/**
   * Extracts the <tt>PublicKey</tt> from the provided CSR.
   *
   * <p>This method will throw a {@link RuntimeException} if the JRE is missing the RSA algorithm,
   * which is a required algorithm as defined by the JCA.
   *
   * @param csr the CSR to extract from.
   * @return the extracted <tt>PublicKey</tt>
   * @throws InvalidKeySpecException if the CSR is not using an RSA key.
   * @throws IOException if there is an error extracting the <tt>PublicKey</tt> parameters.
   */
  public static PublicKey getPublicKey(final PKCS10CertificationRequest csr)
      throws InvalidKeySpecException, IOException {
    SubjectPublicKeyInfo pubKeyInfo = csr.getSubjectPublicKeyInfo();
    RSAKeyParameters keyParams = (RSAKeyParameters) PublicKeyFactory.createKey(pubKeyInfo);
    KeySpec keySpec = new RSAPublicKeySpec(keyParams.getModulus(), keyParams.getExponent());

    KeyFactory kf;
    try {
      kf = KeyFactory.getInstance("RSA");
    } catch (NoSuchAlgorithmException e) {
      throw new RuntimeException(e);
    }
    return kf.generatePublic(keySpec);
  }
  public boolean EncryptMsg(String TobeEncrypted, String CertFile) throws Exception {
    reset();

    byte[] plain = TobeEncrypted.getBytes(encoding);
    byte[] iv = "12345678".getBytes(encoding);

    RSAKeyParameters rsaParams = null;
    rsaParams = getRSAKeyParameters(CertFile);

    BigInteger mod = rsaParams.getModulus();

    int keylen = mod.bitLength() / 8;
    if (plain.length > keylen - 11) {
      SecureRandom securerandom = new SecureRandom();
      DESedeKeyGenerator desedeKeyGenerator = new DESedeKeyGenerator();
      desedeKeyGenerator.init(new KeyGenerationParameters(securerandom, 192));
      byte[] key = desedeKeyGenerator.generateKey();
      if (key.length != 24) {
        throw new Exception("密钥长度不为24,加密失败");
      }

      byte[] encryptedPlain = new byte[plain.length];
      DESedeEngine desede = new DESedeEngine();
      BufferedBlockCipher bufferedBlockCipher =
          new BufferedBlockCipher(new OFBBlockCipher(desede, 8 * desede.getBlockSize()));
      CipherParameters desedeParams = new ParametersWithIV(new DESedeParameters(key), iv);
      bufferedBlockCipher.init(true, desedeParams);
      int outOff = bufferedBlockCipher.processBytes(plain, 0, plain.length, encryptedPlain, 0);
      bufferedBlockCipher.doFinal(encryptedPlain, outOff);
      byte[] encryptedKey = (byte[]) null;
      AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine());
      rsa.init(true, rsaParams);
      encryptedKey = rsa.processBlock(key, 0, key.length);
      this.lastResult =
          new String(Hex.encode(iv))
              + new String(Hex.encode(encryptedKey))
              + new String(Hex.encode(encryptedPlain));
    } else {
      byte[] encrypted = (byte[]) null;
      AsymmetricBlockCipher rsa = new PKCS1Encoding(new RSAEngine());
      rsa.init(true, rsaParams);
      encrypted = rsa.processBlock(plain, 0, plain.length);
      this.lastResult = new String(Hex.encode(encrypted));
    }

    return true;
  }
Пример #3
0
  public void init(boolean forSigning, CipherParameters param) {
    RSAKeyParameters kParam = (RSAKeyParameters) param;

    cipher.init(forSigning, kParam);

    keyBits = kParam.getModulus().bitLength();

    block = new byte[(keyBits + 7) / 8];

    if (trailer == TRAILER_IMPLICIT) {
      mBuf = new byte[block.length - digest.getDigestSize() - 2];
    } else {
      mBuf = new byte[block.length - digest.getDigestSize() - 3];
    }

    reset();
  }
Пример #4
0
  public byte[] encodeKey(CipherParameters key) {
    if (!(key instanceof RSAKeyParameters)) {
      return null;
    }

    if (((RSAKeyParameters) key).isPrivate()) {
      return null;
    }

    RSAKeyParameters rsaKey = (RSAKeyParameters) key;

    ASN1EncodableVector encodable = new ASN1EncodableVector();
    encodable.add(new ASN1Integer(rsaKey.getModulus()));
    encodable.add(new ASN1Integer(rsaKey.getExponent()));

    return KeyUtil.getEncodedSubjectPublicKeyInfo(
        new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()),
        new DERSequence(encodable));
  }
  public static void testGenP12() throws Exception {

    String rootCerBase64 =
        "MIIDvTCCAqWgAwIBAgIEEioP6zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC"
            + "Q04xETAPBgNVBAgTCHNoYW5naGFpMREwDwYDVQQHEwhzaGFuZ2hhaTEzMDEGA1UE"
            + "Cgwq5LiK5rW36YeR6bm/6YeR6J6N5L+h5oGv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4MQsw"
            + "CQYDVQQLEwJJVDEXMBUGA1UEAxMOb3Blbi5qbGZleC5jb20wHhcNMTQwODIxMDM0"
            + "NTQ5WhcNMjQwODE4MDM0NTQ5WjCBjjELMAkGA1UEBhMCQ04xETAPBgNVBAgTCHNo"
            + "YW5naGFpMREwDwYDVQQHEwhzaGFuZ2hhaTEzMDEGA1UECgwq5LiK5rW36YeR6bm/"
            + "6YeR6J6N5L+h5oGv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4MQswCQYDVQQLEwJJVDEXMBUG"
            + "A1UEAxMOb3Blbi5qbGZleC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK"
            + "AoIBAQCQ4q4Yh8EPHbAP+BMiystXOEV56OE+IUwxSS7fRZ3ZrIEPImpnCiAe1txZ"
            + "vk0Lgv8ZWqrj4ErOT5FoOWfQW6Vva1DOXknCzFbypJMjqVnIS1/OwB64sYg4naLc"
            + "mM95GAHtEv9qxIWLbPhoLShz54znRNbM7mZJyT4BwLhKuKmfdo3UEuXvcoUFLN2l"
            + "f2wiTNmgMgpxcnCsWAx2nJaonPGCVXeQu0PXCVmCTyUUCWdT7P1io5yEpuRP/Dac"
            + "//g7Em8rkulgeO7e3gnEbrgrczsr2H1KJLTBjQmyWeWZg7LRYML6oHODrrDb0x++"
            + "yDT01p2BJHlvw/UzJq3I/CCci0lFAgMBAAGjITAfMB0GA1UdDgQWBBS1Lo57VqvU"
            + "BnfyJu51JO9csLJenjANBgkqhkiG9w0BAQsFAAOCAQEACcfPaVl5PIkBZ6cXyHuj"
            + "rJZkZH7Koqhx12DNeCoohdQkRda/gWeHVPsO7snK63sFhoY08OGVgvTRhgzwSBxJ"
            + "cx9GkCyojfHo5xZoOlSQ01PygyScd42DlseNiwXZGBfoxacLEYkIP6OXrDa+wNAP"
            + "gHnLI+37tzkafoPT0xoV/E9thvUUKX1jSIL5UCoGuso6FWLiZgDxD8wKgd22FcYo"
            + "T7B7DHG4R+0rgav81J9xjgOR3ayvNrb86iVvVBmrIiM7Gc2hf5PMiiAOaISST2cJ"
            + "x90X7TUA/f0qrYKveTvkRT77nLfzHV1a+PTS7PwkCXUt/NRm4VwseyGIgQ4FXH6W"
            + "zw==";

    // 解析root CA 证书
    X509Certificate rootcaCertificate =
        CertificateCoder.getX509Certificate(Base64.decodeBase64(rootCerBase64));
    // 解析root CA 私钥
    String rootcaDer = FileUtils.readFileToString(new File("d:\\rootcakey.pem"), "UTF-8");
    PrivateKey rootcaPrivateKey = PKCSCertificateCoder.getPrivateKeyFromPem(rootcaDer, "");
    System.out.println(rootcaPrivateKey);

    // 1.生成用户密钥对
    Security.addProvider(new BouncyCastleProvider());
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC");
    kpg.initialize(2048);
    KeyPair kp = kpg.genKeyPair();

    // 2.生成用户证书请求
    PKCS10CertificationRequest p10 = genPKCS10(kp);
    SubjectPublicKeyInfo subPublicKeyInfo = p10.getSubjectPublicKeyInfo();
    RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(subPublicKeyInfo);
    RSAPublicKeySpec rsaSpec = new RSAPublicKeySpec(rsa.getModulus(), rsa.getExponent());
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PublicKey publicKey = kf.generatePublic(rsaSpec);

    // 3.生成用户证书
    X509Certificate clientCertificate =
        buildEndEntityCert(publicKey, rootcaPrivateKey, rootcaCertificate);
    FileUtils.writeByteArrayToFile(new File("d:\\client.cer"), clientCertificate.getEncoded());

    // 4.生成用户p12文件
    storeP12(
        kp,
        new X509Certificate[] {clientCertificate, rootcaCertificate},
        "d:\\client.p12",
        "123456");

    FileOutputStream fos = new FileOutputStream(new File("d:\\client1.p12"));
    X509Certificate[] chain =
        new X509Certificate[] {rootcaCertificate, clientCertificate, clientCertificate};
    genPKCS12File(fos, kp.getPrivate(), chain);
  }