKCS11Constants.CKA_LABEL;        attributeTemplateList[1].pValue = label;        pkcs11Module.C_FindObjectsInit(getSession(), attributeTemplateList);        long[] availableCertificates = pkcs11Module.C_FindObjects(getSession(),                100);        //maximum of 100 at once        if (availableCertificates == null) {            log.println("null returned - no certificate found");        } else {            log.println("found " + availableCertificates.length                    + " certificates with matching ID");            for (int i = 0; i < availableCertificates.length; i++) {                if (i == 0) { // the first we find, we take as our certificate                    certificateHandle = availableCertificates[i];                    System.out.print("for verification we use ");                }                log.println("certificate " + i);            }        }        pkcs11Module.C_FindObjectsFinal(getSession());        return certificateHandle;    }    /**     * Searches the certificate corresponding to the private key identified by     * the given handle; this method assumes that corresponding certificates and     * private keys are sharing the same byte[] IDs.     *      * @param signatureKeyHandle     *            the handle of a private key.     * @return the handle of the certificate corrisponding to the given key.     * @throws PKCS11Exception     */    public long findCertificateFromSignatureKeyHandle(long signatureKeyHandle)            throws PKCS11Exception {        long sessionHandle = getSession();        long certificateHandle = -1L;        if (sessionHandle < 0)            return -1L;        log.println("\nFind certificate from signature key handle: "                + signatureKeyHandle);        // first get the ID of the signature key        CK_ATTRIBUTE[] attributeTemplateList = new CK_ATTRIBUTE[1];        attributeTemplateList[0] = new CK_ATTRIBUTE();        attributeTemplateList[0].type = PKCS11Constants.CKA_ID;        pkcs11Module.C_GetAttributeValue(getSession(), signatureKeyHandle,                attributeTemplateList);        byte[] keyAndCertificateID = (byte[]) attributeTemplateList[0].pValue;        log.println("ID of signature key: "                + Functions.toHexString(keyAndCertificateID));        return findCertificateFromID(keyAndCertificateID);    }    /**     * Searches the private key corresponding to the certificate identified by     * the given handle; this method assumes that corresponding certificates and     * private keys are sharing the same byte[] IDs.     *      * @param certHandle     *            the handle of a certificate.     * @return the handle of the private key corrisponding to the given     *         certificate.     * @throws PKCS11Exception     */    public long findSignatureKeyFromCertificateHandle(long certHandle)            throws PKCS11Exception {        long sessionHandle = getSession();        long keyHandle = -1L;        if (sessionHandle < 0)            return -1L;        log.println("\nFind signature key from certificate with handle: "                + certHandle);        // first get the ID of the signature key        CK_ATTRIBUTE[] attributeTemplateList = new CK_ATTRIBUTE[1];        attributeTemplateList[0] = new CK_ATTRIBUTE();        attributeTemplateList[0].type = PKCS11Constants.CKA_ID;        pkcs11Module.C_GetAttributeValue(getSession(), certHandle,                attributeTemplateList);        byte[] keyAndCertificateID = (byte[]) attributeTemplateList[0].pValue;        log                .println("ID of cert: "                        + Functions.toHexString(keyAndCertificateID));        return findSignatureKeyFromID(keyAndCertificateID);    }    /**     * Returns the DER encoded certificate corresponding to the given label, as     * read from the token.     *      * @param label     *            the object label on the token.     * @return the DER encoded certificate, as byte[]     * @throws UnsupportedEncodingException     * @throws TokenException     */    public byte[] getDEREncodedCertificateFromLabel(String label)            throws TokenException {        System.out.println("reading DER encoded certificate bytes");        byte[] certBytes = null;        long sessionHandle = getSession();        if (sessionHandle < 0)            return null;        long certificateHandle = findCertificateFromLabel(label.toCharArray());        certBytes = getDEREncodedCertificate(certificateHandle);        return certBytes;    }    /**     * Returns the DER encoded certificate identified by the given handle, as     * read from the token.     *      * @param certHandle     *            the handleof the certificate on the token.     * @return the DER encoded certificate, as a byte array.     * @throws UnsupportedEncodingException     * @throws TokenException     */    public byte[] getDEREncodedCertificate(long certHandle)            throws PKCS11Exception {        System.out.println("reading certificate bytes");        byte[] certBytes = null;        CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[1];        template[0] = new CK_ATTRIBUTE();        template[0].type = PKCS11Constants.CKA_VALUE;        pkcs11Module.C_GetAttributeValue(getSession(), certHandle, template);        certBytes = (byte[]) template[0].pValue;        return certBytes;    }    public byte[] getDEREncodedCertificate(long certHandle, long sessionHandle)            throws PKCS11Exception {        System.out.println("reading certificate bytes");        byte[] certBytes = null;        CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[1];        template[0] = new CK_ATTRIBUTE();        template[0].type = PKCS11Constants.CKA_VALUE;        pkcs11Module.C_GetAttributeValue(sessionHandle, certHandle, template);        certBytes = (byte[]) template[0].pValue;        return certBytes;    }    /**     * Gets the cryptoki library name.     *      * @return the current cryptoki library name.     */    public java.lang.String getCryptokiLibrary() {        return cryptokiLibrary;    }    /*     * // look for a RSA key and try signature... currently not used //     * MD5_RSA_PKCS dos not works as expected (MD5 + PKCS#1 encryption public     * byte[] getEncryptedDigest(String label, byte[] data) {     *      * byte[] encryptedDigest = null;     *      * PKCS11Session s = getSession(); if (s == null) return null;     *      * //log.println(s.getInfo() + "\n"); log.println("Getting PKCS11 Private     * key labeled '" + label + "'..."); int[] attrtypes = { PKCS11Object.CLASS,     * PKCS11Object.KEY_TYPE, PKCS11Object.LABEL };     *      * Object[] attrvalues = { PKCS11Object.PRIVATE_KEY, // CLASS     * PKCS11Object.RSA, // KEY_TYPE label //LABEL };     *      * s.findObjectsInit(attrtypes, attrvalues); PKCS11Object rsaPrivKey =     * s.findObject(); s.findObjectsFinal();     *      * if (rsaPrivKey == null) log.println("sorry, no RSA private key on     * token."); else { log.println("Private key Found."); //log.println("RSA     * priv key:\n" + rsaPrivKey + "\n"); log.println("generating digest ...");     *      * //String msg = "message to sign "; // pad to multiple of 8 !!! //byte[]     * plain = msg.getBytes();     *      * java.math.BigInteger dataLengthBI = java.math.BigInteger     * .valueOf(data.length); int remainder =     * dataLengthBI.mod(java.math.BigInteger.valueOf(8)) .intValue(); byte[]     * plain = (remainder != 0) ? new byte[8 - remainder + data.length] : new     * byte[data.length];     *      * for (int i = 0; i < data.length; i++) plain[i] = data[i];     *      * byte[] signature = new byte[256]; // sign...     * s.signInit(PKCS11Mechanism.MD5_RSA_PKCS, null, rsaPrivKey);     *      * int n = s.sign(plain, 0, data.length, signature, 0); log.print("signature     * (first " + n + " bytes):\n" + PKCS11Object.bytesToString(signature, 0) +     * "\n"); encryptedDigest = new byte[n]; for (int i = 0; i <     * encryptedDigest.length; i++) encryptedDigest[i] = signature[i]; }     *      * return encryptedDigest; }     */    /**     * Gets the java wrapper for the cryptoki.     *      * @return the java wrapper for the cryptoki.     */    private PKCS11 getPkcs11() {        return pkcs11Module;    }    /*     * public void getPrivateKey(PKCS11Helper helper, String label) {     *      * PKCS11Session s = getSession(); if (s == null) return;     *      * //log.println(s.getInfo() + "\n"); log.println("Getting PKCS11 Private     * key labeled '" + label + "'..."); int[] attrtypes = { PKCS11Object.CLASS,     * PKCS11Object.KEY_TYPE //, PKCS11Object.LABEL //gives an error     * sometimes!!!! , PKCS11Object.ID //better method };     *      * Object[] attrvalues = { PKCS11Object.PRIVATE_KEY, // CLASS     * PKCS11Object.RSA // KEY_TYPE //,label //LABEL , label.getBytes() };     *      * s.findObjectsInit(attrtypes, attrvalues); PKCS11Object rsaPrivKey = null;     * byte[] id = null; do { rsaPrivKey = s.findObject(); if (rsaPrivKey !=     * null) { //log.println(rsaPrivKey); id = (byte[])     * rsaPrivKey.getAttributeValue(PKCS11Object.ID); try { log     * .println("Private key Found:\t" + new String(id, "UTF8")); } catch     * (java.io.UnsupportedEncodingException ueo) { log.println(ueo); } } }     * while (rsaPrivKey != null); s.findObjectsFinal(); }     */    /**     * Gets the current session handle.     *      * @return the <code>long</code> identifying the current session.     */    private long getSession() {        return sessionHandle;    }    /**     * Finalizes PKCS#11 operations; note this NOT actually unloads the native     * library.
💿 文件大小 1287 K
👤 上传用户 qq735970242
📂 所属分类 Java编程
🏷️ 相关标签

#java #签名方案
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -