sigandenvelopparser.java

进行与数字证书相关开发必须的java源码

        byte CBCParamIV[] = doct.getOctets();
        cbcParam = new CBCParam(CBCParamIV);
        byte contentInfo[] = encryptedDataParser.decryptEncryptedContentInfo(encryptedContentInfo, contentEncryptionKey);
        ASN1Set signerInfos = sigAndEnvelop.getSignerInfos();
        SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(0));
        issuerAndSN = signerInfo.getIssuerAndSerialNumber();
        if(!acturalSignerIssuerAndSN.equals(issuerAndSN))
            throw new Exception("the IssuerAndSerialNumber of Signer Cert is not suitable.");
        byte encyrptedSignature[] = signerInfo.getEncryptedDigest().getOctets();
        byte signatue[] = doublyDecryption(encyrptedSignature, contentEncryptionAlg, contentEncryptionKey);
        AlgorithmIdentifier digestAlg = signerInfo.getDigestAlgorithm();
        AlgorithmIdentifier digestEncryptionAlg = signerInfo.getDigestEncryptionAlgorithm();
        boolean verify = verifySignatur(contentInfo, signatue, digestAlg, digestEncryptionAlg, signerPubKey);
        if(!verify)
            throw new Exception("signature is not verified");
        else
            return contentInfo;
    }

    public byte[] decodeSigAndEnvelop_extendC(SignedAndEnvelopedData sigAndEnvelop, Pfx recipientPfx, char pfxPwd[], X509Cert signerCert)
        throws Exception
    {
        SubjectPublicKeyInfo spki = signerCert.getSubjectPublicKeyInfo();
        SPKIParser spkiParser = new SPKIParser();
        JKey signerPubKey = spkiParser.getPublicKey(spki);
        BigInteger sn = signerCert.getSerialNumber();
        X509Name issuer = signerCert.getIssuer();
        IssuerAndSerialNumber acturalSignerIssuerAndSN = new IssuerAndSerialNumber(issuer, sn);
        PKCS12Parser p12Parser = new PKCS12Parser();
        p12Parser.load(recipientPfx);
        p12Parser.decrypt(pfxPwd);
        JKey recipientPriKey = p12Parser.getPrivateKey();
        X509Cert sCert[] = p12Parser.getCertificates();
        sn = sCert[0].getSerialNumber();
        issuer = sCert[0].getIssuer();
        IssuerAndSerialNumber acturalRecipientIssuerAndSN = new IssuerAndSerialNumber(issuer, sn);
        ASN1Set recipientInfos = sigAndEnvelop.getRecipientInfos();
        RecipientInfo recipientInfo = new RecipientInfo((ASN1Sequence)recipientInfos.getObjectAt(0));
        IssuerAndSerialNumber issuerAndSN = recipientInfo.getIssuerAndSerialNumber();
        if(!acturalRecipientIssuerAndSN.equals(issuerAndSN))
            throw new Exception("the IssuerAndSerialNumber of recipientor's Pfx is not suitable.");
        byte bEncryptedKey[] = recipientInfo.getEncryptedKey().getOctets();
        AlgorithmIdentifier keyEncryptionAlg = recipientInfo.getKeyEncryptionAlgorithm();
        byte contentEncryptKey[] = null;
        JMechanism mechanism = null;
        if(recipientPriKey.getKeyType() == 2)
        {
            if(!keyEncryptionAlg.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption))
                throw new Exception("wrong type of  keyEncryptKey");
            mechanism = new JMechanism(1);
        } else
        if(recipientPriKey.getKeyType() == 1002)
        {
            if(!keyEncryptionAlg.getObjectId().equals(PKCSObjectIdentifiers.ecEncryption))
                throw new Exception("wrong type of  keyEncryptKey");
            mechanism = new JMechanism(1026);
        }
        contentEncryptKey = session.decrypt(mechanism, recipientPriKey, bEncryptedKey);
        JKey contentEncryptionKey = new JKey(145, contentEncryptKey);
        EncryptedContentInfo encryptedContentInfo = sigAndEnvelop.getEncryptedContentInfo();
        AlgorithmIdentifier contentEncryptionAlg = encryptedContentInfo.getContentEncryptionAlgorithm();
        DERObjectIdentifier algOID = contentEncryptionAlg.getObjectId();
        if(!algOID.equals(PKCSObjectIdentifiers.desCBCEncryption) && !algOID.equals(PKCSObjectIdentifiers.rc2CBCEncryption) && !algOID.equals(PKCSObjectIdentifiers.des3CBCEncryption))
            throw new Exception("not support the contentEncryptionOID:".concat(String.valueOf(String.valueOf(algOID.getId()))));
        byte contentInfo[] = encryptedDataParser.decryptEncryptedContentInfo(encryptedContentInfo, contentEncryptionKey);
        ASN1Set signerInfos = sigAndEnvelop.getSignerInfos();
        SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(0));
        issuerAndSN = signerInfo.getIssuerAndSerialNumber();
        if(!acturalSignerIssuerAndSN.equals(issuerAndSN))
            throw new Exception("the IssuerAndSerialNumber of Signer Cert is not suitable.");
        byte encyrptedSignature[] = signerInfo.getEncryptedDigest().getOctets();
        byte signatue[] = encyrptedSignature;
        AlgorithmIdentifier digestAlg = signerInfo.getDigestAlgorithm();
        AlgorithmIdentifier digestEncryptionAlg = signerInfo.getDigestEncryptionAlgorithm();
        boolean verify = verifySignatur(encryptedContentInfo.getEncryptedContent().getOctets(), signatue, digestAlg, digestEncryptionAlg, signerPubKey);
        if(!verify)
            throw new Exception("signature is not verified");
        else
            return contentInfo;
    }

    public byte[] decodeSigAndEnvelop_extendC(SignedAndEnvelopedData sigAndEnvelop, X509Cert recipientCert, JKey recipientPriKey, X509Cert signerCert)
        throws Exception
    {
        SubjectPublicKeyInfo spki = signerCert.getSubjectPublicKeyInfo();
        SPKIParser spkiParser = new SPKIParser();
        JKey signerPubKey = spkiParser.getPublicKey(spki);
        BigInteger sn = signerCert.getSerialNumber();
        X509Name issuer = signerCert.getIssuer();
        IssuerAndSerialNumber acturalSignerIssuerAndSN = new IssuerAndSerialNumber(issuer, sn);
        sn = recipientCert.getSerialNumber();
        issuer = recipientCert.getIssuer();
        IssuerAndSerialNumber acturalRecipientIssuerAndSN = new IssuerAndSerialNumber(issuer, sn);
        ASN1Set recipientInfos = sigAndEnvelop.getRecipientInfos();
        RecipientInfo recipientInfo = new RecipientInfo((ASN1Sequence)recipientInfos.getObjectAt(0));
        IssuerAndSerialNumber issuerAndSN = recipientInfo.getIssuerAndSerialNumber();
        if(!acturalRecipientIssuerAndSN.equals(issuerAndSN))
            throw new Exception("the IssuerAndSerialNumber of recipientor's Pfx is not suitable.");
        byte bEncryptedKey[] = recipientInfo.getEncryptedKey().getOctets();
        AlgorithmIdentifier keyEncryptionAlg = recipientInfo.getKeyEncryptionAlgorithm();
        byte contentEncryptKey[] = null;
        JMechanism mechanism = null;
        if(recipientPriKey.getKeyType() == 2)
        {
            if(!keyEncryptionAlg.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption))
                throw new Exception("wrong type of  keyEncryptKey");
            mechanism = new JMechanism(1);
        } else
        if(recipientPriKey.getKeyType() == 1002)
        {
            if(!keyEncryptionAlg.getObjectId().equals(PKCSObjectIdentifiers.ecEncryption))
                throw new Exception("wrong type of  keyEncryptKey");
            mechanism = new JMechanism(1026);
        }
        contentEncryptKey = session.decrypt(mechanism, recipientPriKey, bEncryptedKey);
        JKey contentEncryptionKey = new JKey(145, contentEncryptKey);
        EncryptedContentInfo encryptedContentInfo = sigAndEnvelop.getEncryptedContentInfo();
        AlgorithmIdentifier contentEncryptionAlg = encryptedContentInfo.getContentEncryptionAlgorithm();
        DERObjectIdentifier algOID = contentEncryptionAlg.getObjectId();
        if(!algOID.equals(PKCSObjectIdentifiers.desCBCEncryption) && !algOID.equals(PKCSObjectIdentifiers.rc2CBCEncryption) && !algOID.equals(PKCSObjectIdentifiers.des3CBCEncryption))
            throw new Exception("not support the contentEncryptionOID:".concat(String.valueOf(String.valueOf(algOID.getId()))));
        byte contentInfo[] = encryptedDataParser.decryptEncryptedContentInfo(encryptedContentInfo, contentEncryptionKey);
        ASN1Set signerInfos = sigAndEnvelop.getSignerInfos();
        SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(0));
        issuerAndSN = signerInfo.getIssuerAndSerialNumber();
        if(!acturalSignerIssuerAndSN.equals(issuerAndSN))
            throw new Exception("the IssuerAndSerialNumber of Signer Cert is not suitable.");
        byte encyrptedSignature[] = signerInfo.getEncryptedDigest().getOctets();
        byte signatue[] = encyrptedSignature;
        AlgorithmIdentifier digestAlg = signerInfo.getDigestAlgorithm();
        AlgorithmIdentifier digestEncryptionAlg = signerInfo.getDigestEncryptionAlgorithm();
        boolean verify = verifySignatur(encryptedContentInfo.getEncryptedContent().getOctets(), signatue, digestAlg, digestEncryptionAlg, signerPubKey);
        if(!verify)
            throw new Exception("signature is not verified");
        else
            return contentInfo;
    }

    public ContentInfo generateSigAndEnvelopContent(SignedAndEnvelopedData sigAndEnvelopData)
    {
        return new ContentInfo(PKCSObjectIdentifiers.signedAndEnvelopedData, sigAndEnvelopData);
    }

    public SignedAndEnvelopedData getSigAndEnvelopFromContentInfo(ContentInfo contentInfo)
        throws Exception
    {
        if(!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedAndEnvelopedData))
            throw new Exception("content type is not SignedAndEnvelopedData");
        else
            return SignedAndEnvelopedData.getInstance(contentInfo.getContent());
    }

    private byte[] encodeRSASignature(DERObjectIdentifier mdId, byte digest[])
        throws Exception
    {
        DEROctetString derOct = new DEROctetString(digest);
        AlgorithmIdentifier algSign = new AlgorithmIdentifier(mdId, null);
        DEREncodableVector tempv = new DEREncodableVector();
        tempv.add(algSign);
        tempv.add(derOct);
        DERSequence seqv = new DERSequence(tempv);
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        DEROutputStream dos = new DEROutputStream(bos);
        dos.writeObject(seqv.getDERObject());
        return bos.toByteArray();
    }

    private byte[] encodeECDSASignature(byte signedData[])
        throws Exception
    {
        ByteArrayInputStream bis = new ByteArrayInputStream(signedData);
        DERInputStream dis = new DERInputStream(bis);
        ASN1Sequence seq = (ASN1Sequence)dis.readObject();
        AlgorithmIdentifier algSign = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithECEncryption, null);
        DEREncodableVector tempv = new DEREncodableVector();
        tempv.add(algSign);
        tempv.add(seq);
        DERSequence seqv = new DERSequence(tempv);
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        DEROutputStream dos = new DEROutputStream(bos);
        dos.writeObject(seqv.getDERObject());
        return bos.toByteArray();
    }

    private byte[] decodeECCSignature(byte signature[])
        throws Exception
    {
        ByteArrayInputStream bis = new ByteArrayInputStream(signature);
        DERInputStream dis = new DERInputStream(bis);
        ASN1Sequence asnSeq = (ASN1Sequence)dis.readObject();
        AlgorithmIdentifier algSign = new AlgorithmIdentifier((ASN1Sequence)asnSeq.getObjectAt(0));
        if(!algSign.getObjectId().equals(PKCSObjectIdentifiers.sha1WithECEncryption))
        {
            throw new Exception("Algorithm Not Math，Algorithm must be PKCSObjectIdentifiers.sha1WithECEncryption");
        } else
        {
            asnSeq = (ASN1Sequence)asnSeq.getObjectAt(1);
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            DEROutputStream dos = new DEROutputStream(bos);
            dos.writeObject(asnSeq.getDERObject());
            return bos.toByteArray();
        }
    }

    private boolean isEqualArray(byte a[], byte b[])
    {
        if(a.length != b.length)
            return false;
        for(int i = 0; i < a.length; i++)
            if(a[i] != b[i])
                return false;

        return true;
    }
}