pkcs12parser.java

进行与数字证书相关开发必须的java源码

// Decompiled by Jad v1.5.7g. Copyright 2000 Pavel Kouznetsov.
// Jad home page: http://www.geocities.com/SiliconValley/Bridge/8617/jad.html
// Decompiler options: packimports(3) fieldsfirst ansi 
// Source File Name:   PKCS12Parser.java

package jit.asn1parser.pkcs;

import java.io.*;
import java.util.Vector;
import jit.asn1.*;
import jit.asn1.pkcs.*;
import jit.asn1.pkcs.pkcs12.*;
import jit.asn1.pkcs.pkcs7.*;
import jit.asn1.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import jit.asn1.pkcs.pkcs8.PrivateKeyInfo;
import jit.asn1.x509.*;
import jit.asn1.x9.X9ECParameters;
import jit.asn1.x9.X9PrivateKeyInfo;
import jit.asn1parser.Parser;
import jit.asn1parser.x509.X509Cert;
import jit.crypto.CipherParameters;
import jit.crypto.digests.*;
import jit.crypto.generators.PKCS12ParametersGenerator;
import jit.crypto.params.*;
import jit.cryptolib.toolkit.Crypto;
import jit.jcrypto.JKey;
import jit.math.BigInteger;

public class PKCS12Parser
{

    private Pfx pfx;
    private CertBag certBags[];
    private DEREncodable privateKeyInfo;
    private ContentInfo keyContent;
    private ContentInfo certContent;
    private byte password[];
    private boolean decrypted;
    private static final int ITERATIONS = 2000;

    public PKCS12Parser()
    {
        decrypted = false;
        pfx = null;
        certBags = null;
        privateKeyInfo = null;
        keyContent = null;
        certContent = null;
        password = null;
        decrypted = false;
    }

    public void load(Pfx _pfx)
    {
        pfx = _pfx;
    }

    public void load(String fileName)
    {
        try
        {
            FileInputStream fin = new FileInputStream(fileName);
            ASN1InputStream ais = new ASN1InputStream(fin);
            pfx = Pfx.getInstance(ais.readObject());
            ais.close();
            fin.close();
        }
        catch(Exception ex)
        {
            System.out.println(ex.toString());
        }
    }

    public void load(InputStream ins)
    {
        try
        {
            ASN1InputStream ais = new ASN1InputStream(ins);
            pfx = Pfx.getInstance(ais.readObject());
            ais.close();
            ins.close();
        }
        catch(Exception ex)
        {
            System.out.println(ex.toString());
        }
    }

    public void decrypt(char _password[])
        throws Exception
    {
        if(pfx == null)
            throw new Exception("you must load Pfx first.");
        try
        {
            password = PKCS12ParametersGenerator.PKCS12PasswordToBytes(_password);
            if(!verifyMac())
                throw new Exception("verifyMac faulture.");
            ContentInfo authSafe = pfx.getAuthSafe();
            ASN1OctetString octetString = ASN1OctetString.getInstance(authSafe.getContent());
            ASN1Sequence sequence = Parser.oct2Seq(octetString);
            AuthenticatedSafe authenticatedSafe = AuthenticatedSafe.getInstance(sequence);
            ContentInfo contentInfo[] = authenticatedSafe.getContentInfo();
            for(int i = 0; i < contentInfo.length; i++)
            {
                if(contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.data))
                {
                    keyContent = contentInfo[i];
                    continue;
                }
                if(contentInfo[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
                    certContent = contentInfo[i];
            }

            handleKeyContent(keyContent);
            handleCertContent(certContent);
            decrypted = true;
        }
        catch(Exception ex)
        {
            throw new Exception("the password may not rigtht.");
        }
    }

    public JKey getPrivateKey()
        throws Exception
    {
        if(!decrypted)
            throw new Exception("pfx file hasn't been decrypted yet.");
        ASN1Sequence s = (ASN1Sequence)privateKeyInfo;
        CipherParameters priKey = null;
        if(s.getObjectAt(1) instanceof ASN1Sequence)
        {
            PrivateKeyInfo pki = new PrivateKeyInfo(s);
            RSAPrivateKeyStructure stru = new RSAPrivateKeyStructure((ASN1Sequence)pki.getPrivateKey());
            priKey = new RSAPrivateCrtKeyParameters(stru.getModulus(), stru.getPublicExponent(), stru.getPrivateExponent(), stru.getPrime1(), stru.getPrime2(), stru.getExponent1(), stru.getExponent2(), stru.getCoefficient());
            return Parser.convert2JKey(2, priKey);
        } else
        {
            X9PrivateKeyInfo pki = new X9PrivateKeyInfo(s);
            priKey = pki.getPrivateKey();
            return Parser.convert2JKey(1002, priKey);
        }
    }

