wefree/min-dev-java
1
0
Fork 0
mirror of https://gitee.com/willfree/min-dev-java.git synced 2026-06-18 06:00:25 +08:00
Code Issues Projects Releases Wiki Activity

cert 初步测试通过

Browse Source
This commit is contained in:
ghy
2021-03-06 20:13:13 +08:00
parent 262b2c5194
commit 86fcb65c3c
12 changed files with 266 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pom.xml
+21
View File
@@ -55,6 +55,27 @@
<version>1.15</version>
</dependency>
<!-- json -->
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.2.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.2.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.2.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.json/json -->
</dependencies>
</project>
src/main/java/minsecurity/Common.java
+4
View File
@@ -25,6 +25,10 @@ public class Common {
public static final int ContentCommitment = 0;
public static final int DataEncipherment = 1;
public static final int CertSign = 2;
/* tpyeOfCert */
public static final int InnerCertificate = 0;
public static final int Certificate = 1;
public static final int TbsCertificate = 2;
// public enum Storage {
// SQLITE;
// }
src/main/java/minsecurity/certificate/cert/CertUtils.java
+57 -22
View File
@@ -1,8 +1,14 @@
package minsecurity.certificate.cert;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import minsecurity.Common;
import minsecurity.crypto.PublicKeyInterface;
import minsecurity.crypto.sm2.Sm2PublicKey;
import minsecurity.crypto.PublicKeyUtils;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import org.slf4j.LoggerFactory;
import java.io.IOException;
/*
* @Author: hongyu guo
@@ -12,7 +18,7 @@ import minsecurity.crypto.sm2.Sm2PublicKey;
* @Copyright: MIN-Group;国家重大科技基础设施——未来网络北大实验室;深圳市信息论与未来网络重点实验室
*/
public class CertUtils {
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(CertUtils.class);
public static final int VERSION1 = 1;
public static InnerCertificate parseCertToInnerCert(Certificate certificate){
@@ -42,7 +48,7 @@ public class CertUtils {
certificate.setVersion(i.getTbsCertificate().getVersion());
certificate.setSerialNumber(i.getTbsCertificate().getSerialNumber());
PublicKeyInterface publicKey = unMarshalPublicKey(i.getTbsCertificate().getPublicKey(),i.getSignatureAlgorithm());
PublicKeyInterface publicKey = PublicKeyUtils.unMarshalPublicKey(i.getTbsCertificate().getPublicKey(),i.getSignatureAlgorithm());
certificate.setPublicKey(publicKey);
certificate.setSignature(i.getSignatureValue());
certificate.setSignatureAlgorithm(i.getTbsCertificate().getSignatureAlgorithm());
@@ -58,36 +64,29 @@ public class CertUtils {
return certificate;
}
public static PublicKeyInterface unMarshalPublicKey(byte[] bytesOfPublicKey, int algorithm) {
if (bytesOfPublicKey == null || bytesOfPublicKey.length == 0) {
return null;
}
switch (algorithm) {
case Common.SM2:
Sm2PublicKey sm2PublicKey = new Sm2PublicKey();
sm2PublicKey.setBytes(bytesOfPublicKey);
return sm2PublicKey;
default:
return null;
}
}
public static boolean checkDuration(InnerCertificate innerCertificate){
long curTime = System.currentTimeMillis();
if(innerCertificate.getTbsCertificate().getNotAfter() > curTime)
// logger.debug("current time: {}", curTime);
if(innerCertificate.getTbsCertificate().getNotAfter() < curTime)
return false;
if(innerCertificate.getTbsCertificate().getNotBefore() < curTime)
if(innerCertificate.getTbsCertificate().getNotBefore() > curTime)
return false;
return true;
}
// cur = 1615018693993
// notbefore = 1615018693858
// notafter = 1615018694058
public static boolean checkSign(InnerCertificate cert, PublicKeyInterface publicKey) throws Exception {
switch (cert.getTbsCertificate().getSignatureAlgorithm()){
case Common.SM3withSM2:
// TODO: 证书序列化方法
byte[] bytesOfCert = serialization(cert);
byte[] bytesOfCert = serialization(cert.getTbsCertificate());
logger.debug("验签序列化bytes: {}", ByteUtils.toHexString(bytesOfCert));
// byte[] digest = HashAlgo.sm3(bytesOfCert);
logger.debug("验签sign: {}", ByteUtils.toHexString(cert.getSignatureValue()));
return publicKey.verify(bytesOfCert, cert.getSignatureValue());
default:
throw new Exception("未定义的签名方法");
@@ -95,13 +94,49 @@ public class CertUtils {
}
// TODO: 证书序列化方法
public static byte[] serialization(TbsCertificate tbsCertificate){
ObjectMapper mapper = new ObjectMapper();
byte[] bytesOfCertJson;
try {
bytesOfCertJson = mapper.writeValueAsBytes(tbsCertificate);
return bytesOfCertJson;
} catch (JsonProcessingException e) {
e.printStackTrace();
}
return new byte[0];
}
public static byte[] serialization(InnerCertificate innerCertificate){
ObjectMapper mapper = new ObjectMapper();
byte[] bytesOfCertJson;
try {
bytesOfCertJson = mapper.writeValueAsBytes(innerCertificate);
return bytesOfCertJson;
} catch (JsonProcessingException e) {
e.printStackTrace();
}
return new byte[0];
}
// TODO: 证书反序列化
public static InnerCertificate deserialization(byte[] bytesOfCert){
return new InnerCertificate();
public static Object deserialization(byte[] bytesOfCert, int typeOfCert){
ObjectMapper mapper = new ObjectMapper();
try {
switch (typeOfCert) {
case Common.TbsCertificate:
TbsCertificate tbsCertificate = mapper.readValue(bytesOfCert, TbsCertificate.class);
return tbsCertificate;
case Common.InnerCertificate:
InnerCertificate innerCertificate = mapper.readValue(bytesOfCert, InnerCertificate.class);
return innerCertificate;
default:
throw new CertException("未知证书类型");
}
} catch (IOException | CertException e) {
e.printStackTrace();
}
return null;
}
}
src/main/java/minsecurity/certificate/cert/Certificate.java
+24 -16
View File
@@ -5,16 +5,16 @@ import minsecurity.crypto.HashAlgo;
import minsecurity.crypto.PrivateKeyInterface;
import minsecurity.crypto.PublicKeyInterface;
import minsecurity.crypto.Sm4;
import minsecurity.crypto.sm2.Sm2PublicKey;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import org.slf4j.LoggerFactory;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.lang.reflect.Array;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.*;
import java.util.Base64;
import static minsecurity.certificate.cert.CertUtils.*;
@@ -28,6 +28,8 @@ import static minsecurity.certificate.cert.CertUtils.*;
* @Copyright: MIN-Group;国家重大科技基础设施——未来网络北大实验室;深圳市信息论与未来网络重点实验室
*/
public class Certificate {
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(Certificate.class);
private int version;
private long serialNumber;
private PublicKeyInterface publicKey;
@@ -174,24 +176,28 @@ public class Certificate {
public void signCert(PrivateKeyInterface priv) throws Exception {
InnerCertificate inner = CertUtils.parseCertToInnerCert(this);
byte[] bytesOfCert = serialization(CertUtils.parseCertToInnerCert(this));
byte[] bytesOfCert = serialization(CertUtils.parseCertToInnerCert(this).getTbsCertificate());
logger.debug("签名序列化bytes: {}", ByteUtils.toHexString(bytesOfCert));
switch (this.signatureAlgorithm){
case Common.SM3withSM2:
// byte[] digest = HashAlgo.sm3(bytesOfCert);
byte[] sign = priv.sign(bytesOfCert);
this.signature = sign;
return;
this.signature = priv.sign(bytesOfCert);
logger.debug("签名sign: {}", ByteUtils.toHexString(this.signature));
// Sm2PublicKey sm2PublicKey = (Sm2PublicKey) this.publicKey;
// logger.debug("临时验签: {}", sm2PublicKey.verify(bytesOfCert, signature));
break;
default:
logger.debug("signAlgo: {}",this.signatureAlgorithm);
throw new Exception("未定义的签名方法");
}
}
public boolean verifyCert(Certificate ca, Certificate sub) throws Exception {
public static boolean verifyCert(Certificate ca, Certificate sub) throws Exception {
InnerCertificate innerCertificate = CertUtils.parseCertToInnerCert(sub);
switch (innerCertificate.getTbsCertificate().getVersion()){
case CertUtils.VERSION1:
boolean isValid = CertUtils.checkDuration(innerCertificate);
logger.debug("有效期内:{}", isValid);
if(!isValid)
return false;
if(sub.isCA()){
@@ -210,7 +216,7 @@ public class Certificate {
}
byte[] bytesOfCert = serialization(CertUtils.parseCertToInnerCert(this));
byte[] ret = new byte[0];
if(passwd.length > 0){
if(passwd != null && passwd.length > 0){
byte[] hashPasswd = HashAlgo.sm3(passwd);
if( hashPasswd.length == 32){
for(int i = 0; i < 16; i++){
@@ -223,10 +229,12 @@ public class Certificate {
switch (symAlgoMode){
case Common.SM4CBC:{
// TODO: PADDING??? IV?????
