📄 signeddataparser.java
字号:
if(jPriKey.getKeyType() == 1002)
keyType = 1;
else
throw new Exception("SignerDataParser(generateSignedData):the priKey type neither RSA nor ECC.");
DERInteger version = new DERInteger(1);
DEREncodableVector derV = new DEREncodableVector();
derV.add(new AlgorithmIdentifier(digestAlg));
DERSet digestAlgorithms = new DERSet(derV);
DEROctetString derO = new DEROctetString(sourceData);
ContentInfo contentInfo = null;
if(withContent)
contentInfo = new ContentInfo(contentType, derO);
else
contentInfo = new ContentInfo(contentType);
DERObjectIdentifier sigId = null;
if(keyType == 0)
{
if(digestAlg.equals(PKCSObjectIdentifiers.md2))
sigId = PKCSObjectIdentifiers.md2WithRSAEncryption;
else
if(digestAlg.equals(PKCSObjectIdentifiers.md5))
sigId = PKCSObjectIdentifiers.md5WithRSAEncryption;
else
if(digestAlg.equals(PKCSObjectIdentifiers.sha1))
sigId = PKCSObjectIdentifiers.sha1WithRSAEncryption;
else
throw new Exception(String.valueOf(String.valueOf((new StringBuffer("SignerDataParser(generateSignedData):not support digest algorithm:")).append(sigId.getId()).append(" in RSA signature."))));
} else
{
if(!digestAlg.equals(PKCSObjectIdentifiers.sha1))
throw new Exception(String.valueOf(String.valueOf((new StringBuffer("SignerDataParser(generateSignedData):not support digest algorithm:")).append(sigId.getId()).append(" in ECC signature."))));
sigId = PKCSObjectIdentifiers.sha1WithECEncryption;
}
SignerInfo signerInfo = generateSignerInfo(sourceData, issuerAndSN, jPriKey, sigId);
derV = new DEREncodableVector();
derV.add(signerInfo);
DERSet signerInfos = new DERSet(derV);
return new SignedData(version, digestAlgorithms, contentInfo, x509certs, crls, signerInfos);
}
public SignedData generateSignedData(boolean withContent, DERObjectIdentifier contentType, byte sourceData[], DERObjectIdentifier digestAlg, JKey jPriKey, ASN1Set x509certs, ASN1Set crls)
throws Exception
{
if(x509certs == null)
throw new Exception("SignedDataParser(generateSignedData): the X509Certs mustn't be null.");
X509CertificateStructure certStruc = X509CertificateStructure.getInstance(x509certs.getObjectAt(0));
X509Cert cert = new X509Cert(certStruc);
BigInteger sn = cert.getSerialNumber();
X509Name issuer = cert.getIssuer();
IssuerAndSerialNumber issuerAndSN = new IssuerAndSerialNumber(issuer, sn);
int keyType;
if(jPriKey.getKeyType() == 2)
keyType = 0;
else
if(jPriKey.getKeyType() == 1002)
keyType = 1;
else
throw new Exception("the priKey type neither RSA nor ECC.");
DERInteger version = new DERInteger(1);
DEREncodableVector derV = new DEREncodableVector();
derV.add(new AlgorithmIdentifier(digestAlg));
DERSet digestAlgorithms = new DERSet(derV);
DEROctetString derO = new DEROctetString(sourceData);
ContentInfo contentInfo = null;
if(withContent)
contentInfo = new ContentInfo(contentType, derO);
else
contentInfo = new ContentInfo(contentType);
DERObjectIdentifier sigId = null;
if(keyType == 0)
{
if(digestAlg.equals(PKCSObjectIdentifiers.md2))
sigId = PKCSObjectIdentifiers.md2WithRSAEncryption;
else
if(digestAlg.equals(PKCSObjectIdentifiers.md5))
sigId = PKCSObjectIdentifiers.md5WithRSAEncryption;
else
if(digestAlg.equals(PKCSObjectIdentifiers.sha1))
sigId = PKCSObjectIdentifiers.sha1WithRSAEncryption;
else
throw new Exception(String.valueOf(String.valueOf((new StringBuffer("not support digest algorithm:")).append(sigId.getId()).append(" in RSA signature."))));
} else
{
if(!digestAlg.equals(PKCSObjectIdentifiers.sha1))
throw new Exception(String.valueOf(String.valueOf((new StringBuffer("not support digest algorithm:")).append(sigId.getId()).append(" in ECC signature."))));
sigId = PKCSObjectIdentifiers.sha1WithECEncryption;
}
SignerInfo signerInfo = generateSignerInfo(sourceData, issuerAndSN, jPriKey, sigId);
derV = new DEREncodableVector();
derV.add(signerInfo);
DERSet signerInfos = new DERSet(derV);
return new SignedData(version, digestAlgorithms, contentInfo, x509certs, crls, signerInfos);
}
public SignedData generateSignedData(boolean withContent, DEREncodable contentObj, DERObjectIdentifier digestAlg, Pfx signerPfx, char pfxPwd[], ASN1Set x509certs, ASN1Set crls)
throws Exception
{
DERObjectIdentifier contentType = null;
if(contentObj instanceof SignedData)
contentType = PKCSObjectIdentifiers.signedData;
else
if(contentObj instanceof EnvelopedData)
contentType = PKCSObjectIdentifiers.envelopedData;
else
if(contentObj instanceof SignedAndEnvelopedData)
contentType = PKCSObjectIdentifiers.signedAndEnvelopedData;
else
if(contentObj instanceof DigestedData)
contentType = PKCSObjectIdentifiers.digestedData;
else
if(contentObj instanceof EncryptedData)
contentType = PKCSObjectIdentifiers.encryptedData;
else
contentType = PKCSObjectIdentifiers.data;
byte sourceData[] = null;
if(contentType.equals(PKCSObjectIdentifiers.data))
sourceData = ((ASN1OctetString)contentObj).getOctets();
else
sourceData = Parser.writeDERObj2Bytes(contentObj.getDERObject());
return generateSignedData(withContent, contentType, sourceData, digestAlg, signerPfx, pfxPwd, x509certs, crls);
}
public ContentInfo generateSignedDataContent(SignedData signedData)
{
return new ContentInfo(PKCSObjectIdentifiers.signedData, signedData);
}
public SignedData getSignedDataFromContentInfo(ContentInfo contentInfo)
throws Exception
{
if(!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData))
throw new Exception("the content type is not SignedData.");
else
return SignedData.getInstance(contentInfo.getContent());
}
public boolean verifySignedData(SignedData signedData, X509Cert pubCert)
throws Exception
{
ContentInfo contentInfo = signedData.getContentInfo();
byte sourceData[] = null;
if(contentInfo.getContentType().equals(PKCSObjectIdentifiers.data) || contentInfo.getContentType().equals(PKCSObjectIdentifiers.id_ct_TSTInfo))
sourceData = ((ASN1OctetString)contentInfo.getContent()).getOctets();
else
sourceData = Parser.writeDERObj2Bytes(contentInfo.getContent().getDERObject());
ASN1Set aset = signedData.getSignerInfos();
SignerInfo signerInfo = SignerInfo.getInstance(aset.getObjectAt(0));
return verifySignerInfo(sourceData, signerInfo, pubCert);
}
public boolean verifySignedData(SignedData signedData, byte content[], X509Cert pubCert)
throws Exception
{
ASN1Set aset = signedData.getSignerInfos();
SignerInfo signerInfo = SignerInfo.getInstance(aset.getObjectAt(0));
return verifySignerInfo(content, signerInfo, pubCert);
}
public DigestInfo generateDigestInfo(Mechanism digestM, byte data[])
throws Exception
{
int mType = digestM.getMechanismType();
AlgorithmIdentifier algId = null;
if(mType == 512)
algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2, null);
else
if(mType == 528)
algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, null);
else
if(mType == 544)
algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, null);
else
throw new Exception("SignedDataParser(generateDigestInfo): Not Support MessageDigest Algorithm:".concat(String.valueOf(String.valueOf(digestM.getMechanismType()))));
byte hashcode[] = session.digest(digestM, data);
return new DigestInfo(algId, hashcode);
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -