Sunyard/chsm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

证书类接口暂存

Browse Source
This commit is contained in:
yihzhou 2024-12-24 15:47:47 +08:00
parent 81b0ea4c3b
commit 7af2547027
10 changed files with 581 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
chsm-common/src/main/java/com/sunyard/chsm/utils/CertUtil.java Normal file
View File

@ -0,0 +1,74 @@
package com.sunyard.chsm.utils;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.ByteArrayInputStream;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import static com.sunyard.chsm.utils.SydCmsUtil.readContentInfo;
/**
* @author zyh
* @since 2024/12/19
*/
public class CertUtil {
static {
Security.addProvider(new BouncyCastleProvider());
}
public static X509Certificate convertToX509Cert(String certificateString) {
String pemCert;
if(certificateString.contains("-----BEGIN CERTIFICATE-----")){
pemCert =certificateString;
}else {
String cert_begin = "-----BEGIN CERTIFICATE-----\n";
String end_cert = "\n-----END CERTIFICATE-----";
pemCert = cert_begin + certificateString + end_cert;
}
try {
CertificateFactory CF = CertificateFactory.getInstance("X.509", "BC"); // 从证书工厂中获取X.509的单例类
return (X509Certificate) CF.generateCertificate(new ByteArrayInputStream(pemCert.getBytes())); // 将文件流的证书转化为证书类
} catch (CertificateException | NoSuchProviderException e) {
throw new RuntimeException(e);
}
}
public static String getSn(String cert) {
try {
if(cert.contains("-----BEGIN CERTIFICATE-----")){
String[] lines = cert.split("\n");
// 构建新的证书字符串去掉第一行和最后一行
StringBuilder cleanedCertificate = new StringBuilder();
for (int i = 1; i < lines.length - 1; i++) {
cleanedCertificate.append(lines[i]);
}
cert = cleanedCertificate.toString();
}
//从证书中获取sn
Object pkContent = readContentInfo(CodecUtils.decodeBase64(cert));
//逐级从结构体中获取需要的sn
ASN1Sequence pkSeq = ASN1Sequence.getInstance(pkContent);
ASN1Sequence pkSeq0 = (ASN1Sequence) pkSeq.getObjectAt(0).toASN1Primitive();
ASN1Integer sn = (ASN1Integer) pkSeq0.getObjectAt(1).toASN1Primitive();
String serNum = CodecUtils.encodeHex(sn.getEncoded());
//去掉长度
return serNum.substring(4);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}

8
chsm-common/src/main/java/com/sunyard/chsm/utils/DateFormat.java
View File

@ -1,6 +1,8 @@
package com.sunyard.chsm.utils;
import java.text.SimpleDateFormat;
import java.time.format.DateTimeFormatter;
import java.util.Date;
/**
* @author liulu
@ -18,4 +20,10 @@ public abstract class DateFormat {
public static final DateTimeFormatter DATE = DateTimeFormatter.ofPattern(YYYY_MM_DD);
public static final DateTimeFormatter DATE_TIME = DateTimeFormatter.ofPattern(YYYY_MM_DD_HH_MM_SS);
public static String formDate(Date date) {
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
return sdf.format(date);
}
}

140
chsm-common/src/main/java/com/sunyard/chsm/utils/SydCmsUtil.java Normal file
View File