ret = Sm4.encrypt_CBC_NoPadding(sm4Key, new byte[16],bytesOfCert);
ret = Sm4.encrypt_CBC_Padding(sm4Key, new byte[16],bytesOfCert);
break;
}
case Common.SM4ECB:{
ret = Sm4.encrypt_ECB_NoPadding(sm4Key, bytesOfCert);
ret = Sm4.encrypt_ECB_Padding(sm4Key, bytesOfCert);
break;
}
default:
throw new CertException("未定义的对称加密算法");
@@ -237,13 +245,13 @@ public class Certificate {
return Base64.getEncoder().encodeToString(ret);
}
public Certificate fromPem(String pemString, byte[] passwd, int symAlgoMode) throws CertException, BadPaddingException, NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, NoSuchProviderException, InvalidKeyException {
public static Certificate fromPem(String pemString, byte[] passwd, int symAlgoMode) throws CertException, BadPaddingException, NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, NoSuchProviderException, InvalidKeyException {
if(pemString == null || pemString.equals("")){
throw new CertException("pem串为空");
}
byte[] bytesOfPem = Base64.getDecoder().decode(pemString);
byte[] bytesOfCert = new byte[0];
if(passwd.length > 0){
if(passwd != null && passwd.length > 0){
byte[] hashPasswd = HashAlgo.sm3(passwd);
if( hashPasswd.length == 32){
for(int i = 0; i < 16; i++){
@@ -262,7 +270,7 @@ public class Certificate {
} else {
bytesOfCert = bytesOfPem;
}
InnerCertificate innerCertificate = deserialization(bytesOfCert);
InnerCertificate innerCertificate = (InnerCertificate) deserialization(bytesOfCert, Common.InnerCertificate);
return CertUtils.parseInnerCertToCert(innerCertificate);
}
src/main/java/minsecurity/certificate/cert/InnerCertificate.java
+12
View File
@@ -1,6 +1,9 @@
package minsecurity.certificate.cert;
import minsecurity.Common;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import java.util.Arrays;
/*
* @Author: hongyu guo
@@ -37,4 +40,13 @@ public class InnerCertificate {
public void setSignatureValue(byte[] signatureValue) {
this.signatureValue = signatureValue;
}
@Override
public String toString() {
return "InnerCertificate{" +
"tbsCertificate=" + tbsCertificate.toString() +
", signatureAlgorithm=" + signatureAlgorithm +
", signatureValue=" + ByteUtils.toHexString(signatureValue) +
'}';
}
}
src/main/java/minsecurity/certificate/cert/TbsCertificate.java
+22
View File
@@ -1,6 +1,9 @@
package minsecurity.certificate.cert;
import minsecurity.Common;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import java.util.Arrays;
/*
* @Author: hongyu guo
@@ -142,4 +145,23 @@ public class TbsCertificate {
public void setTimestamp(long timestamp) {
this.timestamp = timestamp;
}
@Override
public String toString() {
return "TbsCertificate{" +
"version=" + version +
", serialNumber=" + serialNumber +
", publicKey=" + ByteUtils.toHexString(publicKey) +
", signatureAlgorithm=" + signatureAlgorithm +
", publicKeyAlgorithm=" + publicKeyAlgorithm +
", issueTo='" + issueTo + '\'' +
", issuer='" + issuer + '\'' +
", notBefore=" + notBefore +
", notAfter=" + notAfter +
", keyUsage=" + keyUsage +
", isCA=" + isCA +
", timestamp=" + timestamp +
'}';
}
}
src/main/java/minsecurity/crypto/PublicKeyUtils.java
+27
View File
@@ -0,0 +1,27 @@
package minsecurity.crypto;
import minsecurity.Common;
import minsecurity.crypto.sm2.Sm2PublicKey;
/*
* @Author: hongyu guo
* @Description:
* @Version: 1.0.0
* @Date: 16:02 2021/03/06
* @Copyright: MIN-Group;国家重大科技基础设施——未来网络北大实验室;深圳市信息论与未来网络重点实验室
*/
public class PublicKeyUtils {
public static PublicKeyInterface unMarshalPublicKey(byte[] bytesOfPublicKey, int algorithm) {
if (bytesOfPublicKey == null || bytesOfPublicKey.length == 0) {
return null;
}
switch (algorithm) {
case Common.SM2:
Sm2PublicKey sm2PublicKey = new Sm2PublicKey();
sm2PublicKey.setBytes(bytesOfPublicKey);
return sm2PublicKey;
default:
return null;
}
}
}
src/main/java/minsecurity/crypto/sm2/Sm2PrivateKey.java
+3 -3
View File
@@ -22,9 +22,9 @@ import java.security.SecureRandom;
*/
public class Sm2PrivateKey implements PrivateKeyInterface {
Sm2PrivateKey(){}
public Sm2PrivateKey(){}
Sm2PrivateKey(byte[] d) {
public Sm2PrivateKey(byte[] d) {
if(d.length == 32 || d.length == 33)
privateKey = new ECPrivateKeyParameters(new BigInteger(d), Sm2Base.DOMAIN_PARAMS);
else {
@@ -35,7 +35,7 @@ public class Sm2PrivateKey implements PrivateKeyInterface {
}
}
}
Sm2PrivateKey(byte[] d, ECDomainParameters parameters){
public Sm2PrivateKey(byte[] d, ECDomainParameters parameters){
if(d.length == 32 || d.length == 33)
privateKey = new ECPrivateKeyParameters(new BigInteger(d), parameters);
else {
src/main/java/util/ByteHelper.java
+2 -2
View File
@@ -1,7 +1,7 @@
package main.java.util;
package util;
import main.java.encoding.VlInt;
import encoding.VlInt;
/*
* @Author: Wang Feng
src/test/java/minsecurity/certificate/cert/TestCert.java
+86
View File
@@ -0,0 +1,86 @@
package minsecurity.certificate.cert;
import minsecurity.Common;
import minsecurity.crypto.sm2.Sm2Base;
import minsecurity.crypto.sm2.Sm2PrivateKey;
import minsecurity.crypto.sm2.Sm2PublicKey;
import minsecurity.crypto.sm2.TestSm2;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.junit.Assert;
import org.junit.Test;
import static org.junit.Assert.*;
import org.slf4j.LoggerFactory;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.security.*;
/*
* @Author: hongyu guo
* @Description:
* @Version: 1.0.0
* @Date: 15:57 2021/03/06
* @Copyright: MIN-Group;国家重大科技基础设施——未来网络北大实验室;深圳市信息论与未来网络重点实验室
*/
public class TestCert {
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(TestCert.class);
@Test
public void testCertSignAndVerify() throws Exception {
AsymmetricCipherKeyPair keyPair = Sm2Base.generateKeyPairParameter();
ECPrivateKeyParameters priKey = (ECPrivateKeyParameters) keyPair.getPrivate();
ECPublicKeyParameters pubKey = (ECPublicKeyParameters) keyPair.getPublic();
byte[] d = priKey.getD().toByteArray();
// d = Arrays.copyOf(d,32);
byte[] x = pubKey.getQ().getAffineXCoord().getEncoded();
byte[] y = pubKey.getQ().getAffineYCoord().getEncoded();
Sm2PrivateKey sm2PrivateKey = new Sm2PrivateKey(d);
Sm2PublicKey sm2PublicKey = new Sm2PublicKey(x,y);
Certificate certificate = new Certificate(1,1,sm2PublicKey,
null, Common.SM3withSM2,Common.SM2,
"issueTo","issuer",System.currentTimeMillis(),
System.currentTimeMillis() + 200, Common.CertSign,
true,System.currentTimeMillis());
certificate.signCert(sm2PrivateKey);
// logger.debug(certificate.toString());
boolean verify = Certificate.verifyCert(certificate, certificate);
assertTrue(verify);
}
@Test
public void testCert2Pem() throws Exception {
AsymmetricCipherKeyPair keyPair = Sm2Base.generateKeyPairParameter();
ECPrivateKeyParameters priKey = (ECPrivateKeyParameters) keyPair.getPrivate();
ECPublicKeyParameters pubKey = (ECPublicKeyParameters) keyPair.getPublic();
byte[] d = priKey.getD().toByteArray();
// d = Arrays.copyOf(d,32);
