📄 pkcs12parser.java

📁 进行与数字证书相关开发必须的java源码
💻 JAVA
📖 第 1 页 / 共 2 页
字号:
上一页 12
        SafeContents safeContents = SafeContents.getInstance((ASN1Sequence)ais.readObject());
        SafeBag safeBag[] = safeContents.getSafeBag();
        Vector v = new Vector();
        ASN1Set set = null;
        for(int i = 0; i < safeBag.length; i++)
            if(safeBag[i].getBagId().equals(PKCSObjectIdentifiers.certBag))
            {
                CertBag cb = CertBag.getInstance(safeBag[i].getBagValue());
                set = safeBag[i].getBagAttributes();
                v.add(cb);
            }

        certBags = new CertBag[v.size()];
        v.toArray(certBags);
    }

    private void handleKeyContent(ContentInfo keyContent)
        throws Exception
    {
        ASN1OctetString octetString = ASN1OctetString.getInstance(keyContent.getContent());
        ASN1Sequence sequence = Parser.oct2Seq(octetString);
        SafeContents safeContents = SafeContents.getInstance(sequence);
        SafeBag safeBag[] = safeContents.getSafeBag();
        SafeBag keyBag = safeBag[0];
        if(keyBag.getBagId().equals(PKCSObjectIdentifiers.keyBag))
            privateKeyInfo = new PrivateKeyInfo((ASN1Sequence)keyBag.getBagValue());
        else
        if(keyBag.getBagId().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
        {
            EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo((ASN1Sequence)keyBag.getBagValue());
            PKCS12PBEParams pm = PKCS12PBEParams.getInstance(epki.getEncryptionAlgorithm().getParameters());
            byte salt[] = pm.getIV();
            int iterations = pm.getIterations().intValue();
            PKCS12ParametersGenerator p12gen = new PKCS12ParametersGenerator(new SHA1Digest());
            p12gen.init(password, salt, iterations);
            byte en_data[] = epki.getEncryptedData();
            byte de_data[] = pbeDecrypt(epki.getEncryptionAlgorithm().getObjectId(), p12gen, en_data);
            ByteArrayInputStream bis = new ByteArrayInputStream(de_data);
            ASN1InputStream ais = new ASN1InputStream(bis);
            privateKeyInfo = (ASN1Sequence)ais.readObject();
            ASN1Set set = keyBag.getBagAttributes();
            Attribute attribute = Attribute.getInstance(set.getObjectAt(0));
        } else
        {
            throw new Exception("handle keyBag error. bagId = ".concat(String.valueOf(String.valueOf(keyBag.getBagId().getId()))));
        }
    }

    private byte[] pbeDecrypt(DERObjectIdentifier oid, PKCS12ParametersGenerator p12gen, byte en_data[])
        throws Exception
    {
        CipherParameters param = null;
        if(oid.equals(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC))
        {
            param = p12gen.generateDerivedParameters(192, 64);
            return Crypto.cipherEncode(9, false, param, en_data);
        }
        if(oid.equals(PKCSObjectIdentifiers.pbeWithSHAAnd2DESCBC))
        {
            param = p12gen.generateDerivedParameters(128, 64);
            return Crypto.cipherEncode(9, false, param, en_data);
        }
        if(oid.equals(PKCSObjectIdentifiers.pbeWithSHAAnd128RC2CBC))
        {
            param = p12gen.generateDerivedParameters(128, 64);
            return Crypto.cipherEncode(11, false, param, en_data);
        }
        if(oid.equals(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC))
        {
            param = p12gen.generateDerivedParameters(40, 64);
            return Crypto.cipherEncode(11, false, param, en_data);
        } else
        {
            throw new Exception("not support pkcs12pbe algorithm: ".concat(String.valueOf(String.valueOf(oid.getId()))));
        }
    }

    public Pfx generatePfx(JKey jprvKey, X509Cert x509cert, char _password[])
        throws Exception
    {
        X509CertificateStructure cert = x509cert.getCertStructure();
        password = PKCS12ParametersGenerator.PKCS12PasswordToBytes(_password);
        EncryptedPrivateKeyInfo epki = generateEPKI(Parser.conver2CipherParam(jprvKey));
        DERInteger dint = cert.getSerialNumber();
        byte sn[] = Parser.writeDERObj2Bytes(dint);
        DEROctetString osn = new DEROctetString(sn);
        DEREncodableVector derV = new DEREncodableVector();
        derV.add(osn);
        DERSet derSet = new DERSet(derV);
        Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, derSet);
        derV = new DEREncodableVector();
        derV.add(attribute);
        derSet = new DERSet(derV);
        SafeBag keyBag = new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, epki.getDERObject(), derSet);
        SafeBag keyBags[] = new SafeBag[1];
        keyBags[0] = keyBag;
        SafeContents safeContents = new SafeContents(keyBags);
        DEROctetString octString = new DEROctetString(Parser.writeDERObj2Bytes(safeContents.getDERObject()));
        ContentInfo keyContent = new ContentInfo(PKCSObjectIdentifiers.data, octString);
        ContentInfo contentInfos[] = new ContentInfo[2];
        contentInfos[0] = keyContent;
        octString = new DEROctetString(Parser.writeDERObj2Bytes(cert.getDERObject()));
        CertBag certBag = new CertBag(PKCSObjectIdentifiers.x509certType, octString);
        SafeBag sbag = new SafeBag(PKCSObjectIdentifiers.certBag, certBag.getDERObject(), derSet);
        SafeBag certBags[] = new SafeBag[1];
        certBags[0] = sbag;
        safeContents = new SafeContents(certBags);
        EncryptedData encryptedData = encryptedCertContents(safeContents);
        ContentInfo certContent = new ContentInfo(PKCSObjectIdentifiers.encryptedData, encryptedData.getDERObject());
        contentInfos[1] = certContent;
        AuthenticatedSafe authenticatedSafe = new AuthenticatedSafe(contentInfos);
        octString = new DEROctetString(Parser.writeDERObj2Bytes(authenticatedSafe.getDERObject()));
        ContentInfo authSafe = new ContentInfo(PKCSObjectIdentifiers.data, octString);
        MacData macData = generateMacData(authSafe);
        return new Pfx(authSafe, macData);
    }

    public void generatePfxFile(JKey jprvKey, X509Cert cert, char _password[], String fileName)
        throws Exception
    {
        pfx = generatePfx(jprvKey, cert, _password);
        FileOutputStream fos = new FileOutputStream(fileName);
        DEROutputStream dos = new DEROutputStream(fos);
        dos.writeObject(pfx);
        dos.close();
        fos.close();
    }

    private EncryptedData encryptedCertContents(DEREncodable safeContents)
        throws Exception
    {
        byte salt[] = Crypto.generateSalt();
        PKCS12ParametersGenerator p12gen = new PKCS12ParametersGenerator(new SHA1Digest());
        p12gen.init(password, salt, 2000);
        CipherParameters param = p12gen.generateDerivedParameters(40, 64);
        byte en_data[] = Crypto.cipherEncode(11, true, param, Parser.writeDERObj2Bytes(safeContents.getDERObject()));
        DEROctetString octString = new DEROctetString(en_data);
        DEREncodableVector vector = new DEREncodableVector();
        DEROctetString de0 = new DEROctetString(salt);
        DERInteger deI = new DERInteger(2000);
        vector.add(de0);
        vector.add(deI);
        DERSequence deSeq = new DERSequence(vector);
        AlgorithmIdentifier algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd40RC2CBC, deSeq);
        EncryptedContentInfo eci = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algId, octString);
        return new EncryptedData(new DERInteger(0), eci);
    }

    private MacData generateMacData(ContentInfo authSafe)
        throws Exception
    {
        byte salt[] = Crypto.generateSalt();
        PKCS12ParametersGenerator p12gen = new PKCS12ParametersGenerator(new SHA1Digest());
        p12gen.init(password, salt, 2000);
        CipherParameters param = p12gen.generateDerivedMacParameters(160);
        ASN1OctetString oct = ASN1OctetString.getInstance(authSafe.getContent());
        byte da[] = oct.getOctets();
        byte hmac[] = Crypto.generateHMAC(4, param, da);
        DigestInfo digestInfo = new DigestInfo(new AlgorithmIdentifier(new DERObjectIdentifier("1.3.14.3.2.26")), hmac);
        return new MacData(digestInfo, salt, 2000);
    }

    private EncryptedPrivateKeyInfo generateEPKI(CipherParameters priKey)
        throws Exception
    {
        DEREncodable pki = null;
        if(priKey instanceof RSAKeyParameters)
            pki = generateRSAPriKeyInfo(priKey);
        else
        if(priKey instanceof ECKeyParameters)
            pki = generateECCPriKeyInfo(priKey);
        else
            throw new Exception("not support key type:".concat(String.valueOf(String.valueOf(priKey.getClass().getName()))));
        byte salt[] = Crypto.generateSalt();
        PKCS12ParametersGenerator p12gen = new PKCS12ParametersGenerator(new SHA1Digest());
        p12gen.init(password, salt, 2000);
        CipherParameters param = p12gen.generateDerivedParameters(192, 64);
        byte en_data[] = Crypto.cipherEncode(9, true, param, Parser.writeDERObj2Bytes(pki.getDERObject()));
        DEROctetString deS = new DEROctetString(en_data);
        DEREncodableVector vector = new DEREncodableVector();
        DEROctetString de0 = new DEROctetString(salt);
        DERInteger deI = new DERInteger(2000);
        vector.add(de0);
        vector.add(deI);
        DERSequence deSeq = new DERSequence(vector);
        AlgorithmIdentifier algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC, deSeq);
        return new EncryptedPrivateKeyInfo(algId, deS.getOctets());
    }

    private DEREncodable generateRSAPriKeyInfo(CipherParameters param)
    {
        AlgorithmIdentifier algid = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, null);
        RSAPrivateCrtKeyParameters privateKey = (RSAPrivateCrtKeyParameters)param;
        RSAPrivateKeyStructure RSAPrvStructure = new RSAPrivateKeyStructure(privateKey.getModulus(), privateKey.getPublicExponent(), privateKey.getExponent(), privateKey.getP(), privateKey.getQ(), privateKey.getDP(), privateKey.getDQ(), privateKey.getQInv());
        return new PrivateKeyInfo(algid, RSAPrvStructure.getDERObject());
    }

    private DEREncodable generateECCPriKeyInfo(CipherParameters priKey)
    {
        ECPrivateKeyParameters ecPriKey = (ECPrivateKeyParameters)priKey;
        DEROctetString d = new DEROctetString(ecPriKey.getD().toByteArray());
        ECDomainParameters ecdp = ecPriKey.getParameters();
        X9ECParameters x9Params = new X9ECParameters(ecdp.getCurve(), ecdp.getG(), ecdp.getN(), ecdp.getH());
        return new X9PrivateKeyInfo(d, x9Params);
    }

    public void reset()
    {
        pfx = null;
        certBags = null;
        privateKeyInfo = null;
        keyContent = null;
        certContent = null;
        password = null;
        decrypted = false;
    }

    public Pfx getPfx()
    {
        return pfx;
    }

    static 
    {
        ITERATIONS = 2000;
    }
}
上一页 12
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -