非对称运算
This commit is contained in:
liulu
parent
6cdf222def
commit
b6fc524b3f
@ -85,7 +85,7 @@ public class ApplicationServiceImpl implements ApplicationService {
|
||||
BeanUtils.copyProperties(it, view);
|
||||
List<Long> sIds = appServiceMap.getOrDefault(it.getId(), Collections.emptyList());
|
||||
view.setServiceIds(sIds.stream().map(String::valueOf).collect(Collectors.toList()));
|
||||
view.setWhiteIps(appIpMap.get(it.getId()));
|
||||
view.setWhiteIps(appIpMap.getOrDefault(it.getId(), Collections.singletonList("")));
|
||||
String sn = sIds.stream()
|
||||
.map(snMap::get)
|
||||
.filter(Objects::nonNull)
|
||||
|
||||
@ -23,32 +23,26 @@ import lombok.extern.slf4j.Slf4j;
|
||||
import org.bouncycastle.asn1.*;
|
||||
import org.bouncycastle.asn1.cms.*;
|
||||
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
|
||||
import org.bouncycastle.asn1.pkcs.ContentInfo;
|
||||
import org.bouncycastle.asn1.pkcs.SignedData;
|
||||
import org.bouncycastle.asn1.pkcs.SignerInfo;
|
||||
import org.bouncycastle.asn1.x500.X500Name;
|
||||
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
|
||||
import org.bouncycastle.cert.X509CertificateHolder;
|
||||
import org.bouncycastle.cert.jcajce.JcaCertStore;
|
||||
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
||||
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
|
||||
import org.bouncycastle.cms.*;
|
||||
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
|
||||
import org.bouncycastle.cms.CMSProcessableByteArray;
|
||||
import org.bouncycastle.cms.CMSTypedData;
|
||||
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.operator.*;
|
||||
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
|
||||
import org.bouncycastle.util.Store;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.cert.CertificateEncodingException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
|
||||
/**
|
||||
* @author liulu
|
||||
@ -171,6 +165,7 @@ public class AsymKeyService {
|
||||
return resp;
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
public AsymSignP7Resp signP7Attach(AsymSignP7Req req) {
|
||||
byte[] plainData = CodecUtils.decodeBase64(req.getPlainData());
|
||||
AppCert appCert = appCertMapper.selectSignBySubject(req.getSubject());
|
||||
@ -179,9 +174,11 @@ public class AsymKeyService {
|
||||
byte[] encPri = CodecUtils.decodeHex(appCert.getEncPriKey());
|
||||
byte[] pri = sdfApiService.decryptByTMK(encPri);
|
||||
|
||||
byte[] asymSignP7Resp = p7Sign(pri, appCert.getCertText(), plainData, true);
|
||||
SignedData signedData = p7Sign(pri, appCert.getCertText(), plainData, true);
|
||||
ContentInfo contentInfo = new ContentInfo(Signed_Data, signedData);
|
||||
|
||||
AsymSignP7Resp resp = new AsymSignP7Resp();
|
||||
resp.setSignData(CodecUtils.encodeBase64(asymSignP7Resp));
|
||||
resp.setSignData(CodecUtils.encodeBase64(contentInfo.getEncoded()));
|
||||
return resp;
|
||||
}
|
||||
|
||||
@ -192,6 +189,7 @@ public class AsymKeyService {
|
||||
verify = p7Verify(signData, null);
|
||||
|
||||
} catch (Exception e) {
|
||||
log.warn("", e);
|
||||
verify = false;
|
||||
}
|
||||
VerifyResp resp = new VerifyResp();
|
||||
@ -199,6 +197,7 @@ public class AsymKeyService {
|
||||
return resp;
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
public AsymSignP7Resp signP7Detach(AsymSignP7Req req) {
|
||||
byte[] plainData = CodecUtils.decodeBase64(req.getPlainData());
|
||||
AppCert appCert = appCertMapper.selectSignBySubject(req.getSubject());
|
||||
@ -207,9 +206,10 @@ public class AsymKeyService {
|
||||
byte[] encPri = CodecUtils.decodeHex(appCert.getEncPriKey());
|
||||
byte[] pri = sdfApiService.decryptByTMK(encPri);
|
||||
|
||||
byte[] asymSignP7Resp = p7Sign(pri, appCert.getCertText(), plainData, false);
|
||||
SignedData signedData = p7Sign(pri, appCert.getCertText(), plainData, false);
|
||||
ContentInfo contentInfo = new ContentInfo(Signed_Data, signedData);
|
||||
AsymSignP7Resp resp = new AsymSignP7Resp();
|
||||
resp.setSignData(CodecUtils.encodeBase64(asymSignP7Resp));
|
||||
resp.setSignData(CodecUtils.encodeBase64(contentInfo.getEncoded()));
|
||||
return resp;
|
||||
}
|
||||
|
||||
@ -229,132 +229,79 @@ public class AsymKeyService {
|
||||
return resp;
|
||||
}
|
||||
|
||||
private byte[] p7Sign(byte[] pri, String cert, byte[] plainData, boolean encapsulate) {
|
||||
private static final ASN1ObjectIdentifier Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.1");
|
||||
private static final ASN1ObjectIdentifier Signed_Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.2");
|
||||
private static final ASN1ObjectIdentifier Enveloped_Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.3");
|
||||
private static final ASN1ObjectIdentifier Signed_Enveloped_Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.4");
|
||||
|
||||
private SignedData p7Sign(byte[] pri, String cert, byte[] plainData, boolean encapsulate) {
|
||||
try {
|
||||
X509Certificate x509Cert = BCSM2CertUtils.getX509Cert(cert);
|
||||
// 构造签名内容
|
||||
CMSTypedData cmsData = new CMSProcessableByteArray(plainData);
|
||||
X500Name x500Name = X500Name.getInstance(x509Cert.getIssuerX500Principal().getEncoded());
|
||||
EccSignature signature = sdfApiService.externalSignWithIdECC(pri, plainData, null);
|
||||
SignerInfo signerInfo = new SignerInfo(
|
||||
new ASN1Integer(1),
|
||||
new org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber(x500Name, x509Cert.getSerialNumber()),
|
||||
new AlgorithmIdentifier(GMObjectIdentifiers.sm3),
|
||||
null,
|
||||
new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign),
|
||||
new DEROctetString(signature.getDerSignBytes()),
|
||||
null
|
||||
);
|
||||
|
||||
ContentSigner signer = new ContentSigner() {
|
||||
private final ByteArrayOutputStream stream = new ByteArrayOutputStream();
|
||||
ContentInfo plainContent = new ContentInfo(Data, encapsulate ? new DEROctetString(plainData) : null);
|
||||
|
||||
@Override
|
||||
public AlgorithmIdentifier getAlgorithmIdentifier() {
|
||||
return new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3);
|
||||
}
|
||||
|
||||
@Override
|
||||
public OutputStream getOutputStream() {
|
||||
return stream;
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] getSignature() {
|
||||
EccSignature signature = sdfApiService.externalSignWithIdECC(pri, stream.toByteArray(), null);
|
||||
return signature.getDerSignBytes();
|
||||
}
|
||||
};
|
||||
|
||||
// 生成签名者信息
|
||||
SignerInfoGenerator signerInfoGenerator = new JcaSignerInfoGeneratorBuilder(
|
||||
new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()
|
||||
).build(signer, x509Cert);
|
||||
// 构建 CMS Signed Data
|
||||
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
|
||||
generator.addSignerInfoGenerator(signerInfoGenerator);
|
||||
generator.addCertificates(new JcaCertStore(Collections.singletonList(x509Cert)));
|
||||
CMSSignedData signedData = generator.generate(cmsData, encapsulate);
|
||||
return signedData.getEncoded();
|
||||
X509CertificateHolder holder = new X509CertificateHolder(x509Cert.getEncoded());
|
||||
return new SignedData(
|
||||
new ASN1Integer(1),
|
||||
new DERSet(new AlgorithmIdentifier(GMObjectIdentifiers.sm3)),
|
||||
plainContent,
|
||||
new DLSet(holder.toASN1Structure()),
|
||||
null,
|
||||
new DLSet(signerInfo)
|
||||
);
|
||||
} catch (Exception ex) {
|
||||
log.warn("", ex);
|
||||
throw new IllegalArgumentException("P7Attach 签名异常");
|
||||
throw new IllegalArgumentException("P7签名异常");
|
||||
}
|
||||
}
|
||||
|
||||
public boolean p7Verify(byte[] signedDataBytes, byte[] originalData) throws Exception {
|
||||
|
||||
CMSSignedData signedData;
|
||||
if (originalData == null || originalData.length == 0) {
|
||||
signedData = new CMSSignedData(signedDataBytes);
|
||||
} else {
|
||||
CMSTypedData originalContent = new CMSProcessableByteArray(originalData);
|
||||
signedData = new CMSSignedData(originalContent, signedDataBytes);
|
||||
}
|
||||
ContentInfo contentInfo = ContentInfo.getInstance(signedDataBytes);
|
||||
Assert.isTrue(Objects.equals(Signed_Data.getId(), contentInfo.getContentType().getId()), "P7签名数据格式错误");
|
||||
|
||||
Store<X509CertificateHolder> certStore = signedData.getCertificates();
|
||||
SignerInformationStore signers = signedData.getSignerInfos();
|
||||
SignedData signedData = SignedData.getInstance(contentInfo.getContent());
|
||||
|
||||
for (SignerInformation signer : signers.getSigners()) {
|
||||
Collection<X509CertificateHolder> matches = certStore.getMatches(signer.getSID());
|
||||
if (matches.isEmpty()) {
|
||||
throw new IllegalArgumentException("No matching certificate found for signer");
|
||||
}
|
||||
X509CertificateHolder certHolder = matches.iterator().next(); // 这里进行类型安全的提取
|
||||
X509Certificate cert = new JcaX509CertificateConverter()
|
||||
.setProvider(BouncyCastleProvider.PROVIDER_NAME)
|
||||
.getCertificate(certHolder);
|
||||
CMSSignatureAlgorithmNameGenerator sigAlgNameGen = new DefaultCMSSignatureAlgorithmNameGenerator();
|
||||
SignatureAlgorithmIdentifierFinder sigAlgIDFinder = new DefaultSignatureAlgorithmIdentifierFinder();
|
||||
DigestCalculatorProvider digestProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build();
|
||||
SignerInformationVerifier verifier = new SignerInformationVerifier(sigAlgNameGen, sigAlgIDFinder, build(cert), digestProvider);
|
||||
byte[] plainData = Optional.ofNullable(signedData.getContentInfo())
|
||||
.map(ContentInfo::getContent)
|
||||
.map(it -> (ASN1OctetString) it)
|
||||
.map(ASN1OctetString::getOctets)
|
||||
.orElse(originalData);
|
||||
Assert.notNull(plainData, "未能解析到原文, 请检查签名数据");
|
||||
|
||||
if (signer.verify(verifier)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
ASN1Primitive primitive = Optional.ofNullable(signedData.getCertificates())
|
||||
.map(ASN1Set::iterator)
|
||||
.map(Iterator::next)
|
||||
.map(ASN1Encodable::toASN1Primitive)
|
||||
.orElse(null);
|
||||
Assert.notNull(primitive, "解析证书异常");
|
||||
X509Certificate cert = BCSM2CertUtils.getX509Certificate(primitive.getEncoded());
|
||||
BCECPublicKey publicKey = (BCECPublicKey) cert.getPublicKey();
|
||||
byte[] xy = LangUtils.merge(publicKey.getQ().getXCoord().getEncoded(), publicKey.getQ().getYCoord().getEncoded());
|
||||
|
||||
public ContentVerifierProvider build(X509Certificate certificate)
|
||||
throws OperatorCreationException {
|
||||
X509CertificateHolder certHolder;
|
||||
byte[] xy;
|
||||
try {
|
||||
certHolder = new JcaX509CertificateHolder(certificate);
|
||||
BCECPublicKey publicKey = (BCECPublicKey) certificate.getPublicKey();
|
||||
xy = LangUtils.merge(publicKey.getQ().getXCoord().getEncoded(), publicKey.getQ().getYCoord().getEncoded());
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e);
|
||||
}
|
||||
|
||||
return new ContentVerifierProvider() {
|
||||
public boolean hasAssociatedCertificate() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public X509CertificateHolder getAssociatedCertificate() {
|
||||
return certHolder;
|
||||
}
|
||||
|
||||
public ContentVerifier get(AlgorithmIdentifier algorithm) {
|
||||
return new ContentVerifier() {
|
||||
private final ByteArrayOutputStream stream = new ByteArrayOutputStream();
|
||||
|
||||
@Override
|
||||
public AlgorithmIdentifier getAlgorithmIdentifier() {
|
||||
return algorithm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public OutputStream getOutputStream() {
|
||||
return stream;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verify(byte[] expected) {
|
||||
return sdfApiService.externalVerifyWithIdECC(xy, stream.toByteArray(), expected, null);
|
||||
}
|
||||
};
|
||||
}
|
||||
};
|
||||
SignerInfo signerInfo = SignerInfo.getInstance(signedData.getSignerInfos().iterator().next());
|
||||
byte[] octets = signerInfo.getEncryptedDigest().getOctets();
|
||||
return sdfApiService.externalVerifyWithIdECC(xy, plainData, octets, null);
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
public AsymEnvelopeSealResp envelopeSeal(AsymEnvelopeSealReq req) {
|
||||
byte[] plainData = CodecUtils.decodeBase64(req.getPlainData());
|
||||
|
||||
EnvelopedData contentInfo = getEnvelopedData(req.getEncCert(), plainData);
|
||||
byte[] envelopeData = contentInfo.getEncoded("DER");
|
||||
EnvelopedData envelopedData = getEnvelopedData(req.getEncCert(), plainData);
|
||||
ContentInfo contentInfo = new ContentInfo(ContentInfo.envelopedData, envelopedData);
|
||||
byte[] envelopeData = contentInfo.getEncoded();
|
||||
|
||||
AsymEnvelopeSealResp resp = new AsymEnvelopeSealResp();
|
||||
resp.setEnvelopeData(CodecUtils.encodeBase64(envelopeData));
|
||||
@ -381,11 +328,7 @@ public class AsymKeyService {
|
||||
RecipientInfo recipientInfo = new RecipientInfo(keyTransRecipientInfo);
|
||||
|
||||
byte[] encContent = sdfApiService.symEncrypt(AlgId.SGD_SM4_ECB, Padding.PCKS7Padding, symKey, null, plainData);
|
||||
EncryptedContentInfo encContentInfo = new EncryptedContentInfo(
|
||||
new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.1"),
|
||||
symAlg,
|
||||
new DEROctetString(encContent)
|
||||
);
|
||||
EncryptedContentInfo encContentInfo = new EncryptedContentInfo(Data, symAlg, new DEROctetString(encContent));
|
||||
|
||||
return new EnvelopedData(null,
|
||||
new DERSet(recipientInfo),
|
||||
@ -397,14 +340,19 @@ public class AsymKeyService {
|
||||
public AsymEnvelopeUnsealResp envelopeUnseal(AsymEnvelopeUnsealReq req) {
|
||||
byte[] envelopeData = CodecUtils.decodeBase64(req.getEnvelopeData());
|
||||
// 解密数字信封
|
||||
EnvelopedData ed = EnvelopedData.getInstance(envelopeData);
|
||||
byte[] plain = getPlainFromEnvelopedData(ed);
|
||||
byte[] plain = getPlainFromEnvelopedData(envelopeData);
|
||||
AsymEnvelopeUnsealResp resp = new AsymEnvelopeUnsealResp();
|
||||
resp.setPlainData(CodecUtils.encodeBase64(plain));
|
||||
return resp;
|
||||
}
|
||||
|
||||
private byte[] getPlainFromEnvelopedData(EnvelopedData ed) {
|
||||
private byte[] getPlainFromEnvelopedData(byte[] edData) {
|
||||
ContentInfo contentInfo = ContentInfo.getInstance(edData);
|
||||
String id = contentInfo.getContentType().getId();
|
||||
boolean isEd = Objects.equals(id, ContentInfo.envelopedData.getId()) || Objects.equals(id, Enveloped_Data.getId());
|
||||
Assert.isTrue(isEd, "数字信封数据格式异常");
|
||||
|
||||
EnvelopedData ed = EnvelopedData.getInstance(contentInfo.getContent());
|
||||
ASN1Set infos = ed.getRecipientInfos();
|
||||
RecipientInfo recipientInfo = RecipientInfo.getInstance(infos.getObjectAt(0));
|
||||
KeyTransRecipientInfo transRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
|
||||
@ -439,12 +387,8 @@ public class AsymKeyService {
|
||||
byte[] encPri = CodecUtils.decodeHex(appCert.getEncPriKey());
|
||||
byte[] pri = sdfApiService.decryptByTMK(encPri);
|
||||
|
||||
byte[] asymSignP7Resp = p7Sign(pri, appCert.getCertText(), plainData, true);
|
||||
ContentInfo instance = ContentInfo.getInstance(asymSignP7Resp);
|
||||
SignedData signedData = SignedData.getInstance(instance.getContent());
|
||||
|
||||
SignedData signedData = p7Sign(pri, appCert.getCertText(), plainData, false);
|
||||
EnvelopedData envelopedData = getEnvelopedData(req.getEncCert(), plainData);
|
||||
|
||||
SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData(
|
||||
new ASN1Integer(1),
|
||||
envelopedData.getRecipientInfos(),
|
||||
@ -454,15 +398,19 @@ public class AsymKeyService {
|
||||
signedData.getCRLs(),
|
||||
signedData.getSignerInfos()
|
||||
);
|
||||
ContentInfo contentInfo = new ContentInfo(Signed_Enveloped_Data, signedAndEnvelopedData);
|
||||
AsymEnvelopeSealResp resp = new AsymEnvelopeSealResp();
|
||||
resp.setEnvelopeData(CodecUtils.encodeBase64(signedAndEnvelopedData.getEncoded()));
|
||||
resp.setEnvelopeData(CodecUtils.encodeBase64(contentInfo.getEncoded()));
|
||||
return resp;
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
public AsymEnvelopeUnsealResp signedEnvelopeUnseal(AsymEnvelopeUnsealReq req) {
|
||||
byte[] data = CodecUtils.decodeBase64(req.getEnvelopeData());
|
||||
SignedAndEnvelopedData signedAndEnvelopedData = SignedAndEnvelopedData.getInstance(data);
|
||||
ContentInfo info = ContentInfo.getInstance(data);
|
||||
Assert.isTrue(Objects.equals(Signed_Enveloped_Data.getId(), info.getContentType().getId()), "P7签名数字信封格式错误");
|
||||
|
||||
SignedAndEnvelopedData signedAndEnvelopedData = SignedAndEnvelopedData.getInstance(info.getContent());
|
||||
|
||||
EnvelopedData envelopedData = new EnvelopedData(
|
||||
null,
|
||||
@ -470,7 +418,8 @@ public class AsymKeyService {
|
||||
signedAndEnvelopedData.getEncryptedContentInfo(),
|
||||
(ASN1Set) null
|
||||
);
|
||||
byte[] plainData = getPlainFromEnvelopedData(envelopedData);
|
||||
ContentInfo EnvelopedDataInfo = new ContentInfo(CMSObjectIdentifiers.envelopedData, envelopedData);
|
||||
byte[] plainData = getPlainFromEnvelopedData(EnvelopedDataInfo.getEncoded());
|
||||
|
||||
CMSTypedData cmsData = new CMSProcessableByteArray(plainData);
|
||||
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
|
||||
@ -478,13 +427,14 @@ public class AsymKeyService {
|
||||
bOut.close();
|
||||
ContentInfo encInfo = new ContentInfo(cmsData.getContentType(), new BEROctetString(bOut.toByteArray()));
|
||||
SignedData sd = new SignedData(
|
||||
new ASN1Integer(1),
|
||||
signedAndEnvelopedData.getDigestAlgorithms(),
|
||||
encInfo,
|
||||
signedAndEnvelopedData.getCertificates(),
|
||||
signedAndEnvelopedData.getCrls(),
|
||||
signedAndEnvelopedData.getSignerInfos()
|
||||
);
|
||||
ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
|
||||
ContentInfo contentInfo = new ContentInfo(Signed_Data, sd);
|
||||
p7Verify(contentInfo.getEncoded(), null);
|
||||
AsymEnvelopeUnsealResp resp = new AsymEnvelopeUnsealResp();
|
||||
resp.setPlainData(CodecUtils.encodeBase64(plainData));
|
||||
|
||||
@ -14,12 +14,14 @@ import org.junit.jupiter.api.Test;
|
||||
public class AsymKeyTest extends BaseTest {
|
||||
|
||||
private static Long keyId;
|
||||
private static final byte[] plain = "hjsu234127qikqwndqqw13412as324".getBytes();
|
||||
private static final byte[] plain = "hjsu234127qikqwasdqweqwewqdasdasdasdasdasndqqw13412as324".getBytes();
|
||||
private static final Long certKeyId = 1871443220005818369L;
|
||||
private static final String dn = "CN=cert-test,O=SYD,L=HZ,ST=ZJ,C=CN";
|
||||
|
||||
private static final String enc_cert = "MIICdjCCAhqgAwIBAgINLGdqVePOjZMIDvBZqDAMBggqgRzPVQGDdQUAMEMxCzAJBgNVBAYTAkNOMQ0wCwYDVQQKDARCSkNBMQ0wCwYDVQQLDARCSkNBMRYwFAYDVQQDDA1URVNUU00yU1VCX1pYMB4XDTI0MTIyNDA1MzQxMVoXDTI1MTIyNDA2MzQxMVowSTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlpKMQswCQYDVQQHDAJIWjEMMAoGA1UECgwDU1lEMRIwEAYDVQQDDAljZXJ0LXRlc3QwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQDJI7orEc8QVQMblzomR3SPeEqVJdfM46cxquj/JWJ318TZ0gZC1M9YPN9K5NDyaUwnExvGNpnz3PYxbs5nokXo4HqMIHnMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgM4MB0GA1UdDgQWBBSstrPACaBcow1prbZb2mkgzFOatzAfBgNVHSMEGDAWgBSqoPASv2D/pNLeAnE6J6XPnJ71KjA9BgNVHSAENjA0MDIGCSqBHIbvMgICBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3d3dy5iamNhLmNuL0NQUzBLBgNVHR8ERDBCMECgPqA8hjpodHRwczovL2NybC5pc2lnbmV0LmNuL2NybC9URVNUU00yU1VCX1pYL1RFU1RTTTJTVUJfWlguY3JsMAwGCCqBHM9VAYN1BQADSAAwRQIhAIJj1ERuVaKh+1YtDlE4kDwrK5ewMeH1ADnK+/7DBrwMAiAJ7J9HBqJkwul1yblnX52W4aQhPZt9LLDZZqJhjEd7Sg==";
|
||||
|
||||
private static final String signAttachHsm = "MIIDPQYKKoEcz1UGAQQCAqCCAy0wggMpAgEBMQ4wDAYIKoEcz1UBgxEFADAYBgoqgRzPVQYBBAIBoAoECDEyMzQ1Njc4oIICMjCCAi4wggHSoAMCAQICBgGUAQHeQjAMBggqgRzPVQGDdQUAMEsxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKEwVHTVNTTDEQMA4GA1UECxMHUEtJL1NNMjEaMBgGA1UEAxMRTWlkZGxlQ0EgZm9yIFRlc3QwIhgPMjAyNDEyMjUxNjAwMDBaGA8yMDI1MTIyNTE2MDAwMFowXTELMAkGA1UEBgwCQ04xCzAJBgNVBAgMAnpqMQswCQYDVQQHDAJoejEQMA4GA1UECgwHc3VueWFyZDEQMA4GA1UECwwHc3VueWFyZDEQMA4GA1UEAwwHdGVzdDEyMzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABBNw7w5PxepQWwg5tfYoRIwilnqp01YvdY3ZnZD1ShHw6DX4f8cLblHagNazkOU9C5zeXvUWvtrcvZz5s92TLTGjgYkwgYYwGwYDVR0jBBQwEoAQ+X9VtCeUM2KmVspvzF0a/zAZBgNVHQ4EEgQQCR6s1jJA8ENWsIEo61LkMjAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGGFWh0dHBzOi8vb2NzcC5nbXNzbC5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIAwDAMBggqgRzPVQGDdQUAA0gAMEUCIEaCtRZ8G4OgwhqI6NqxVwfUELvHS7ojkTGbImLX1ZkiAiEApFb7utbtgvL5hkV0Gj/k/CLY0vl+RbYSqAVoPtNEr1oxgcMwgcACAQEwVTBLMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFR01TU0wxEDAOBgNVBAsTB1BLSS9TTTIxGjAYBgNVBAMTEU1pZGRsZUNBIGZvciBUZXN0AgYBlAEB3kIwDAYIKoEcz1UBgxEFADANBgkqgRzPVQGCLQEFAARHMEUCIAt4OoCaP1/AmDZgMFWOfK046l+lNcfXdIYjhAw/nds4AiEA49yH+OAhi+4orHswRRzXE94x7kT9y7+l92kCjaS9EYA=";
|
||||
private static final String signDetachHsm = "MIIDMQYKKoEcz1UGAQQCAqCCAyEwggMdAgEBMQ4wDAYIKoEcz1UBgxEFADAMBgoqgRzPVQYBBAIBoIICMjCCAi4wggHSoAMCAQICBgGUAQHeQjAMBggqgRzPVQGDdQUAMEsxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKEwVHTVNTTDEQMA4GA1UECxMHUEtJL1NNMjEaMBgGA1UEAxMRTWlkZGxlQ0EgZm9yIFRlc3QwIhgPMjAyNDEyMjUxNjAwMDBaGA8yMDI1MTIyNTE2MDAwMFowXTELMAkGA1UEBgwCQ04xCzAJBgNVBAgMAnpqMQswCQYDVQQHDAJoejEQMA4GA1UECgwHc3VueWFyZDEQMA4GA1UECwwHc3VueWFyZDEQMA4GA1UEAwwHdGVzdDEyMzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABBNw7w5PxepQWwg5tfYoRIwilnqp01YvdY3ZnZD1ShHw6DX4f8cLblHagNazkOU9C5zeXvUWvtrcvZz5s92TLTGjgYkwgYYwGwYDVR0jBBQwEoAQ+X9VtCeUM2KmVspvzF0a/zAZBgNVHQ4EEgQQCR6s1jJA8ENWsIEo61LkMjAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGGFWh0dHBzOi8vb2NzcC5nbXNzbC5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIAwDAMBggqgRzPVQGDdQUAA0gAMEUCIEaCtRZ8G4OgwhqI6NqxVwfUELvHS7ojkTGbImLX1ZkiAiEApFb7utbtgvL5hkV0Gj/k/CLY0vl+RbYSqAVoPtNEr1oxgcMwgcACAQEwVTBLMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFR01TU0wxEDAOBgNVBAsTB1BLSS9TTTIxGjAYBgNVBAMTEU1pZGRsZUNBIGZvciBUZXN0AgYBlAEB3kIwDAYIKoEcz1UBgxEFADANBgkqgRzPVQGCLQEFAARHMEUCIEzIJwjBsG6/2VemCJuQ0/eJhNS+Nwcz+7+WqJwlsgV5AiEA4ILu0NFEaM3IC4d9gAFswOZnACwYnKR2/gm9eZB4GsY=";
|
||||
private static final byte[] plainHsm = "12345678".getBytes();
|
||||
|
||||
@Test
|
||||
public void testAttach() {
|
||||
@ -35,7 +37,21 @@ public class AsymKeyTest extends BaseTest {
|
||||
log.info("verifyResp: {}", verifyResp.getVerified());
|
||||
|
||||
Assertions.assertTrue(verifyResp.getVerified());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHsm() {
|
||||
AsymVerifyP7Req verifyP7Req = new AsymVerifyP7Req();
|
||||
verifyP7Req.setSignData(signAttachHsm);
|
||||
VerifyResp verifyResp = execute("/asym/verify/P7Attach", verifyP7Req, VerifyResp.class);
|
||||
log.info("verifyResp: {}", verifyResp.getVerified());
|
||||
Assertions.assertTrue(verifyResp.getVerified());
|
||||
|
||||
verifyP7Req.setSignData(signDetachHsm);
|
||||
verifyP7Req.setPlainData(CodecUtils.encodeBase64(plainHsm));
|
||||
verifyResp = execute("/asym/verify/P7Detach", verifyP7Req, VerifyResp.class);
|
||||
log.info("verifyResp: {}", verifyResp.getVerified());
|
||||
Assertions.assertTrue(verifyResp.getVerified());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Loading…
Reference in New Issue
Block a user