byte[] x = pubKey.getQ().getAffineXCoord().getEncoded();
byte[] y = pubKey.getQ().getAffineYCoord().getEncoded();
Sm2PrivateKey sm2PrivateKey = new Sm2PrivateKey(d);
Sm2PublicKey sm2PublicKey = new Sm2PublicKey(x,y);
Certificate certificate = new Certificate(1,1,sm2PublicKey,
null, Common.SM3withSM2,Common.SM2,
"issueTo","issuer",System.currentTimeMillis(),
System.currentTimeMillis() + 111111, Common.CertSign,
true,System.currentTimeMillis());
certificate.signCert(sm2PrivateKey);
String pem = certificate.toPem(null,0);
Certificate certFromPem = Certificate.fromPem(pem, null,0);
logger.debug(certFromPem.toString());
assertTrue(Certificate.verifyCert(certFromPem,certFromPem));
String pem2 = certificate.toPem(new byte[]{1,2,3,4,5,6,7,8},Common.SM4ECB);
Certificate certFromPem2 = Certificate.fromPem(pem2, new byte[]{1,2,3,4,5,6,7,8},Common.SM4ECB);
logger.debug(certFromPem.toString());
assertTrue(Certificate.verifyCert(certFromPem2,certFromPem2));
}
}
src/test/java/minsecurity/crypto/TestCert.java → src/test/java/minsecurity/certificate/x509/TestX509.java
+4 -3
View File
@@ -1,4 +1,4 @@
package minsecurity.crypto;
package minsecurity.certificate.x509;
import minsecurity.Common;
import minsecurity.certificate.X509.X509CertMaker;
@@ -31,16 +31,17 @@ import static minsecurity.certificate.X509.X509CertMaker.makeRootCA;
* @Date: 22:55 2021/03/04
* @Copyright: MIN-Group国家重大科技基础设施未来网络北大实验室深圳市信息论与未来网络重点实验室
*/
public class TestCert {
public class TestX509 {
static {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(TestCert.class);
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(TestX509.class);
private static final Provider BC = new BouncyCastleProvider();
@Test
public void testRebuildKeyPair(){
try {
KeyPair rootKP = Sm2Base.generateKeyPair();
X509Certificate rootCA = makeRootCA(rootKP,"CN","MIN",
"MIN-GROUP","MIN ROOT CA",
src/test/java/minsecurity/crypto/sm2/TestSm2.java
+4 -3
View File
@@ -5,6 +5,7 @@ import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import org.junit.Test;
import static org.junit.Assert.*;
import org.slf4j.LoggerFactory;
@@ -88,9 +89,9 @@ public class TestSm2 {
// BigInteger bigInteger = priKey.getD();
Sm2PrivateKey sm2PrivateKey = new Sm2PrivateKey(d);
Sm2PublicKey sm2PublicKey = new Sm2PublicKey(x,y);
String content = "this is hell";
byte[] digest = sm2PrivateKey.sign(content.getBytes());
boolean flag = sm2PublicKey.verify(content.getBytes(), digest);
String content = "7b227462734365727469666963617465223a7b2276657273696f6e223a312c2273657269616c4e756d626572223a312c227075626c69634b6579223a22424a304d7047714e5958706b695879575a4d6e5838776d6b694a51326f576d37336257615932525473706b695058342f37705443666332764e7272596e766c6a644d3448647850537531753272616363506c74485245593d222c227369676e6174757265416c676f726974686d223a302c227075626c69634b6579416c676f726974686d223a302c226973737565546f223a226973737565546f222c22697373756572223a22697373756572222c226e6f744265666f7265223a313631353032303130393339352c226e6f744166746572223a313631353032303130393539352c226b65795573616765223a322c2274696d657374616d70223a313631353032303130393339352c226361223a747275657d2c227369676e6174757265416c676f726974686d223a302c227369676e617475726556616c7565223a6e756c6c7d";
byte[] digest = sm2PrivateKey.sign(ByteUtils.fromHexString(content));
boolean flag = sm2PublicKey.verify(ByteUtils.fromHexString(content), digest);
assertTrue(flag);
}
}