📄 pseutils.java
字号:
// certGen.setSignatureAlgorithm("SHA1withDSA");
certGen.setSignatureAlgorithm("SHA1WITHRSA");
// FIXME bondolo 20040317 needs fixing.
certGen.setSerialNumber(BigInteger.valueOf(1));
// return issuer info for generating service cert
IssuerInfo info = new IssuerInfo();
// the cert
info.cert = certGen.generateX509Certificate(signer, UTILS.srng);
// For saving service cert private key
info.subjectPkey = keypair.getPrivate();
// for signing service cert
info.issuer = (null == issuerinfo) ? info.cert : issuerinfo.cert;
// for signing service cert
info.issuerPkey = signer;
// dump the certificate?
if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
if (null == issuer) {
LOG.fine("Root Cert : \n" + info.cert.toString());
} else {
LOG.fine("Client Cert : \n" + info.cert.toString());
}
}
return info;
} catch (SignatureException e) {
if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.FINE, "Could not generate certificate", e);
}
SecurityException failure = new SecurityException("Could not generate certificate");
failure.initCause(e);
throw failure;
} catch (InvalidKeyException e) {
if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.FINE, "Could not generate certificate", e);
}
SecurityException failure = new SecurityException("Could not generate certificate");
failure.initCause(e);
throw failure;
} catch (IOException e) {
if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.FINE, "Could not generate certificate", e);
}
SecurityException failure = new SecurityException("Could not generate certificate");
failure.initCause(e);
throw failure;
}
}
/**
* return the CN token from the provided cert's subjectDN
*
* @param cert the certificate to examine
* @return the CN name or null if none could be found.
*/
public static String getCertSubjectCName(X509Certificate cert) {
// get the subject dname
X500Principal subject = cert.getSubjectX500Principal();
X509NameTokenizer tokens = new X509NameTokenizer(subject.getName());
// iterate over the attributes of the dname
while (tokens.hasMoreTokens()) {
String aToken = tokens.nextToken();
if (aToken.length() < 3) {
continue;
}
String attribute = aToken.substring(0, 3);
if ("CN=".equalsIgnoreCase(attribute)) {
return aToken.substring(3);
}
}
return null;
}
/**
* return the CN token from the provided cert's issuerDN
*
* @param cert the certificate to examine
* @return the CN name or null if none could be found.
*/
public static String getCertIssuerCName(X509Certificate cert) {
// get the subject dname
X500Principal issuer = cert.getIssuerX500Principal();
X509NameTokenizer tokens = new X509NameTokenizer(issuer.getName());
// iterate over the attributes of the dname
while (tokens.hasMoreTokens()) {
String aToken = tokens.nextToken();
if (aToken.length() < 3) {
continue;
}
String attribute = aToken.substring(0, 3);
if ("CN=".equalsIgnoreCase(attribute)) {
return aToken.substring(3);
}
}
return null;
}
/**
* Compute the signature of a stream.
*
* @param key the private key used to sign the stream
* @param stream the stream to sign.
* @return byte[] the signature
*/
public static byte[] computeSignature(String algorithm, PrivateKey key, InputStream stream) throws InvalidKeyException, SignatureException, IOException {
Signature sign;
try {
sign = Signature.getInstance(algorithm);
} catch (NoSuchAlgorithmException badsigner) {
throw new IOException("Could not initialize signer with algorithm " + algorithm);
}
sign.initSign(key, UTILS.srng);
byte[] buffer = new byte[1024];
while (true) {
int read = stream.read(buffer);
if (read < 0) {
break;
}
sign.update(buffer, 0, read);
}
return sign.sign();
}
/**
* Verify a signature of a stream.
*
* @param cert The certificate containing the public key which will be used
* to verify the signature.
* @param signature The signature to verify.
* @param stream The stream to verify.
* @return boolean true if the signature was valid otherwise false.
*/
public static boolean verifySignature(String algorithm, Certificate cert, byte[] signature, InputStream stream) throws InvalidKeyException, SignatureException, IOException {
Signature sign;
try {
sign = Signature.getInstance(algorithm);
} catch (NoSuchAlgorithmException badsigner) {
throw new IOException("Could not initialize signer with algorithm " + algorithm);
}
sign.initVerify(cert);
byte[] buffer = new byte[1024];
while (true) {
int read = stream.read(buffer);
if (read < 0) {
break;
}
sign.update(buffer, 0, read);
}
return sign.verify(signature);
}
/**
* returns a hash SHA-1 of the given byte array
*
* @param data the data to be hashed
* @return byte[] the hash of the data
*/
public static byte[] hash(String algorithm, byte[] data) {
try {
MessageDigest digest = MessageDigest.getInstance(algorithm);
return digest.digest(data);
} catch (NoSuchAlgorithmException e) {
return null;
}
}
/**
* We are trying to use : PBEWITHMD5ANDDES
*/
static final String PKCS5_PBSE1_ALGO = "PBEWITHMD5ANDDES";
/**
* Given a private key and a password, encrypt the private key using the
* PBESE1 algorithm.
*
* @param password The password which will be used.
* @param privkey The private key to be encrypted.
* @param iterations Number of iterations.
* @return An encrypted private key info or null if the key could not be
* encrypted.
*/
public static EncryptedPrivateKeyInfo pkcs5_Encrypt_pbePrivateKey(char[] password, PrivateKey privkey, int iterations) {
if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
LOG.fine("Encrypting " + privkey + " with \'" + new String(password) + "\'");
}
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
byte[] salt = new byte[8];
UTILS.srng.nextBytes(salt);
try {
PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, iterations);
// convert password into a SecretKey object, using a PBE key factory.
SecretKeyFactory keyFac = SecretKeyFactory.getInstance(PKCS5_PBSE1_ALGO);
SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);
// Create PBE Cipher
Cipher pbeCipher = Cipher.getInstance(PKCS5_PBSE1_ALGO);
// Initialize PBE Cipher with key and parameters
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);
byte[] encryptedPrivKey = pbeCipher.doFinal(privkey.getEncoded());
AlgorithmParameters algo = AlgorithmParameters.getInstance(PKCS5_PBSE1_ALGO);
algo.init(pbeParamSpec);
EncryptedPrivateKeyInfo result = new EncryptedPrivateKeyInfo(algo, encryptedPrivKey);
return result;
} catch (Exception failed) {
if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "Encrypt failed", failed);
}
return null;
}
}
/**
* Given an encrypted private key and a password, decrypt the private key
* using the PBESE1 algorithm.
*
* @param password The password which will be used.
* @param encryptedPrivKey The private key to be encrypted.
* @return The decrypted private key or null if the key could not be decrpyted.
*/
public static PrivateKey pkcs5_Decrypt_pbePrivateKey(char[] password, String algorithm, EncryptedPrivateKeyInfo encryptedPrivKey) {
if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
LOG.fine("Decrypting " + encryptedPrivKey + "/" + algorithm + " with \'" + new String(password) + "\'");
}
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
try {
AlgorithmParameters algo = encryptedPrivKey.getAlgParameters();
if (null == algo) {
if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
LOG.warning("Could not get algo parameters from " + encryptedPrivKey);
}
throw new IllegalStateException("Could not get algo parameters from " + encryptedPrivKey);
}
PBEParameterSpec pbeParamSpec = algo.getParameterSpec(PBEParameterSpec.class);
// convert password into a SecretKey object, using a PBE key factory.
try {
SecretKeyFactory keyFac = SecretKeyFactory.getInstance(PKCS5_PBSE1_ALGO);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -