📄 x509cert.java
字号:
public void setSignatureAlg(AlgorithmIdentifier alg)
throws Exception
{
DERObjectIdentifier algOID = alg.getObjectId();
if(!algOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption) && !algOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption) && !algOID.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !algOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
{
throw new Exception("unsupported type of signature algorithm");
} else
{
signatureAlg = alg;
tbsCertGen.setSignature(alg);
return;
}
}
public void setIssuer(X509Name issuerName)
{
tbsCertGen.setIssuer(issuerName);
}
public void setNotBefore(Time notBefore)
{
tbsCertGen.setStartDate(notBefore);
}
public void setNotAfter(Time notAfter)
{
tbsCertGen.setEndDate(notAfter);
}
public void setSubject(X509Name subjet)
{
tbsCertGen.setSubject(subjet);
}
public void setSubjectPubKeyInfo(SubjectPublicKeyInfo spki)
{
tbsCertGen.setSubjectPublicKeyInfo(spki);
}
public void setIssuerUniqueID(DERBitString issuerUniqueID)
{
tbsCertGen.setIssuerUniqueID(issuerUniqueID);
}
public void setSubjectUniqueID(DERBitString subjectUniqueID)
{
tbsCertGen.setSubjectUniqueID(subjectUniqueID);
}
public void setExtensions(X509Extensions extensions)
{
tbsCertGen.setExtensions(extensions);
}
private byte[] generateHash(Session session, byte bTBSCert[])
throws Exception
{
if(signatureAlg == null)
throw new Exception("signature algorithm must be set");
DERObjectIdentifier algOID = signatureAlg.getObjectId();
byte hashTBSCertList[] = null;
JMechanism mechanism = null;
if(algOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption))
mechanism = new JMechanism(512);
else
if(algOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption))
mechanism = new JMechanism(528);
else
mechanism = new JMechanism(544);
hashTBSCertList = session.digest(mechanism, bTBSCert);
return hashTBSCertList;
}
private void generateSignature(Session session, JKey jPriKey)
throws Exception
{
tbsCertificate = tbsCertGen.generateTBSCertificate();
byte bTBSCert[] = Parser.writeDERObj2Bytes(tbsCertificate.getDERObject());
byte hashTBSCert[] = generateHash(session, bTBSCert);
byte encodedHashTBSCert[] = null;
byte signature[] = null;
JMechanism mechanism = null;
DERObjectIdentifier algOID = signatureAlg.getObjectId();
if(jPriKey.getKeyType() == 2)
{
if(algOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("signature key is not mactch up to the signature algorithm");
DERObjectIdentifier mdID = null;
if(algOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption))
mdID = PKCSObjectIdentifiers.md2;
else
if(algOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption))
mdID = PKCSObjectIdentifiers.md5;
else
mdID = PKCSObjectIdentifiers.sha1;
encodedHashTBSCert = encodeRSASignature(mdID, hashTBSCert);
mechanism = new JMechanism(1);
signature = session.encrypt(mechanism, jPriKey, encodedHashTBSCert);
} else
if(jPriKey.getKeyType() == 1002)
{
if(!algOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("signature key is not mactch up to the signature algorithm");
mechanism = new JMechanism(1027);
signature = session.sign(mechanism, jPriKey, hashTBSCert);
signature = encodeECDSASignature(signature);
} else
{
throw new Exception("unsupported type of signature key");
}
signatureValue = new DERBitString(signature);
}
private byte[] constructCertificate()
throws Exception
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCertificate);
v.add(signatureAlg);
v.add(signatureValue);
DERSequence derSeq = new DERSequence(v);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(derSeq.getDERObject());
return bos.toByteArray();
}
public byte[] generateX509Cert(Session session, JKey prikey)
throws Exception
{
generateSignature(session, prikey);
return constructCertificate();
}
public void generateX509Cert(Session session, JKey prikey, String certFileName)
throws Exception
{
generateSignature(session, prikey);
FileOutputStream fos = new FileOutputStream(certFileName);
fos.write(constructCertificate());
fos.flush();
fos.close();
}
private byte[] encodeRSASignature(DERObjectIdentifier mdId, byte digest[])
throws Exception
{
DEROctetString derOct = new DEROctetString(digest);
AlgorithmIdentifier algSign = new AlgorithmIdentifier(mdId, null);
DEREncodableVector tempv = new DEREncodableVector();
tempv.add(algSign);
tempv.add(derOct);
DERSequence seqv = new DERSequence(tempv);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(seqv.getDERObject());
return bos.toByteArray();
}
private byte[] encodeECDSASignature(byte signedData[])
throws Exception
{
ByteArrayInputStream bis = new ByteArrayInputStream(signedData);
DERInputStream dis = new DERInputStream(bis);
ASN1Sequence seq = (ASN1Sequence)dis.readObject();
AlgorithmIdentifier algSign = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithECEncryption, null);
DEREncodableVector tempv = new DEREncodableVector();
tempv.add(algSign);
tempv.add(seq);
DERSequence seqv = new DERSequence(tempv);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(seqv.getDERObject());
return bos.toByteArray();
}
private byte[] decodeECCSignature(byte signature[])
throws Exception
{
ByteArrayInputStream bis = new ByteArrayInputStream(signature);
DERInputStream dis = new DERInputStream(bis);
ASN1Sequence asnSeq = (ASN1Sequence)dis.readObject();
AlgorithmIdentifier algSign = new AlgorithmIdentifier((ASN1Sequence)asnSeq.getObjectAt(0));
if(!algSign.getObjectId().equals(PKCSObjectIdentifiers.sha1WithECEncryption))
{
throw new Exception("Algorithm Not Math,Algorithm must be PKCSObjectIdentifiers.sha1WithECEncryption");
} else
{
asnSeq = (ASN1Sequence)asnSeq.getObjectAt(1);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(asnSeq.getDERObject());
return bos.toByteArray();
}
}
private boolean isEqualArray(byte a[], byte b[])
{
if(a.length != b.length)
return false;
for(int i = 0; i < a.length; i++)
if(a[i] != b[i])
return false;
return true;
}
public boolean verifyCertSign(Session session, JKey pubKey)
throws Exception
{
AlgorithmIdentifier sigAlg = getSignatureAlg();
DERObjectIdentifier derOID = sigAlg.getObjectId();
if(!derOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption) && !derOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption) && !derOID.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !derOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("unsupported type of signature algorithm");
JMechanism mechanism = null;
DERObjectIdentifier mdOID = null;
if(derOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption))
{
mdOID = PKCSObjectIdentifiers.md2;
mechanism = new JMechanism(512);
} else
if(derOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption))
{
mdOID = PKCSObjectIdentifiers.md5;
mechanism = new JMechanism(528);
} else
{
mdOID = PKCSObjectIdentifiers.sha1;
mechanism = new JMechanism(544);
}
byte tbsCert[] = getTBSCertificate();
byte signature[] = getSignature();
byte hash[] = session.digest(mechanism, tbsCert);
if(!derOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
{
mechanism = new JMechanism(1);
byte encodedHash[] = encodeRSASignature(mdOID, hash);
byte decryptEncodedHash[] = session.decrypt(mechanism, pubKey, signature);
return isEqualArray(encodedHash, decryptEncodedHash);
} else
{
mechanism = new JMechanism(1027);
signature = decodeECCSignature(signature);
return session.verifySign(mechanism, pubKey, hash, signature);
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -