diff --git a/chsm-web-manage/src/main/java/com/sunyard/chsm/service/impl/ApplicationServiceImpl.java b/chsm-web-manage/src/main/java/com/sunyard/chsm/service/impl/ApplicationServiceImpl.java index 9395891..30003f2 100644 --- a/chsm-web-manage/src/main/java/com/sunyard/chsm/service/impl/ApplicationServiceImpl.java +++ b/chsm-web-manage/src/main/java/com/sunyard/chsm/service/impl/ApplicationServiceImpl.java @@ -85,7 +85,7 @@ public class ApplicationServiceImpl implements ApplicationService { BeanUtils.copyProperties(it, view); List sIds = appServiceMap.getOrDefault(it.getId(), Collections.emptyList()); view.setServiceIds(sIds.stream().map(String::valueOf).collect(Collectors.toList())); - view.setWhiteIps(appIpMap.get(it.getId())); + view.setWhiteIps(appIpMap.getOrDefault(it.getId(), Collections.singletonList(""))); String sn = sIds.stream() .map(snMap::get) .filter(Objects::nonNull) diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/service/AsymKeyService.java b/chsm-web-server/src/main/java/com/sunyard/chsm/service/AsymKeyService.java index a2bc857..3a88740 100644 --- a/chsm-web-server/src/main/java/com/sunyard/chsm/service/AsymKeyService.java +++ b/chsm-web-server/src/main/java/com/sunyard/chsm/service/AsymKeyService.java @@ -23,32 +23,26 @@ import lombok.extern.slf4j.Slf4j; import org.bouncycastle.asn1.*; import org.bouncycastle.asn1.cms.*; import org.bouncycastle.asn1.gm.GMObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.ContentInfo; +import org.bouncycastle.asn1.pkcs.SignedData; +import org.bouncycastle.asn1.pkcs.SignerInfo; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaCertStore; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; -import org.bouncycastle.cms.*; -import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.cms.CMSProcessableByteArray; +import org.bouncycastle.cms.CMSTypedData; import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.*; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; -import org.bouncycastle.util.Store; import org.springframework.stereotype.Service; import org.springframework.util.Assert; import java.io.ByteArrayOutputStream; -import java.io.OutputStream; import java.security.NoSuchProviderException; -import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.time.LocalDateTime; -import java.util.Collection; -import java.util.Collections; +import java.util.Iterator; import java.util.Objects; +import java.util.Optional; /** * @author liulu @@ -171,6 +165,7 @@ public class AsymKeyService { return resp; } + @SneakyThrows public AsymSignP7Resp signP7Attach(AsymSignP7Req req) { byte[] plainData = CodecUtils.decodeBase64(req.getPlainData()); AppCert appCert = appCertMapper.selectSignBySubject(req.getSubject()); @@ -179,9 +174,11 @@ public class AsymKeyService { byte[] encPri = CodecUtils.decodeHex(appCert.getEncPriKey()); byte[] pri = sdfApiService.decryptByTMK(encPri); - byte[] asymSignP7Resp = p7Sign(pri, appCert.getCertText(), plainData, true); + SignedData signedData = p7Sign(pri, appCert.getCertText(), plainData, true); + ContentInfo contentInfo = new ContentInfo(Signed_Data, signedData); + AsymSignP7Resp resp = new AsymSignP7Resp(); - resp.setSignData(CodecUtils.encodeBase64(asymSignP7Resp)); + resp.setSignData(CodecUtils.encodeBase64(contentInfo.getEncoded())); return resp; } @@ -192,6 +189,7 @@ public class AsymKeyService { verify = p7Verify(signData, null); } catch (Exception e) { + log.warn("", e); verify = false; } VerifyResp resp = new VerifyResp(); @@ -199,6 +197,7 @@ public class AsymKeyService { return resp; } + @SneakyThrows public AsymSignP7Resp signP7Detach(AsymSignP7Req req) { byte[] plainData = CodecUtils.decodeBase64(req.getPlainData()); AppCert appCert = appCertMapper.selectSignBySubject(req.getSubject()); @@ -207,9 +206,10 @@ public class AsymKeyService { byte[] encPri = CodecUtils.decodeHex(appCert.getEncPriKey()); byte[] pri = sdfApiService.decryptByTMK(encPri); - byte[] asymSignP7Resp = p7Sign(pri, appCert.getCertText(), plainData, false); + SignedData signedData = p7Sign(pri, appCert.getCertText(), plainData, false); + ContentInfo contentInfo = new ContentInfo(Signed_Data, signedData); AsymSignP7Resp resp = new AsymSignP7Resp(); - resp.setSignData(CodecUtils.encodeBase64(asymSignP7Resp)); + resp.setSignData(CodecUtils.encodeBase64(contentInfo.getEncoded())); return resp; } @@ -229,132 +229,79 @@ public class AsymKeyService { return resp; } - private byte[] p7Sign(byte[] pri, String cert, byte[] plainData, boolean encapsulate) { + private static final ASN1ObjectIdentifier Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.1"); + private static final ASN1ObjectIdentifier Signed_Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.2"); + private static final ASN1ObjectIdentifier Enveloped_Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.3"); + private static final ASN1ObjectIdentifier Signed_Enveloped_Data = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.4"); + + private SignedData p7Sign(byte[] pri, String cert, byte[] plainData, boolean encapsulate) { try { X509Certificate x509Cert = BCSM2CertUtils.getX509Cert(cert); - // 构造签名内容 - CMSTypedData cmsData = new CMSProcessableByteArray(plainData); + X500Name x500Name = X500Name.getInstance(x509Cert.getIssuerX500Principal().getEncoded()); + EccSignature signature = sdfApiService.externalSignWithIdECC(pri, plainData, null); + SignerInfo signerInfo = new SignerInfo( + new ASN1Integer(1), + new org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber(x500Name, x509Cert.getSerialNumber()), + new AlgorithmIdentifier(GMObjectIdentifiers.sm3), + null, + new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign), + new DEROctetString(signature.getDerSignBytes()), + null + ); - ContentSigner signer = new ContentSigner() { - private final ByteArrayOutputStream stream = new ByteArrayOutputStream(); + ContentInfo plainContent = new ContentInfo(Data, encapsulate ? new DEROctetString(plainData) : null); - @Override - public AlgorithmIdentifier getAlgorithmIdentifier() { - return new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3); - } - - @Override - public OutputStream getOutputStream() { - return stream; - } - - @Override - public byte[] getSignature() { - EccSignature signature = sdfApiService.externalSignWithIdECC(pri, stream.toByteArray(), null); - return signature.getDerSignBytes(); - } - }; - - // 生成签名者信息 - SignerInfoGenerator signerInfoGenerator = new JcaSignerInfoGeneratorBuilder( - new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build() - ).build(signer, x509Cert); - // 构建 CMS Signed Data - CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); - generator.addSignerInfoGenerator(signerInfoGenerator); - generator.addCertificates(new JcaCertStore(Collections.singletonList(x509Cert))); - CMSSignedData signedData = generator.generate(cmsData, encapsulate); - return signedData.getEncoded(); + X509CertificateHolder holder = new X509CertificateHolder(x509Cert.getEncoded()); + return new SignedData( + new ASN1Integer(1), + new DERSet(new AlgorithmIdentifier(GMObjectIdentifiers.sm3)), + plainContent, + new DLSet(holder.toASN1Structure()), + null, + new DLSet(signerInfo) + ); } catch (Exception ex) { log.warn("", ex); - throw new IllegalArgumentException("P7Attach 签名异常"); + throw new IllegalArgumentException("P7签名异常"); } } public boolean p7Verify(byte[] signedDataBytes, byte[] originalData) throws Exception { - CMSSignedData signedData; - if (originalData == null || originalData.length == 0) { - signedData = new CMSSignedData(signedDataBytes); - } else { - CMSTypedData originalContent = new CMSProcessableByteArray(originalData); - signedData = new CMSSignedData(originalContent, signedDataBytes); - } + ContentInfo contentInfo = ContentInfo.getInstance(signedDataBytes); + Assert.isTrue(Objects.equals(Signed_Data.getId(), contentInfo.getContentType().getId()), "P7签名数据格式错误"); - Store certStore = signedData.getCertificates(); - SignerInformationStore signers = signedData.getSignerInfos(); + SignedData signedData = SignedData.getInstance(contentInfo.getContent()); - for (SignerInformation signer : signers.getSigners()) { - Collection matches = certStore.getMatches(signer.getSID()); - if (matches.isEmpty()) { - throw new IllegalArgumentException("No matching certificate found for signer"); - } - X509CertificateHolder certHolder = matches.iterator().next(); // 这里进行类型安全的提取 - X509Certificate cert = new JcaX509CertificateConverter() - .setProvider(BouncyCastleProvider.PROVIDER_NAME) - .getCertificate(certHolder); - CMSSignatureAlgorithmNameGenerator sigAlgNameGen = new DefaultCMSSignatureAlgorithmNameGenerator(); - SignatureAlgorithmIdentifierFinder sigAlgIDFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - DigestCalculatorProvider digestProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); - SignerInformationVerifier verifier = new SignerInformationVerifier(sigAlgNameGen, sigAlgIDFinder, build(cert), digestProvider); + byte[] plainData = Optional.ofNullable(signedData.getContentInfo()) + .map(ContentInfo::getContent) + .map(it -> (ASN1OctetString) it) + .map(ASN1OctetString::getOctets) + .orElse(originalData); + Assert.notNull(plainData, "未能解析到原文, 请检查签名数据"); - if (signer.verify(verifier)) { - return true; - } - } - return false; - } + ASN1Primitive primitive = Optional.ofNullable(signedData.getCertificates()) + .map(ASN1Set::iterator) + .map(Iterator::next) + .map(ASN1Encodable::toASN1Primitive) + .orElse(null); + Assert.notNull(primitive, "解析证书异常"); + X509Certificate cert = BCSM2CertUtils.getX509Certificate(primitive.getEncoded()); + BCECPublicKey publicKey = (BCECPublicKey) cert.getPublicKey(); + byte[] xy = LangUtils.merge(publicKey.getQ().getXCoord().getEncoded(), publicKey.getQ().getYCoord().getEncoded()); - public ContentVerifierProvider build(X509Certificate certificate) - throws OperatorCreationException { - X509CertificateHolder certHolder; - byte[] xy; - try { - certHolder = new JcaX509CertificateHolder(certificate); - BCECPublicKey publicKey = (BCECPublicKey) certificate.getPublicKey(); - xy = LangUtils.merge(publicKey.getQ().getXCoord().getEncoded(), publicKey.getQ().getYCoord().getEncoded()); - } catch (CertificateEncodingException e) { - throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e); - } - - return new ContentVerifierProvider() { - public boolean hasAssociatedCertificate() { - return true; - } - - public X509CertificateHolder getAssociatedCertificate() { - return certHolder; - } - - public ContentVerifier get(AlgorithmIdentifier algorithm) { - return new ContentVerifier() { - private final ByteArrayOutputStream stream = new ByteArrayOutputStream(); - - @Override - public AlgorithmIdentifier getAlgorithmIdentifier() { - return algorithm; - } - - @Override - public OutputStream getOutputStream() { - return stream; - } - - @Override - public boolean verify(byte[] expected) { - return sdfApiService.externalVerifyWithIdECC(xy, stream.toByteArray(), expected, null); - } - }; - } - }; + SignerInfo signerInfo = SignerInfo.getInstance(signedData.getSignerInfos().iterator().next()); + byte[] octets = signerInfo.getEncryptedDigest().getOctets(); + return sdfApiService.externalVerifyWithIdECC(xy, plainData, octets, null); } @SneakyThrows public AsymEnvelopeSealResp envelopeSeal(AsymEnvelopeSealReq req) { byte[] plainData = CodecUtils.decodeBase64(req.getPlainData()); - EnvelopedData contentInfo = getEnvelopedData(req.getEncCert(), plainData); - byte[] envelopeData = contentInfo.getEncoded("DER"); + EnvelopedData envelopedData = getEnvelopedData(req.getEncCert(), plainData); + ContentInfo contentInfo = new ContentInfo(ContentInfo.envelopedData, envelopedData); + byte[] envelopeData = contentInfo.getEncoded(); AsymEnvelopeSealResp resp = new AsymEnvelopeSealResp(); resp.setEnvelopeData(CodecUtils.encodeBase64(envelopeData)); @@ -381,11 +328,7 @@ public class AsymKeyService { RecipientInfo recipientInfo = new RecipientInfo(keyTransRecipientInfo); byte[] encContent = sdfApiService.symEncrypt(AlgId.SGD_SM4_ECB, Padding.PCKS7Padding, symKey, null, plainData); - EncryptedContentInfo encContentInfo = new EncryptedContentInfo( - new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2.1"), - symAlg, - new DEROctetString(encContent) - ); + EncryptedContentInfo encContentInfo = new EncryptedContentInfo(Data, symAlg, new DEROctetString(encContent)); return new EnvelopedData(null, new DERSet(recipientInfo), @@ -397,14 +340,19 @@ public class AsymKeyService { public AsymEnvelopeUnsealResp envelopeUnseal(AsymEnvelopeUnsealReq req) { byte[] envelopeData = CodecUtils.decodeBase64(req.getEnvelopeData()); // 解密数字信封 - EnvelopedData ed = EnvelopedData.getInstance(envelopeData); - byte[] plain = getPlainFromEnvelopedData(ed); + byte[] plain = getPlainFromEnvelopedData(envelopeData); AsymEnvelopeUnsealResp resp = new AsymEnvelopeUnsealResp(); resp.setPlainData(CodecUtils.encodeBase64(plain)); return resp; } - private byte[] getPlainFromEnvelopedData(EnvelopedData ed) { + private byte[] getPlainFromEnvelopedData(byte[] edData) { + ContentInfo contentInfo = ContentInfo.getInstance(edData); + String id = contentInfo.getContentType().getId(); + boolean isEd = Objects.equals(id, ContentInfo.envelopedData.getId()) || Objects.equals(id, Enveloped_Data.getId()); + Assert.isTrue(isEd, "数字信封数据格式异常"); + + EnvelopedData ed = EnvelopedData.getInstance(contentInfo.getContent()); ASN1Set infos = ed.getRecipientInfos(); RecipientInfo recipientInfo = RecipientInfo.getInstance(infos.getObjectAt(0)); KeyTransRecipientInfo transRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo()); @@ -439,12 +387,8 @@ public class AsymKeyService { byte[] encPri = CodecUtils.decodeHex(appCert.getEncPriKey()); byte[] pri = sdfApiService.decryptByTMK(encPri); - byte[] asymSignP7Resp = p7Sign(pri, appCert.getCertText(), plainData, true); - ContentInfo instance = ContentInfo.getInstance(asymSignP7Resp); - SignedData signedData = SignedData.getInstance(instance.getContent()); - + SignedData signedData = p7Sign(pri, appCert.getCertText(), plainData, false); EnvelopedData envelopedData = getEnvelopedData(req.getEncCert(), plainData); - SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData( new ASN1Integer(1), envelopedData.getRecipientInfos(), @@ -454,15 +398,19 @@ public class AsymKeyService { signedData.getCRLs(), signedData.getSignerInfos() ); + ContentInfo contentInfo = new ContentInfo(Signed_Enveloped_Data, signedAndEnvelopedData); AsymEnvelopeSealResp resp = new AsymEnvelopeSealResp(); - resp.setEnvelopeData(CodecUtils.encodeBase64(signedAndEnvelopedData.getEncoded())); + resp.setEnvelopeData(CodecUtils.encodeBase64(contentInfo.getEncoded())); return resp; } @SneakyThrows public AsymEnvelopeUnsealResp signedEnvelopeUnseal(AsymEnvelopeUnsealReq req) { byte[] data = CodecUtils.decodeBase64(req.getEnvelopeData()); - SignedAndEnvelopedData signedAndEnvelopedData = SignedAndEnvelopedData.getInstance(data); + ContentInfo info = ContentInfo.getInstance(data); + Assert.isTrue(Objects.equals(Signed_Enveloped_Data.getId(), info.getContentType().getId()), "P7签名数字信封格式错误"); + + SignedAndEnvelopedData signedAndEnvelopedData = SignedAndEnvelopedData.getInstance(info.getContent()); EnvelopedData envelopedData = new EnvelopedData( null, @@ -470,7 +418,8 @@ public class AsymKeyService { signedAndEnvelopedData.getEncryptedContentInfo(), (ASN1Set) null ); - byte[] plainData = getPlainFromEnvelopedData(envelopedData); + ContentInfo EnvelopedDataInfo = new ContentInfo(CMSObjectIdentifiers.envelopedData, envelopedData); + byte[] plainData = getPlainFromEnvelopedData(EnvelopedDataInfo.getEncoded()); CMSTypedData cmsData = new CMSProcessableByteArray(plainData); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); @@ -478,13 +427,14 @@ public class AsymKeyService { bOut.close(); ContentInfo encInfo = new ContentInfo(cmsData.getContentType(), new BEROctetString(bOut.toByteArray())); SignedData sd = new SignedData( + new ASN1Integer(1), signedAndEnvelopedData.getDigestAlgorithms(), encInfo, signedAndEnvelopedData.getCertificates(), signedAndEnvelopedData.getCrls(), signedAndEnvelopedData.getSignerInfos() ); - ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd); + ContentInfo contentInfo = new ContentInfo(Signed_Data, sd); p7Verify(contentInfo.getEncoded(), null); AsymEnvelopeUnsealResp resp = new AsymEnvelopeUnsealResp(); resp.setPlainData(CodecUtils.encodeBase64(plainData)); diff --git a/chsm-web-server/src/test/java/api/AsymKeyTest.java b/chsm-web-server/src/test/java/api/AsymKeyTest.java index f263309..a978498 100644 --- a/chsm-web-server/src/test/java/api/AsymKeyTest.java +++ b/chsm-web-server/src/test/java/api/AsymKeyTest.java @@ -14,12 +14,14 @@ import org.junit.jupiter.api.Test; public class AsymKeyTest extends BaseTest { private static Long keyId; - private static final byte[] plain = "hjsu234127qikqwndqqw13412as324".getBytes(); + private static final byte[] plain = "hjsu234127qikqwasdqweqwewqdasdasdasdasdasndqqw13412as324".getBytes(); private static final Long certKeyId = 1871443220005818369L; private static final String dn = "CN=cert-test,O=SYD,L=HZ,ST=ZJ,C=CN"; private static final String enc_cert = "MIICdjCCAhqgAwIBAgINLGdqVePOjZMIDvBZqDAMBggqgRzPVQGDdQUAMEMxCzAJBgNVBAYTAkNOMQ0wCwYDVQQKDARCSkNBMQ0wCwYDVQQLDARCSkNBMRYwFAYDVQQDDA1URVNUU00yU1VCX1pYMB4XDTI0MTIyNDA1MzQxMVoXDTI1MTIyNDA2MzQxMVowSTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlpKMQswCQYDVQQHDAJIWjEMMAoGA1UECgwDU1lEMRIwEAYDVQQDDAljZXJ0LXRlc3QwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQDJI7orEc8QVQMblzomR3SPeEqVJdfM46cxquj/JWJ318TZ0gZC1M9YPN9K5NDyaUwnExvGNpnz3PYxbs5nokXo4HqMIHnMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgM4MB0GA1UdDgQWBBSstrPACaBcow1prbZb2mkgzFOatzAfBgNVHSMEGDAWgBSqoPASv2D/pNLeAnE6J6XPnJ71KjA9BgNVHSAENjA0MDIGCSqBHIbvMgICBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3d3dy5iamNhLmNuL0NQUzBLBgNVHR8ERDBCMECgPqA8hjpodHRwczovL2NybC5pc2lnbmV0LmNuL2NybC9URVNUU00yU1VCX1pYL1RFU1RTTTJTVUJfWlguY3JsMAwGCCqBHM9VAYN1BQADSAAwRQIhAIJj1ERuVaKh+1YtDlE4kDwrK5ewMeH1ADnK+/7DBrwMAiAJ7J9HBqJkwul1yblnX52W4aQhPZt9LLDZZqJhjEd7Sg=="; - + private