@ -0,0 +1,140 @@
package com.sunyard.chsm.utils;
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSException;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
public class SydCmsUtil {
public static Object readContentInfo(
byte[] input) {
ASN1InputStream is = new ASN1InputStream(input);
Object v = null;
try {
v = is.readObject();
} catch (IOException e) {
e.printStackTrace();
}
return v;
}
public static Map<String, Object> getEncryptedContentInfo(ASN1Encodable obj){
Map<String, Object>map = new HashMap<String, Object>();
ASN1Sequence seq = ASN1Sequence.getInstance(obj );
if (seq.size() < 2)
{
throw new IllegalArgumentException("Truncated Sequence Found");
}
ASN1ObjectIdentifier contentType = (ASN1ObjectIdentifier)seq.getObjectAt(0);
map.put( "contentType", contentType );
AlgorithmIdentifier contentEncryptionAlgorithm = AlgorithmIdentifier.getInstance(
seq.getObjectAt(1));
map.put( "contentEncryptionAlgorithm", contentEncryptionAlgorithm );
if (seq.size() > 2)
{
ASN1OctetString encryptedContent = ASN1OctetString.getInstance(
(ASN1TaggedObject)seq.getObjectAt(2), false);
map.put( "encryptedContent", encryptedContent );
}
return map;
}
public static Map<String, Object> getOriginatorInfo(ASN1TaggedObject obj,
boolean explicit){
Map<String, Object>map = new HashMap<String, Object>();
ASN1Sequence seq = ASN1Sequence.getInstance(obj, explicit);
switch (seq.size())
{
case 0: // empty
break;
case 1:
ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0);
switch (o.getTagNo())
{
case 0 :
ASN1Set certs = ASN1Set.getInstance(o, false);
map.put("certs", certs);
break;
case 1 :
ASN1Set crls = ASN1Set.getInstance(o, false);
map.put("crls", crls);
break;
default:
throw new IllegalArgumentException("Bad tag in OriginatorInfo: " + o.getTagNo());
}
break;
case 2:
ASN1Set certs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(0), false);
map.put("certs", certs);
ASN1Set crls = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(1), false);
map.put("crls", crls);
break;
default:
throw new IllegalArgumentException("OriginatorInfo too big");
}
return map;
}
// public static ContentInfo getContentInfo( byte[] input ) {
// Object content = readContentInfo( input );
// ASN1Sequence seq = ASN1Sequence.getInstance( content );
// return new ContentInfo(seq);
//
// }
public static Map<String, Object> readCmsInfo( byte[] input ) throws CMSException {
Map<String, Object>map = new HashMap<String, Object>();
Object content = readContentInfo( input );
ASN1Sequence seq = ASN1Sequence.getInstance( content );
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) seq.getObjectAt(0);
map.put("oid", oid);
seq = ASN1Sequence.getInstance((ASN1TaggedObject) seq.getObjectAt(1), true);
int index = 0;
ASN1Integer version = (ASN1Integer)seq.getObjectAt(index++);
map.put( "version", version );
Object tmp = seq.getObjectAt(index++);
if (tmp instanceof ASN1TaggedObject)
{
OriginatorInfo originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false);
// Map<String, Object>originatorInfo = getOriginatorInfo((ASN1TaggedObject)tmp, false);
map.put( "originatorInfo", originatorInfo );
tmp = seq.getObjectAt(index++);
}
ASN1Set recipientInfos = ASN1Set.getInstance(tmp);
map.put( "recipientInfos", recipientInfos );
EncryptedContentInfo encryptedContentInfo = EncryptedContentInfo.getInstance( seq.getObjectAt(index++) );
// Map<String, Object> encryptedContentInfo = getEncryptedContentInfo(seq.getObjectAt(index++));
map.put( "encryptedContentInfo", encryptedContentInfo );
if(seq.size() > index)
{
ASN1Set unprotectedAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(index), false);
map.put( "unprotectedAttrs", unprotectedAttrs );
}
return map;
}
}

33
chsm-params/src/main/java/com/sunyard/chsm/param/CertCheckResp.java Normal file
View File

@ -0,0 +1,33 @@
package com.sunyard.chsm.param;
import lombok.Data;
/**
* @author zyh
* @since 2024/12/20
*/
@Data
public class CertCheckResp {
/*
证书有效期
*/
private String NotBefore;
/*
证书过期时间
*/
private String NotAfter;
/*
证书签名
* /
*/
private String Signature;
/*
CRL
*/
private String CRL;
}

37
chsm-params/src/main/java/com/sunyard/chsm/param/CertExinfoResp.java Normal file
View File

@ -0,0 +1,37 @@
package com.sunyard.chsm.param;
import lombok.Data;
/**
* @author zyh
* @since 2024/12/19
*/
@Data
public class CertExinfoResp {
// /*
// 密钥用法
// */
// private String SubjectDN;
/*
签名算法OID
*/
private String SigAlgOID;
/*
证书签名
*/
private String Signature;
// /*
// 证书约束
// */
// private String SubjectType;
}

55
chsm-params/src/main/java/com/sunyard/chsm/param/CertInfoResp.java Normal file
View File

@ -0,0 +1,55 @@
package com.sunyard.chsm.param;
import lombok.Data;
/**
* @author zyh
* @since 2024/12/19
*/
@Data
public class CertInfoResp {
/*
证书主题
*/
private String SubjectDN;
/*
证书颁发者
*/
private String IssuerDN;
/*
证书序列号
*/
private String SerialNumber;
/*
证书有效期
*/
private String NotBefore;
/*
证书过期时间
*/
private String NotAfter;
/*
证书签名算法
*/
private String SigAlgName;
/*
证书公钥 hex格式
*/
private String PublicKey;
/*
证书版本
*/
private int Version;
}

6
chsm-web-server/pom.xml
View File

@ -25,6 +25,12 @@
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.sunyard.chsm</groupId>
<artifactId>chsm-web-manage</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.dm</groupId>
<artifactId>DmJdbcDriver</artifactId>

93
chsm-web-server/src/main/java/com/sunyard/chsm/controller/CertController.java Normal file
View File

@ -0,0 +1,93 @@
package com.sunyard.chsm.controller;
import com.sunyard.chsm.constant.AuditLogConst;
import com.sunyard.chsm.model.R;
import com.sunyard.chsm.model.dto.CertDTO;
import com.sunyard.chsm.param.*;
import com.sunyard.chsm.service.AppCertService;
import com.sunyard.chsm.service.CertService;
import com.sunyard.ssp.common.annotation.AuditControllerLog;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import javax.validation.Valid;
/**
* 证书管理类接口
*
*/
@RestController
@RequestMapping("/cert")
public class CertController {
@Resource
private AppCertService appCertService;
@Resource
private CertService certService;
/**
* 获取证书信息
*
* @param certString 证书内容
*/
@GetMapping ("/info")
public R<CertInfoResp> getCertInfo(@RequestParam String certString) {
CertInfoResp certInfo = certService.getCertInfo(certString);
return R.data(certInfo);
}
/**
* 获取证书拓展信息
*
* @param certString 证书内容
*/
@GetMapping ("/exinfo")
public R<CertExinfoResp> getCertExinfo(@RequestParam String certString) {
CertExinfoResp certExinfo = certService.getCertExinfo(certString);
return R.data(certExinfo);
}
/**
* 验证证书
*
* @param certString 证书内容
*/
@GetMapping ("/check")
public R<Boolean> certCheck(@RequestParam String certString) {
Boolean res = certService.checkCert(certString);
return R.data(res);
}
/**
* 导入证书
*
* @param importCert 证书
*/
@GetMapping ("/import")
public R<Void> importCert(@Valid @RequestBody CertDTO.ImportCert importCert) {
appCertService.importCert(importCert);
return R.ok();
}
/**
* 删除证书
*
* @param id id
* @return void
*/
@DeleteMapping
@AuditControllerLog(description = "删除证书", operateType = AuditLogConst.DELETE)
public R<Void> delete(Long id) {
appCertService.delete(id);
return R.ok();
}
}

62
chsm-web-server/src/main/java/com/sunyard/chsm/service/CertService.java Normal file
View File

@ -0,0 +1,62 @@
package com.sunyard.chsm.service;
import com.sunyard.chsm.param.CertCheckResp;
import com.sunyard.chsm.param.CertExinfoResp;
import com.sunyard.chsm.param.CertInfoResp;
import com.sunyard.chsm.utils.CertUtil;
import com.sunyard.chsm.utils.CodecUtils;
import com.sunyard.chsm.utils.DateFormat;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
@Service
@RequiredArgsConstructor
public class CertService {
public CertInfoResp getCertInfo(String certString){
X509Certificate x509Certificate = CertUtil.convertToX509Cert(certString);
CertInfoResp certInfo = new CertInfoResp();
certInfo.setIssuerDN(x509Certificate.getIssuerDN().toString());
certInfo.setSubjectDN(x509Certificate.getSubjectDN().toString());
certInfo.setSerialNumber(CertUtil.getSn(certString));
certInfo.setSigAlgName(x509Certificate.getSigAlgName());
certInfo.setVersion(x509Certificate.getVersion());
certInfo.setNotAfter(DateFormat.formDate(x509Certificate.getNotAfter()));
certInfo.setNotBefore(DateFormat.formDate(x509Certificate.getNotBefore()));
certInfo.setPublicKey(CodecUtils.encodeHex(x509Certificate.getPublicKey().getEncoded()));
return certInfo;
}
public CertExinfoResp getCertExinfo(String certString){
X509Certificate x509Certificate = CertUtil.convertToX509Cert(certString);
CertExinfoResp certExinfo = new CertExinfoResp();
certExinfo.setSigAlgOID(x509Certificate.getSigAlgOID());
certExinfo.setSignature(CodecUtils.encodeBase64(x509Certificate.getSignature()));
return certExinfo;
}
public Boolean checkCert(String certString){
X509Certificate x509Certificate = CertUtil.convertToX509Cert(certString);
CertCheckResp certCheck = new CertCheckResp();
certCheck.setNotAfter(DateFormat.formDate(x509Certificate.getNotAfter()));
certCheck.setNotBefore(DateFormat.formDate(x509Certificate.getNotBefore()));
certCheck.setSignature(CodecUtils.encodeBase64(x509Certificate.getSignature()));
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
Date dt = new Date();
String nowTime = sdf.format(dt);
boolean after = Integer.parseInt(nowTime) < Integer.parseInt(certCheck.getNotAfter());
boolean before = Integer.parseInt(nowTime) > Integer.parseInt(certCheck.getNotBefore());
return after && before;
}
}

73
chsm-web-server/src/test/java/api/TestCert.java Normal file
View File

@ -0,0 +1,73 @@
package api;
/**
* @author zyh
* @since 2024/12/19
*/
import com.sunyard.chsm.utils.CertUtil;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.junit.jupiter.api.Test;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
public class TestCert {
@Test
public void test1() throws CertificateParsingException, CertificateEncodingException {
String cert = "-----BEGIN CERTIFICATE-----\n" +
"MIIE+DCCA+CgAwIBAgIQXQbkqDIONNM6NOW9uz38tDANBgkqhkiG9w0BAQsFADAz\n" +
"MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxETAPBgNVBAMMCFNIRUNB\n" +
"IEcyMB4XDTIwMTAxMzA3NTgxM1oXDTIzMTAxMzE1NTk1OVowgdQxOTA3BgNVBAMM\n" +
"MOa1i+ivleW5v+WPkemTtuihjOiCoeS7veaciemZkOWFrOWPuOS4iua1t+WIhuih\n" +
"jDEzMDEGA1UECwwq5bm/5Y+R6ZO26KGM6IKh5Lu95pyJ6ZmQ5YWs5Y+45LiK5rW3\n" +
"5YiG6KGMMTMwMQYDVQQKDCrlub/lj5Hpk7booYzogqHku73mnInpmZDlhazlj7jk\n" +
"uIrmtbfliIbooYwxDzANBgNVBAcMBuS4iua1tzEPMA0GA1UECAwG5LiK5rW3MQsw\n" +
"CQYDVQQGEwJDTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRgbK63\n" +
"ZyrEmDkxgiwBZXjFp5KQAsqMKBGzORKDQ88I+hW6nKLMglbWTyfd26pPWoSy3TFs\n" +
"JN1HrBHkyfcKoYQ8KKN4bnH7hRrXV2LBBIPZdM6Tq3IHnTLg9KszCi1+Do/A7HQz\n" +
"yr9Rz0RyUkm7KnCt7dfGQKMfPGBGdabMY3HUs/kwGwVQG9KqyEu+wUGXP6nuty8A\n" +
"uI9u2OcUjPpfHcrH3gXwsFeiUUBt0/gEQX1UcTLaUYMcW67p5DQxi/pA3BGtbWvj\n" +
"yiAzIRyYcQgJpg0Ve0bI8nGqbdb1JDR3Spz1B90YOIIQ89oKfOLlkS3TUlJaTY2Q\n" +
"guQ8CrY4zMYsfI0CAwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFFaI3uMYQ4K3cqQm\n" +
"60SpYtCHxKwmMB0GA1UdDgQWBBRaOJdZxE5Q26SKcgRiQWdqkb8xlzAOBgNVHQ8B\n" +
"Af8EBAMCBsAwFAYDVR0lBA0wCwYJKoZIhvcvAQEFMCIGA1UdIAQbMBkwCgYIKoEc\n" +
"hu86AQMwCwYJKoEchu86AQIEMAwGA1UdEwEB/wQCMAAwfQYIKwYBBQUHAQEEcTBv\n" +
"MDgGCCsGAQUFBzABhixodHRwOi8vb2NzcDMuc2hlY2EuY29tL29jc3Avc2hlY2Ev\n" +
"c2hlY2Eub2NzcDAzBggrBgEFBQcwAoYnaHR0cDovL2xkYXAyLnNoZWNhLmNvbS9y\n" +
"b290L3NoZWNhZzIuZGVyMEcGA1UdHwRAMD4wPKA6oDiGNmh0dHA6Ly9sZGFwMi5z\n" +
"aGVjYS5jb20vQ0EyMDAxMS9SQTEyMDUwMTAwL0NSTDYzOTMyLmNybDANBgkqhkiG\n" +
"9w0BAQsFAAOCAQEAszG0ZWsZIylM3sPUKh1et2PIZtJ5jU4P4s8AwZAZEwuUpfay\n" +
"C6gJvfSqY4i6XQ+w2RVGKZFfq0oq23Sxv+jzzhuvL0bOyOzaVzS0pZwhBZ0ggfd7\n" +
"DY8irQ6CbKKp/ngE0vDILi00N/BujfFRQlg5Whr5i81wSBqXwry+EcVUa5t06ns/\n" +
"x545wQBnHNGrMtAaACFtjQiXdBfI02sEEd8uzdgMQn6FLxXuHFHbUF4VAue1TL5f\n" +
"UPNsAHFkqrdDDP5Ou7Dk2dE/5bti53wH1qQMbtTsdVp91Z9hzVAlw+WR3Ton7G1W\n" +
"S01olvhEUw9Bj7GhohZjFpzwcwwo7AQxA2aGFA==\n" +
"-----END CERTIFICATE-----\n";
X509Certificate x509Certificate = CertUtil.convertToX509Cert(cert);
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
Date dt = new Date();
String startTime = sdf.format(dt);
System.out.println(startTime);
}
}