/**
* Extracts the <tt>PublicKey</tt> from the provided CSR.
*
* <p>This method will throw a {@link RuntimeException} if the JRE is missing the RSA algorithm,
* which is a required algorithm as defined by the JCA.
*
* @param csr the CSR to extract from.
* @return the extracted <tt>PublicKey</tt>
* @throws InvalidKeySpecException if the CSR is not using an RSA key.
* @throws IOException if there is an error extracting the <tt>PublicKey</tt> parameters.
*/
public static PublicKey getPublicKey(final PKCS10CertificationRequest csr)
throws InvalidKeySpecException, IOException {
SubjectPublicKeyInfo pubKeyInfo = csr.getSubjectPublicKeyInfo();
RSAKeyParameters keyParams = (RSAKeyParameters) PublicKeyFactory.createKey(pubKeyInfo);
KeySpec keySpec = new RSAPublicKeySpec(keyParams.getModulus(), keyParams.getExponent());
KeyFactory kf;
try {
kf = KeyFactory.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
return kf.generatePublic(keySpec);
}
public boolean EncryptMsg(String TobeEncrypted, String CertFile) throws Exception {
reset();
byte[] plain = TobeEncrypted.getBytes(encoding);
byte[] iv = "12345678".getBytes(encoding);
RSAKeyParameters rsaParams = null;
rsaParams = getRSAKeyParameters(CertFile);
BigInteger mod = rsaParams.getModulus();
int keylen = mod.bitLength() / 8;
if (plain.length > keylen - 11) {
SecureRandom securerandom = new SecureRandom();
DESedeKeyGenerator desedeKeyGenerator = new DESedeKeyGenerator();
desedeKeyGenerator.init(new KeyGenerationParameters(securerandom, 192));
byte[] key = desedeKeyGenerator.generateKey();
if (key.length != 24) {
throw new Exception("密钥长度不为24,加密失败");
}
byte[] encryptedPlain = new byte[plain.length];
DESedeEngine desede = new DESedeEngine();
BufferedBlockCipher bufferedBlockCipher =
new BufferedBlockCipher(new OFBBlockCipher(desede, 8 * desede.getBlockSize()));
CipherParameters desedeParams = new ParametersWithIV(new DESedeParameters(key), iv);
bufferedBlockCipher.init(true, desedeParams);
int outOff = bufferedBlockCipher.processBytes(plain, 0, plain.length, encryptedPlain, 0);
bufferedBlockCipher.doFinal(encryptedPlain, outOff);
byte[] encryptedKey = (byte[]) null;
AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine());
rsa.init(true, rsaParams);
encryptedKey = rsa.processBlock(key, 0, key.length);
this.lastResult =
new String(Hex.encode(iv))
+ new String(Hex.encode(encryptedKey))
+ new String(Hex.encode(encryptedPlain));
} else {
byte[] encrypted = (byte[]) null;
AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine());
rsa.init(true, rsaParams);
encrypted = rsa.processBlock(plain, 0, plain.length);
this.lastResult = new String(Hex.encode(encrypted));
}
return true;
}
public void init(boolean forSigning, CipherParameters param) {
RSAKeyParameters kParam = (RSAKeyParameters) param;
cipher.init(forSigning, kParam);
keyBits = kParam.getModulus().bitLength();
block = new byte[(keyBits + 7) / 8];
if (trailer == TRAILER_IMPLICIT) {
mBuf = new byte[block.length - digest.getDigestSize() - 2];
} else {
mBuf = new byte[block.length - digest.getDigestSize() - 3];
}
reset();
}
public byte[] encodeKey(CipherParameters key) {
if (!(key instanceof RSAKeyParameters)) {
return null;
}
if (((RSAKeyParameters) key).isPrivate()) {
return null;
}
RSAKeyParameters rsaKey = (RSAKeyParameters) key;
ASN1EncodableVector encodable = new ASN1EncodableVector();
encodable.add(new ASN1Integer(rsaKey.getModulus()));
encodable.add(new ASN1Integer(rsaKey.getExponent()));
return KeyUtil.getEncodedSubjectPublicKeyInfo(
new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()),
new DERSequence(encodable));
}
public static void testGenP12() throws Exception {
String rootCerBase64 =
"MIIDvTCCAqWgAwIBAgIEEioP6zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC"
+ "Q04xETAPBgNVBAgTCHNoYW5naGFpMREwDwYDVQQHEwhzaGFuZ2hhaTEzMDEGA1UE"
+ "Cgwq5LiK5rW36YeR6bm/6YeR6J6N5L+h5oGv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4MQsw"
+ "CQYDVQQLEwJJVDEXMBUGA1UEAxMOb3Blbi5qbGZleC5jb20wHhcNMTQwODIxMDM0"
+ "NTQ5WhcNMjQwODE4MDM0NTQ5WjCBjjELMAkGA1UEBhMCQ04xETAPBgNVBAgTCHNo"
+ "YW5naGFpMREwDwYDVQQHEwhzaGFuZ2hhaTEzMDEGA1UECgwq5LiK5rW36YeR6bm/"
+ "6YeR6J6N5L+h5oGv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4MQswCQYDVQQLEwJJVDEXMBUG"
+ "A1UEAxMOb3Blbi5qbGZleC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK"
+ "AoIBAQCQ4q4Yh8EPHbAP+BMiystXOEV56OE+IUwxSS7fRZ3ZrIEPImpnCiAe1txZ"
+ "vk0Lgv8ZWqrj4ErOT5FoOWfQW6Vva1DOXknCzFbypJMjqVnIS1/OwB64sYg4naLc"
+ "mM95GAHtEv9qxIWLbPhoLShz54znRNbM7mZJyT4BwLhKuKmfdo3UEuXvcoUFLN2l"
+ "f2wiTNmgMgpxcnCsWAx2nJaonPGCVXeQu0PXCVmCTyUUCWdT7P1io5yEpuRP/Dac"
+ "//g7Em8rkulgeO7e3gnEbrgrczsr2H1KJLTBjQmyWeWZg7LRYML6oHODrrDb0x++"
+ "yDT01p2BJHlvw/UzJq3I/CCci0lFAgMBAAGjITAfMB0GA1UdDgQWBBS1Lo57VqvU"
+ "BnfyJu51JO9csLJenjANBgkqhkiG9w0BAQsFAAOCAQEACcfPaVl5PIkBZ6cXyHuj"
+ "rJZkZH7Koqhx12DNeCoohdQkRda/gWeHVPsO7snK63sFhoY08OGVgvTRhgzwSBxJ"
+ "cx9GkCyojfHo5xZoOlSQ01PygyScd42DlseNiwXZGBfoxacLEYkIP6OXrDa+wNAP"
+ "gHnLI+37tzkafoPT0xoV/E9thvUUKX1jSIL5UCoGuso6FWLiZgDxD8wKgd22FcYo"
+ "T7B7DHG4R+0rgav81J9xjgOR3ayvNrb86iVvVBmrIiM7Gc2hf5PMiiAOaISST2cJ"
+ "x90X7TUA/f0qrYKveTvkRT77nLfzHV1a+PTS7PwkCXUt/NRm4VwseyGIgQ4FXH6W"
+ "zw==";
// 解析root CA 证书
X509Certificate rootcaCertificate =
CertificateCoder.getX509Certificate(Base64.decodeBase64(rootCerBase64));
// 解析root CA 私钥
String rootcaDer = FileUtils.readFileToString(new File("d:\\rootcakey.pem"), "UTF-8");
PrivateKey rootcaPrivateKey = PKCSCertificateCoder.getPrivateKeyFromPem(rootcaDer, "");
System.out.println(rootcaPrivateKey);
// 1.生成用户密钥对
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
kpg.initialize(2048);
KeyPair kp = kpg.genKeyPair();
// 2.生成用户证书请求
PKCS10CertificationRequest p10 = genPKCS10(kp);
SubjectPublicKeyInfo subPublicKeyInfo = p10.getSubjectPublicKeyInfo();
RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(subPublicKeyInfo);
RSAPublicKeySpec rsaSpec = new RSAPublicKeySpec(rsa.getModulus(), rsa.getExponent());
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey publicKey = kf.generatePublic(rsaSpec);
// 3.生成用户证书
X509Certificate clientCertificate =
buildEndEntityCert(publicKey, rootcaPrivateKey, rootcaCertificate);
FileUtils.writeByteArrayToFile(new File("d:\\client.cer"), clientCertificate.getEncoded());
// 4.生成用户p12文件
storeP12(
kp,
new X509Certificate[] {clientCertificate, rootcaCertificate},
"d:\\client.p12",
"123456");
FileOutputStream fos = new FileOutputStream(new File("d:\\client1.p12"));
X509Certificate[] chain =
new X509Certificate[] {rootcaCertificate, clientCertificate, clientCertificate};
genPKCS12File(fos, kp.getPrivate(), chain);
}