static final String signAttachHsm = "MIIDPQYKKoEcz1UGAQQCAqCCAy0wggMpAgEBMQ4wDAYIKoEcz1UBgxEFADAYBgoqgRzPVQYBBAIBoAoECDEyMzQ1Njc4oIICMjCCAi4wggHSoAMCAQICBgGUAQHeQjAMBggqgRzPVQGDdQUAMEsxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKEwVHTVNTTDEQMA4GA1UECxMHUEtJL1NNMjEaMBgGA1UEAxMRTWlkZGxlQ0EgZm9yIFRlc3QwIhgPMjAyNDEyMjUxNjAwMDBaGA8yMDI1MTIyNTE2MDAwMFowXTELMAkGA1UEBgwCQ04xCzAJBgNVBAgMAnpqMQswCQYDVQQHDAJoejEQMA4GA1UECgwHc3VueWFyZDEQMA4GA1UECwwHc3VueWFyZDEQMA4GA1UEAwwHdGVzdDEyMzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABBNw7w5PxepQWwg5tfYoRIwilnqp01YvdY3ZnZD1ShHw6DX4f8cLblHagNazkOU9C5zeXvUWvtrcvZz5s92TLTGjgYkwgYYwGwYDVR0jBBQwEoAQ+X9VtCeUM2KmVspvzF0a/zAZBgNVHQ4EEgQQCR6s1jJA8ENWsIEo61LkMjAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGGFWh0dHBzOi8vb2NzcC5nbXNzbC5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIAwDAMBggqgRzPVQGDdQUAA0gAMEUCIEaCtRZ8G4OgwhqI6NqxVwfUELvHS7ojkTGbImLX1ZkiAiEApFb7utbtgvL5hkV0Gj/k/CLY0vl+RbYSqAVoPtNEr1oxgcMwgcACAQEwVTBLMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFR01TU0wxEDAOBgNVBAsTB1BLSS9TTTIxGjAYBgNVBAMTEU1pZGRsZUNBIGZvciBUZXN0AgYBlAEB3kIwDAYIKoEcz1UBgxEFADANBgkqgRzPVQGCLQEFAARHMEUCIAt4OoCaP1/AmDZgMFWOfK046l+lNcfXdIYjhAw/nds4AiEA49yH+OAhi+4orHswRRzXE94x7kT9y7+l92kCjaS9EYA="; + private static final String signDetachHsm = "MIIDMQYKKoEcz1UGAQQCAqCCAyEwggMdAgEBMQ4wDAYIKoEcz1UBgxEFADAMBgoqgRzPVQYBBAIBoIICMjCCAi4wggHSoAMCAQICBgGUAQHeQjAMBggqgRzPVQGDdQUAMEsxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKEwVHTVNTTDEQMA4GA1UECxMHUEtJL1NNMjEaMBgGA1UEAxMRTWlkZGxlQ0EgZm9yIFRlc3QwIhgPMjAyNDEyMjUxNjAwMDBaGA8yMDI1MTIyNTE2MDAwMFowXTELMAkGA1UEBgwCQ04xCzAJBgNVBAgMAnpqMQswCQYDVQQHDAJoejEQMA4GA1UECgwHc3VueWFyZDEQMA4GA1UECwwHc3VueWFyZDEQMA4GA1UEAwwHdGVzdDEyMzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABBNw7w5PxepQWwg5tfYoRIwilnqp01YvdY3ZnZD1ShHw6DX4f8cLblHagNazkOU9C5zeXvUWvtrcvZz5s92TLTGjgYkwgYYwGwYDVR0jBBQwEoAQ+X9VtCeUM2KmVspvzF0a/zAZBgNVHQ4EEgQQCR6s1jJA8ENWsIEo61LkMjAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGGFWh0dHBzOi8vb2NzcC5nbXNzbC5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIAwDAMBggqgRzPVQGDdQUAA0gAMEUCIEaCtRZ8G4OgwhqI6NqxVwfUELvHS7ojkTGbImLX1ZkiAiEApFb7utbtgvL5hkV0Gj/k/CLY0vl+RbYSqAVoPtNEr1oxgcMwgcACAQEwVTBLMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFR01TU0wxEDAOBgNVBAsTB1BLSS9TTTIxGjAYBgNVBAMTEU1pZGRsZUNBIGZvciBUZXN0AgYBlAEB3kIwDAYIKoEcz1UBgxEFADANBgkqgRzPVQGCLQEFAARHMEUCIEzIJwjBsG6/2VemCJuQ0/eJhNS+Nwcz+7+WqJwlsgV5AiEA4ILu0NFEaM3IC4d9gAFswOZnACwYnKR2/gm9eZB4GsY="; + private static final byte[] plainHsm = "12345678".getBytes(); @Test public void testAttach() { @@ -35,7 +37,21 @@ public class AsymKeyTest extends BaseTest { log.info("verifyResp: {}", verifyResp.getVerified()); Assertions.assertTrue(verifyResp.getVerified()); + } + @Test + public void testHsm() { + AsymVerifyP7Req verifyP7Req = new AsymVerifyP7Req(); + verifyP7Req.setSignData(signAttachHsm); + VerifyResp verifyResp = execute("/asym/verify/P7Attach", verifyP7Req, VerifyResp.class); + log.info("verifyResp: {}", verifyResp.getVerified()); + Assertions.assertTrue(verifyResp.getVerified()); + + verifyP7Req.setSignData(signDetachHsm); + verifyP7Req.setPlainData(CodecUtils.encodeBase64(plainHsm)); + verifyResp = execute("/asym/verify/P7Detach", verifyP7Req, VerifyResp.class); + log.info("verifyResp: {}", verifyResp.getVerified()); + Assertions.assertTrue(verifyResp.getVerified()); } @Test