    public X509Cert[] getCertificates()
        throws Exception
    {
        if(!decrypted)
            throw new Exception("pfx file hasn't been decrypted yet.");
        ASN1OctetString oct = null;
        ASN1Sequence seq = null;
        Vector v = new Vector();
        for(int i = 0; i < certBags.length; i++)
        {
            DERObjectIdentifier certId = certBags[i].getCertId();
            if(certId.equals(PKCSObjectIdentifiers.x509certType))
            {
                oct = ASN1OctetString.getInstance(certBags[i].getCertValue());
                seq = Parser.oct2Seq(oct);
                X509CertificateStructure certStruc = X509CertificateStructure.getInstance(seq);
                X509Cert cert = new X509Cert(certStruc);
                v.add(cert);
                continue;
            }
            if(!certId.equals(PKCSObjectIdentifiers.sdsiCertType))
                throw new Exception("not support certBag type, id=".concat(String.valueOf(String.valueOf(certId.getId()))));
        }

        X509Cert certs[] = new X509Cert[v.size()];
        v.toArray(certs);
        return certs;
    }

    private boolean verifyMac()
        throws Exception
    {
        MacData macData = pfx.getMacData();
        DigestInfo digestInfo = macData.getMac();
        String oid = digestInfo.getAlgorithmId().getObjectId().getId();
        PKCS12ParametersGenerator p12gen = null;
        int keyLen = 0;
        int macType = 0;
        if(oid.equals("1.3.14.3.2.26"))
        {
            p12gen = new PKCS12ParametersGenerator(new SHA1Digest());
            keyLen = 160;
            macType = 4;
        } else
        if(oid.equals("1.2.840.113549.2.2"))
        {
            p12gen = new PKCS12ParametersGenerator(new MD2Digest());
            keyLen = 128;
        } else
        if(oid.equals("1.2.840.113549.2.5"))
        {
            p12gen = new PKCS12ParametersGenerator(new MD5Digest());
            keyLen = 128;
            macType = 40;
        } else
        {
            throw new Exception("not support digest algorithmIdentifier:".concat(String.valueOf(String.valueOf(oid))));
        }
        byte salt[] = macData.getSalt();
        int iterations = macData.getIterationCount().intValue();
        p12gen.init(password, salt, iterations);
        CipherParameters param = p12gen.generateDerivedMacParameters(keyLen);
        ASN1OctetString oct = ASN1OctetString.getInstance(pfx.getAuthSafe().getContent());
        byte content[] = oct.getOctets();
        byte my_digest[] = Crypto.generateHMAC(macType, param, content);
        byte digest[] = digestInfo.getDigest();
        return Crypto.isEqualArray(my_digest, digest);
    }

    private void handleCertContent(ContentInfo certContent)
        throws Exception
    {
        EncryptedData encryptedData = EncryptedData.getInstance(certContent.getContent());
        EncryptedContentInfo eci = encryptedData.getEncryptedContentInfo();
        PKCS12PBEParams pm = PKCS12PBEParams.getInstance(eci.getContentEncryptionAlgorithm().getParameters());
        byte salt[] = pm.getIV();
        int iterations = pm.getIterations().intValue();
        PKCS12ParametersGenerator p12gen = new PKCS12ParametersGenerator(new SHA1Digest());
        p12gen.init(password, salt, iterations);
        ASN1OctetString octetString = eci.getEncryptedContent();
        byte en_data[] = octetString.getOctets();
        byte de_data[] = pbeDecrypt(eci.getContentEncryptionAlgorithm().getObjectId(), p12gen, en_data);
        ByteArrayInputStream bis = new ByteArrayInputStream(de_data);
        ASN1InputStream ais = new ASN1InputStream(bis);