📄 sigandenvelopparser.java
字号:
digestAlg = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, null);
mechanism = new JMechanism(544);
} else
if(singnatureAlg.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
{
digestAlg = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, null);
digestEncryptionAlg = new AlgorithmIdentifier(PKCSObjectIdentifiers.ecEncryption, null);
mechanism = new JMechanism(544);
} else
{
throw new Exception("unsupported signature algorithm identifier");
}
hashContentInfo = session.digest(mechanism, contentInfo);
return hashContentInfo;
}
private byte[] generateSignature(byte contentInfo[], DERObjectIdentifier singnatureAlgOID, JKey singnatureKey)
throws Exception
{
byte hash[] = generateHash(contentInfo, singnatureAlgOID);
byte encodedHash[] = null;
byte signature[] = null;
JMechanism mechanism = null;
DERObjectIdentifier mdID = null;
if(singnatureKey.getKeyType() == 2)
{
if(singnatureAlgOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("signature algorithm is not match up to the signature key");
if(singnatureAlgOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption))
mdID = PKCSObjectIdentifiers.md2;
else
if(singnatureAlgOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption))
mdID = PKCSObjectIdentifiers.md5;
else
mdID = PKCSObjectIdentifiers.sha1;
encodedHash = encodeRSASignature(mdID, hash);
mechanism = new JMechanism(1);
signature = session.encrypt(mechanism, singnatureKey, encodedHash);
} else
if(singnatureKey.getKeyType() == 1002)
{
if(!singnatureAlgOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("signature algorithm is not match up to the signature key");
mechanism = new JMechanism(1027);
signature = session.sign(mechanism, singnatureKey, hash);
signature = encodeECDSASignature(signature);
} else
{
throw new Exception("unsupported type of signature key");
}
return signature;
}
private byte[] doublyEncryption(byte signature[], DERObjectIdentifier doublyEncryptionAlgOID, JKey doublyEncryptionKey)
throws Exception
{
byte doublyEncryptionDigest[] = null;
JMechanism mechanism = null;
if(doublyEncryptionAlgOID.equals(PKCSObjectIdentifiers.desCBCEncryption))
mechanism = new JMechanism(290, cbcParam);
else
if(doublyEncryptionAlgOID.equals(PKCSObjectIdentifiers.des3CBCEncryption))
mechanism = new JMechanism(307, cbcParam);
else
if(doublyEncryptionAlgOID.equals(PKCSObjectIdentifiers.rc2CBCEncryption))
mechanism = new JMechanism(258, cbcParam);
else
throw new Exception("unsupported symmetric algorithm identifier".concat(String.valueOf(String.valueOf(doublyEncryptionAlgOID.getId()))));
doublyEncryptionDigest = session.encrypt(mechanism, doublyEncryptionKey, signature);
return doublyEncryptionDigest;
}
public SignerInfo generateSignerInfo(byte contentInfo[], IssuerAndSerialNumber issuerAndSerialNumber, DERObjectIdentifier singnatureAlgOID, DERObjectIdentifier doublyEncryptionAlgOID, JKey jSingnatureKey, JKey jDoublyEncryptionKey)
throws Exception
{
byte signature[] = generateSignature(contentInfo, singnatureAlgOID, jSingnatureKey);
if(cbcParam == null)
throw new Exception("CBCParam is not exist,must call generateEncryptedContentInfo() firstly");
byte doublyEncryptionDigest[] = doublyEncryption(signature, doublyEncryptionAlgOID, jDoublyEncryptionKey);
DERInteger version = new DERInteger(1);
DEROctetString octetDoublyEncryption = new DEROctetString(doublyEncryptionDigest);
if(issuerAndSerialNumber == null)
{
throw new Exception("the IssuerAndSerialNubmer in SignerInfo must not be null.");
} else
{
SignerInfo signerInfo = new SignerInfo(version, issuerAndSerialNumber, digestAlg, null, digestEncryptionAlg, octetDoublyEncryption, null);
return signerInfo;
}
}
public SignerInfo generateSignerInfo_extendC(byte contentInfo[], IssuerAndSerialNumber issuerAndSerialNumber, DERObjectIdentifier singnatureAlgOID, JKey jSingnatureKey)
throws Exception
{
byte signature[] = generateSignature(contentInfo, singnatureAlgOID, jSingnatureKey);
byte doublyEncryptionDigest[] = signature;
DERInteger version = new DERInteger(1);
DEROctetString octetDoublyEncryption = new DEROctetString(doublyEncryptionDigest);
if(issuerAndSerialNumber == null)
{
throw new Exception("the IssuerAndSerialNubmer in SignerInfo must not be null.");
} else
{
SignerInfo signerInfo = new SignerInfo(version, issuerAndSerialNumber, digestAlg, null, digestEncryptionAlg, octetDoublyEncryption, null);
return signerInfo;
}
}
private byte[] doublyDecryption(byte encyrptedSignature[], AlgorithmIdentifier contentEncryptionAlg, JKey doublyEncryptionKey)
throws Exception
{
byte signature[] = null;
DERObjectIdentifier doublyEncryptionAlgOID = contentEncryptionAlg.getObjectId();
JMechanism mechanism = null;
if(doublyEncryptionAlgOID.equals(PKCSObjectIdentifiers.desCBCEncryption))
mechanism = new JMechanism(290, cbcParam);
else
if(doublyEncryptionAlgOID.equals(PKCSObjectIdentifiers.des3CBCEncryption))
mechanism = new JMechanism(307, cbcParam);
else
mechanism = new JMechanism(258, cbcParam);
signature = session.decrypt(mechanism, doublyEncryptionKey, encyrptedSignature);
return signature;
}
private boolean verifySignatur(byte content[], byte signature[], AlgorithmIdentifier digestAlg, AlgorithmIdentifier digestEncryptionAlg, JKey signerPubKey)
throws Exception
{
DERObjectIdentifier digesOID = digestAlg.getObjectId();
DERObjectIdentifier digestEncryptionOID = digestEncryptionAlg.getObjectId();
byte hash[] = null;
JMechanism mechanism = null;
if(digesOID.equals(PKCSObjectIdentifiers.md2))
mechanism = new JMechanism(512);
else
if(digesOID.equals(PKCSObjectIdentifiers.md5))
mechanism = new JMechanism(528);
else
if(digesOID.equals(PKCSObjectIdentifiers.sha1))
mechanism = new JMechanism(544);
else
throw new Exception("not support DigestMessage algorithm:".concat(String.valueOf(String.valueOf(digesOID.getId()))));
hash = session.digest(mechanism, content);
boolean verify = false;
if(signerPubKey.getKeyType() == 1)
if(!digestEncryptionOID.equals(PKCSObjectIdentifiers.rsaEncryption))
{
throw new Exception("unsupported digest encryption algrithm");
} else
{
mechanism = new JMechanism(1);
byte encodedHash[] = encodeRSASignature(digesOID, hash);
byte decryptEncodedHash[] = session.decrypt(mechanism, signerPubKey, signature);
return isEqualArray(encodedHash, decryptEncodedHash);
}
if(signerPubKey.getKeyType() == 1001)
{
if(!digestEncryptionOID.equals(PKCSObjectIdentifiers.ecEncryption))
{
throw new Exception("unsupported digest encryption algrithm");
} else
{
mechanism = new JMechanism(1027);
byte decodedSignature[] = decodeECCSignature(signature);
return session.verifySign(mechanism, signerPubKey, hash, decodedSignature);
}
} else
{
throw new Exception("unsupported type of signer publicKey ");
}
}
public byte[] decodeSigAndEnvelop(SignedAndEnvelopedData sigAndEnvelop, Pfx recipientPfx, char pfxPwd[], X509Cert signerCert)
throws Exception
{
SubjectPublicKeyInfo spki = signerCert.getSubjectPublicKeyInfo();
SPKIParser spkiParser = new SPKIParser();
JKey signerPubKey = spkiParser.getPublicKey(spki);
BigInteger sn = signerCert.getSerialNumber();
X509Name issuer = signerCert.getIssuer();
IssuerAndSerialNumber acturalSignerIssuerAndSN = new IssuerAndSerialNumber(issuer, sn);
PKCS12Parser p12Parser = new PKCS12Parser();
p12Parser.load(recipientPfx);
p12Parser.decrypt(pfxPwd);
JKey recipientPriKey = p12Parser.getPrivateKey();
X509Cert sCert[] = p12Parser.getCertificates();
sn = sCert[0].getSerialNumber();
issuer = sCert[0].getIssuer();
IssuerAndSerialNumber acturalRecipientIssuerAndSN = new IssuerAndSerialNumber(issuer, sn);
ASN1Set recipientInfos = sigAndEnvelop.getRecipientInfos();
RecipientInfo recipientInfo = new RecipientInfo((ASN1Sequence)recipientInfos.getObjectAt(0));
IssuerAndSerialNumber issuerAndSN = recipientInfo.getIssuerAndSerialNumber();
if(!acturalRecipientIssuerAndSN.equals(issuerAndSN))
throw new Exception("the IssuerAndSerialNumber of recipientor's Pfx is not suitable.");
byte bEncryptedKey[] = recipientInfo.getEncryptedKey().getOctets();
AlgorithmIdentifier keyEncryptionAlg = recipientInfo.getKeyEncryptionAlgorithm();
byte contentEncryptKey[] = null;
JMechanism mechanism = null;
if(recipientPriKey.getKeyType() == 2)
{
if(!keyEncryptionAlg.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption))
throw new Exception("wrong type of keyEncryptKey");
mechanism = new JMechanism(1);
} else
if(recipientPriKey.getKeyType() == 1002)
{
if(!keyEncryptionAlg.getObjectId().equals(PKCSObjectIdentifiers.ecEncryption))
throw new Exception("wrong type of keyEncryptKey");
mechanism = new JMechanism(1026);
}
contentEncryptKey = session.decrypt(mechanism, recipientPriKey, bEncryptedKey);
JKey contentEncryptionKey = new JKey(145, contentEncryptKey);
EncryptedContentInfo encryptedContentInfo = sigAndEnvelop.getEncryptedContentInfo();
AlgorithmIdentifier contentEncryptionAlg = encryptedContentInfo.getContentEncryptionAlgorithm();
DERObjectIdentifier algOID = contentEncryptionAlg.getObjectId();
if(!algOID.equals(PKCSObjectIdentifiers.desCBCEncryption) && !algOID.equals(PKCSObjectIdentifiers.rc2CBCEncryption) && !algOID.equals(PKCSObjectIdentifiers.des3CBCEncryption))
throw new Exception("not support the contentEncryptionOID:".concat(String.valueOf(String.valueOf(algOID.getId()))));
DEROctetString doct = (DEROctetString)contentEncryptionAlg.getParameters();
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -