hummingbird
/
jdchain
Not watched
2
0
Fork 0
Code
Releases 31 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
Browse Source

SM3WITHSM2 and SHA1WITHRSA4096 in pki module have been completed

tags/1.0.0
zhanglin33 6 years ago
parent
bf6ff4dfe7
commit
4061725dca
8 changed files with 1213 additions and 46 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -1
      source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA2048SignatureFunction.java
  2. +167
    -15
      source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunction.java
  3. +184
    -16
      source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunction.java
  4. +9
    -11
      source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/utils/CSRBuilder.java
  5. +197
    -0
      source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunctionTest.java
  6. +274
    -0
      source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunctionTest.java
  7. +282
    -1
      source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CSRBuilderTest.java
  8. +100
    -2
      source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CertParserTest.java

+ 0
- 1
source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA2048SignatureFunction.java View File

@@ -29,7 +29,6 @@ import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SHA1WITHRSA2048;
*/
public class SHA1WITHRSA2048SignatureFunction implements SignatureFunction {


private static final int RAW_PUBKEY_SIZE = 259;
private static final int RAW_PRIVKEY_SIZE = 1155;



+ 167
- 15
source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunction.java View File

@@ -1,7 +1,24 @@
package com.jd.blockchain.crypto.service.pki;

import com.jd.blockchain.crypto.*;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import static com.jd.blockchain.crypto.BaseCryptoKey.KEY_TYPE_BYTES;
import static com.jd.blockchain.crypto.CryptoBytes.ALGORYTHM_CODE_SIZE;
import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE;
import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC;
import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SHA1WITHRSA4096;

/**
@@ -11,56 +28,191 @@ import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SHA1WITHRSA4096;
* @date 2019-05-15, 17:13
*/
public class SHA1WITHRSA4096SignatureFunction implements SignatureFunction {
private static final int RAW_PUBKEY_SIZE = 515;
private static final int RAW_PRIVKEY_SIZE = 2307;

private static final int RAW_SIGNATUREDIGEST_SIZE = 512;

private static final AlgorithmIdentifier RSA_ALGORITHM_IDENTIFIER =
new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);

@Override
public SignatureDigest sign(PrivKey privKey, byte[] data) {
return null;

byte[] rawPrivKeyBytes = privKey.getRawKeyBytes();

if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) {
throw new CryptoException("This key has wrong format!");
}

if (privKey.getAlgorithm() != SHA1WITHRSA4096.code()) {
throw new CryptoException("This key is not SHA1WITHRSA4096 private key!");
}

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes);

KeyFactory keyFactory;
RSAPrivateCrtKey rawPrivKey;
Signature signer;
byte[] signature;

try {
keyFactory = KeyFactory.getInstance("RSA");
rawPrivKey = (RSAPrivateCrtKey) keyFactory.generatePrivate(keySpec);
signer = Signature.getInstance("SHA1withRSA");
signer.initSign(rawPrivKey);
signer.update(data);
signature = signer.sign();
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | InvalidKeySpecException e) {
throw new CryptoException(e.getMessage(), e);
}

return new SignatureDigest(SHA1WITHRSA4096, signature);
}

@Override
public boolean verify(SignatureDigest digest, PubKey pubKey, byte[] data) {
return false;

byte[] rawPubKeyBytes = pubKey.getRawKeyBytes();
byte[] rawDigestBytes = digest.getRawDigest();

if (rawPubKeyBytes.length < RAW_PUBKEY_SIZE) {
throw new CryptoException("This key has wrong format!");
}

if (pubKey.getAlgorithm() != SHA1WITHRSA4096.code()) {
throw new CryptoException("This key is not SHA1WITHRSA4096 public key!");
}

if (digest.getAlgorithm() != SHA1WITHRSA4096.code() || rawDigestBytes.length != RAW_SIGNATUREDIGEST_SIZE) {
throw new CryptoException("This is not SHA1WITHRSA4096 signature digest!");
}

X509EncodedKeySpec keySpec = new X509EncodedKeySpec(rawPubKeyBytes);

KeyFactory keyFactory;
RSAPublicKey rawPubKey;
Signature verifier;
boolean isValid;

try {
keyFactory = KeyFactory.getInstance("RSA");
rawPubKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
verifier = Signature.getInstance("SHA1withRSA");
verifier.initVerify(rawPubKey);
verifier.update(data);
isValid = verifier.verify(rawDigestBytes);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | InvalidKeySpecException e) {
throw new CryptoException(e.getMessage(), e);
}

return isValid;
}

@Override
public PubKey retrievePubKey(PrivKey privKey) {
return null;
public boolean supportPubKey(byte[] pubKeyBytes) {
return pubKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PUBKEY_SIZE)
&& CryptoAlgorithm.match(SHA1WITHRSA4096, pubKeyBytes)
&& pubKeyBytes[ALGORYTHM_CODE_SIZE] == PUBLIC.CODE;
}

@Override
public boolean supportPrivKey(byte[] privKeyBytes) {
return false;
public PubKey resolvePubKey(byte[] pubKeyBytes) {
if (supportPubKey(pubKeyBytes)) {
return new PubKey(pubKeyBytes);
} else {
throw new CryptoException("pubKeyBytes are invalid!");
}
}

@Override
public PrivKey resolvePrivKey(byte[] privKeyBytes) {
return null;
public boolean supportPrivKey(byte[] privKeyBytes) {
return privKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PRIVKEY_SIZE)
&& CryptoAlgorithm.match(SHA1WITHRSA4096, privKeyBytes)
&& privKeyBytes[ALGORYTHM_CODE_SIZE] == PRIVATE.CODE;
}

@Override
public boolean supportPubKey(byte[] pubKeyBytes) {
return false;
public PrivKey resolvePrivKey(byte[] privKeyBytes) {
if (supportPrivKey(privKeyBytes)) {
return new PrivKey(privKeyBytes);
} else {
throw new CryptoException("privKeyBytes are invalid!");
}
}

@Override
public PubKey resolvePubKey(byte[] pubKeyBytes) {
return null;
public PubKey retrievePubKey(PrivKey privKey) {

byte[] rawPrivKeyBytes = privKey.getRawKeyBytes();

if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) {
throw new CryptoException("This key has wrong format!");
}

if (privKey.getAlgorithm() != SHA1WITHRSA4096.code()) {
throw new CryptoException("This key is not SHA1WITHRSA4096 private key!");
}

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes);

KeyFactory keyFactory;
RSAPrivateCrtKey rawPrivKey;
byte[] rawPubKeyBytes;
try {
keyFactory = KeyFactory.getInstance("RSA");
rawPrivKey = (RSAPrivateCrtKey) keyFactory.generatePrivate(keySpec);
BigInteger modulus = rawPrivKey.getModulus();
BigInteger exponent = rawPrivKey.getPublicExponent();
rawPubKeyBytes = KeyUtil.getEncodedSubjectPublicKeyInfo(RSA_ALGORITHM_IDENTIFIER,
new org.bouncycastle.asn1.pkcs.RSAPublicKey(modulus, exponent));
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new CryptoException(e.getMessage(), e);
}

return new PubKey(SHA1WITHRSA4096, rawPubKeyBytes);
}

@Override
public boolean supportDigest(byte[] digestBytes) {
return false;
return digestBytes.length == (RAW_SIGNATUREDIGEST_SIZE + ALGORYTHM_CODE_SIZE)
&& CryptoAlgorithm.match(SHA1WITHRSA4096, digestBytes);
}

@Override
public SignatureDigest resolveDigest(byte[] digestBytes) {
return null;
if (supportDigest(digestBytes)) {
return new SignatureDigest(digestBytes);
} else {
throw new CryptoException("digestBytes are invalid!");
}
}

@Override
public AsymmetricKeypair generateKeypair() {
return null;

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator generator;
PublicKey pubKey;
PrivateKey privKey;
try {
generator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
generator.initialize(4096);
KeyPair keyPair = generator.generateKeyPair();
pubKey = keyPair.getPublic();
privKey = keyPair.getPrivate();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new CryptoException(e.getMessage(), e);
}

byte[] pubKeyBytes = pubKey.getEncoded();
byte[] privKeyBytes = privKey.getEncoded();

return new AsymmetricKeypair(new PubKey(SHA1WITHRSA4096, pubKeyBytes),
new PrivKey(SHA1WITHRSA4096, privKeyBytes));
}


@Override
public CryptoAlgorithm getAlgorithm() {
return SHA1WITHRSA4096;


+ 184
- 16
source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunction.java View File

@@ -1,7 +1,27 @@
package com.jd.blockchain.crypto.service.pki;

import com.jd.blockchain.crypto.*;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.custom.gm.SM2P256V1Curve;

import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import static com.jd.blockchain.crypto.BaseCryptoKey.KEY_TYPE_BYTES;
import static com.jd.blockchain.crypto.CryptoBytes.ALGORYTHM_CODE_SIZE;
import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE;
import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC;
import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SM3WITHSM2;

/**
@@ -11,56 +31,204 @@ import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SM3WITHSM2;
* @date 2019-05-15, 16:39
*/
public class SM3WITHSM2SignatureFunction implements SignatureFunction {
private static final int RAW_PUBKEY_SIZE = 65;
private static final int RAW_PRIVKEY_SIZE = 32 + 65;

private static final int RAW_SIGNATUREDIGEST_SIZE = 64;

private static final SM2P256V1Curve CURVE = new SM2P256V1Curve();
private static final BigInteger GX = new BigInteger("32C4AE2C1F1981195F9904466A39C994" +
"8FE30BBFF2660BE1715A4589334C74C7", 16);
private static final BigInteger GY = new BigInteger("BC3736A2F4F6779C59BDCEE36B692153" +
"D0A9877CC62A474002DF32E52139F0A0", 16);
private static final ECPoint G = CURVE.createPoint(GX, GY);

private static final AlgorithmIdentifier SM2_ALGORITHM_IDENTIFIER = new AlgorithmIdentifier(
X9ObjectIdentifiers.id_ecPublicKey, GMObjectIdentifiers.sm2p256v1);


@Override
public SignatureDigest sign(PrivKey privKey, byte[] data) {
return null;

Security.addProvider(new BouncyCastleProvider());

byte[] rawPrivKeyBytes = privKey.getRawKeyBytes();

if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) {
throw new CryptoException("This key has wrong format!");
}

if (privKey.getAlgorithm() != SM3WITHSM2.code()) {
throw new CryptoException("This key is not SM3WITHSM2 private key!");
}

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes);

KeyFactory keyFactory;
ECPrivateKey rawPrivKey;
Signature signer;
byte[] signature;

try {
keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
rawPrivKey = (ECPrivateKey) keyFactory.generatePrivate(keySpec);
signer = Signature.getInstance("SM3withSM2", BouncyCastleProvider.PROVIDER_NAME);

signer.initSign(rawPrivKey);
signer.update(data);
signature = signer.sign();
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException |
InvalidKeySpecException | NoSuchProviderException e) {
throw new CryptoException(e.getMessage(), e);
}

return new SignatureDigest(SM3WITHSM2, signature);
}

@Override
public boolean verify(SignatureDigest digest, PubKey pubKey, byte[] data) {
return false;

Security.addProvider(new BouncyCastleProvider());

byte[] rawPubKeyBytes = pubKey.getRawKeyBytes();
byte[] rawDigestBytes = digest.getRawDigest();

if (rawPubKeyBytes.length < RAW_PUBKEY_SIZE) {
throw new CryptoException("This key has wrong format!");
}

if (pubKey.getAlgorithm() != SM3WITHSM2.code()) {
throw new CryptoException("This key is not SM3WITHSM2 public key!");
}

if (digest.getAlgorithm() != SM3WITHSM2.code() || rawDigestBytes.length < RAW_SIGNATUREDIGEST_SIZE) {
throw new CryptoException("This is not SM3WITHSM2 signature digest!");
}

X509EncodedKeySpec keySpec = new X509EncodedKeySpec(rawPubKeyBytes);

KeyFactory keyFactory;
ECPublicKey rawPubKey;
Signature verifier;
boolean isValid;

try {
keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
rawPubKey = (ECPublicKey) keyFactory.generatePublic(keySpec);
verifier = Signature.getInstance("SM3withSM2", BouncyCastleProvider.PROVIDER_NAME);
verifier.initVerify(rawPubKey);
verifier.update(data);
isValid = verifier.verify(rawDigestBytes);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | InvalidKeySpecException
| NoSuchProviderException e) {
throw new CryptoException(e.getMessage(), e);
}

return isValid;
}

@Override
public PubKey retrievePubKey(PrivKey privKey) {
return null;
public boolean supportPubKey(byte[] pubKeyBytes) {
return pubKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PUBKEY_SIZE)
&& CryptoAlgorithm.match(SM3WITHSM2, pubKeyBytes)
&& pubKeyBytes[ALGORYTHM_CODE_SIZE] == PUBLIC.CODE;
}

@Override
public boolean supportPrivKey(byte[] privKeyBytes) {
return false;
public PubKey resolvePubKey(byte[] pubKeyBytes) {
if (supportPubKey(pubKeyBytes)) {
return new PubKey(pubKeyBytes);
} else {
throw new CryptoException("pubKeyBytes are invalid!");
}
}

@Override
public PrivKey resolvePrivKey(byte[] privKeyBytes) {
return null;
public boolean supportPrivKey(byte[] privKeyBytes) {
return privKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PRIVKEY_SIZE)
&& CryptoAlgorithm.match(SM3WITHSM2, privKeyBytes)
&& privKeyBytes[ALGORYTHM_CODE_SIZE] == PRIVATE.CODE;
}

@Override
public boolean supportPubKey(byte[] pubKeyBytes) {
return false;
public PrivKey resolvePrivKey(byte[] privKeyBytes) {
if (supportPrivKey(privKeyBytes)) {
return new PrivKey(privKeyBytes);
} else {
throw new CryptoException("privKeyBytes are invalid!");
}
}

@Override
public PubKey resolvePubKey(byte[] pubKeyBytes) {
return null;
public PubKey retrievePubKey(PrivKey privKey) {

byte[] rawPrivKeyBytes = privKey.getRawKeyBytes();

if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) {
throw new CryptoException("This key has wrong format!");
}

if (privKey.getAlgorithm() != SM3WITHSM2.code()) {
throw new CryptoException("This key is not SM3WITHSM2 private key!");
}

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes);

KeyFactory keyFactory;
ECPrivateKey rawPrivKey;
byte[] rawPubKeyBytes;
try {
keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
rawPrivKey = (ECPrivateKey) keyFactory.generatePrivate(keySpec);
BigInteger d = rawPrivKey.getS();
ECPoint Q = G.multiply(d).normalize();
rawPubKeyBytes = KeyUtil.getEncodedSubjectPublicKeyInfo(SM2_ALGORITHM_IDENTIFIER,
Q.getEncoded(false));
} catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) {
throw new CryptoException(e.getMessage(), e);
}

return new PubKey(SM3WITHSM2, rawPubKeyBytes);
}

@Override
public boolean supportDigest(byte[] digestBytes) {
return false;
return digestBytes.length > (RAW_SIGNATUREDIGEST_SIZE + ALGORYTHM_CODE_SIZE)
&& CryptoAlgorithm.match(SM3WITHSM2, digestBytes);
}

@Override
public SignatureDigest resolveDigest(byte[] digestBytes) {
return null;
if (supportDigest(digestBytes)) {
return new SignatureDigest(digestBytes);
} else {
throw new CryptoException("digestBytes are invalid!");
}
}

@Override
public AsymmetricKeypair generateKeypair() {
return null;
}

Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator generator;
PublicKey pubKey;
PrivateKey privKey;
try {
generator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
generator.initialize(new ECNamedCurveGenParameterSpec("sm2p256v1"));
KeyPair keyPair = generator.generateKeyPair();
pubKey = keyPair.getPublic();
privKey = keyPair.getPrivate();
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
throw new CryptoException(e.getMessage(), e);
}

byte[] pubKeyBytes = pubKey.getEncoded();
byte[] privKeyBytes = privKey.getEncoded();

return new AsymmetricKeypair(new PubKey(SM3WITHSM2, pubKeyBytes),
new PrivKey(SM3WITHSM2, privKeyBytes));
}
@Override
public CryptoAlgorithm getAlgorithm() {
return SM3WITHSM2;


+ 9
- 11
source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/utils/CSRBuilder.java View File

@@ -14,7 +14,6 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Base64;


import java.io.IOException;
import java.security.*;

@@ -65,17 +64,24 @@ public class CSRBuilder {
keyPair = generator.generateKeyPair();
pubKey = keyPair.getPublic();
privKey = keyPair.getPrivate();
break;
}

case "SM2": {
generator = KeyPairGenerator.getInstance("EC", BC);
if (KeyLength != 256) {
throw new CryptoException("SM3withSM2 with unsupported key length [" +
KeyLength +"] in CSR!");
}
generator.initialize(new ECNamedCurveGenParameterSpec("sm2p256v1"));
keyPair = generator.generateKeyPair();
pubKey = keyPair.getPublic();
privKey = keyPair.getPrivate();
break;
}

default: throw new CryptoException("Unsupported key algorithm[" + algoName + "] in CSR!");
default: throw new CryptoException("Unsupported algorithm [" + algoName + "] with key length [" +
KeyLength +"] in CSR!");
}
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
throw new CryptoException(e.getMessage(), e);
@@ -86,7 +92,7 @@ public class CSRBuilder {
String organizationName, String departmentName, String domainName,
String emailName) {

String result = null;
String result;
X500NameBuilder nameBuilder = new X500NameBuilder(BCStrictStyle.INSTANCE);

nameBuilder.addRDN(BCStyle.C, countryName); // a country name, and China is short as CN
@@ -120,12 +126,4 @@ public class CSRBuilder {
public PrivateKey getPrivKey() {
return privKey;
}

public byte[] getPubKeyBytes() {
return pubKey.getEncoded();
}

public byte[] getPrivKeyBytes() {
return privKey.getEncoded();
}
}

+ 197
- 0
source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunctionTest.java View File

@@ -0,0 +1,197 @@
package com.jd.blockchain.crypto.service.pki;

import com.jd.blockchain.crypto.*;
import com.jd.blockchain.utils.io.BytesUtils;
import org.junit.Test;

import java.util.Random;

import static com.jd.blockchain.crypto.CryptoAlgorithm.ASYMMETRIC_KEY;
import static com.jd.blockchain.crypto.CryptoAlgorithm.SIGNATURE_ALGORITHM;
import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE;
import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC;
import static junit.framework.TestCase.assertNull;
import static org.junit.Assert.*;

/**
* @author zhanglin33
* @title: SHA1WITHRSA4096SignatureFunctionTest
* @description: TODO
* @date 2019-05-16, 10:49
*/
public class SHA1WITHRSA4096SignatureFunctionTest {

private AsymmetricKeypair keyPair = Crypto.getSignatureFunction(Crypto.getAlgorithm("SHA1WITHRSA4096")).
generateKeypair();

@Test
public void getAlgorithmTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name());
assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code());

algorithm = Crypto.getAlgorithm("SHA1withRsa4096");
assertNotNull(algorithm);

assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name());
assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code());

algorithm = Crypto.getAlgorithm("rsa2048");
assertNull(algorithm);
}

@Test
public void generateKeyPairTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096");
assertNotNull(algorithm);

PubKey pubKey = keyPair.getPubKey();
PrivKey privKey = keyPair.getPrivKey();

assertEquals(PUBLIC.CODE, pubKey.getKeyType().CODE);
assertTrue(pubKey.getRawKeyBytes().length > 515);
assertEquals(PRIVATE.CODE, privKey.getKeyType().CODE);
assertTrue(privKey.getRawKeyBytes().length > 2307);

assertEquals(algorithm.code(), pubKey.getAlgorithm());
assertEquals(algorithm.code(), privKey.getAlgorithm());

byte[] algoBytes = CryptoAlgorithm.getCodeBytes(algorithm);
byte[] pubKeyTypeBytes = new byte[] { PUBLIC.CODE };
byte[] privKeyTypeBytes = new byte[] { PRIVATE.CODE };
byte[] rawPubKeyBytes = pubKey.getRawKeyBytes();
byte[] rawPrivKeyBytes = privKey.getRawKeyBytes();
assertArrayEquals(BytesUtils.concat(algoBytes, pubKeyTypeBytes, rawPubKeyBytes), pubKey.toBytes());
assertArrayEquals(BytesUtils.concat(algoBytes, privKeyTypeBytes, rawPrivKeyBytes), privKey.toBytes());
}

@Test
public void retrievePubKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

PubKey pubKey = keyPair.getPubKey();
PrivKey privKey = keyPair.getPrivKey();

PubKey retrievedPubKey = signatureFunction.retrievePubKey(privKey);

assertEquals(pubKey.getKeyType(), retrievedPubKey.getKeyType());
assertEquals(pubKey.getRawKeyBytes().length, retrievedPubKey.getRawKeyBytes().length);
assertEquals(pubKey.getAlgorithm(), retrievedPubKey.getAlgorithm());
assertArrayEquals(pubKey.toBytes(), retrievedPubKey.toBytes());
}

@Test
public void signAndVerifyTest() {

byte[] data = new byte[1024];
Random random = new Random();
random.nextBytes(data);

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

PrivKey privKey = keyPair.getPrivKey();
PubKey pubKey = keyPair.getPubKey();

SignatureDigest signatureDigest = signatureFunction.sign(privKey, data);

byte[] signatureBytes = signatureDigest.toBytes();

assertEquals(2 + 512, signatureBytes.length);
assertEquals(algorithm.code(), signatureDigest.getAlgorithm());

assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), signatureDigest.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)),
signatureDigest.getAlgorithm());

byte[] algoBytes = BytesUtils.toBytes(signatureDigest.getAlgorithm());
byte[] rawSinatureBytes = signatureDigest.getRawDigest();
assertArrayEquals(BytesUtils.concat(algoBytes, rawSinatureBytes), signatureBytes);

assertTrue(signatureFunction.verify(signatureDigest, pubKey, data));
}

@Test
public void supportAndResolvePrivKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

PrivKey privKey = keyPair.getPrivKey();
byte[] privKeyBytes = privKey.toBytes();

assertTrue(signatureFunction.supportPrivKey(privKeyBytes));

PrivKey resolvedPrivKey = signatureFunction.resolvePrivKey(privKeyBytes);

assertEquals(PRIVATE.CODE, resolvedPrivKey.getKeyType().CODE);
assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), resolvedPrivKey.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)),
resolvedPrivKey.getAlgorithm());
assertArrayEquals(privKeyBytes, resolvedPrivKey.toBytes());
}

@Test
public void supportAndResolvePubKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

PubKey pubKey = keyPair.getPubKey();
byte[] pubKeyBytes = pubKey.toBytes();

assertTrue(signatureFunction.supportPubKey(pubKeyBytes));

PubKey resolvedPubKey = signatureFunction.resolvePubKey(pubKeyBytes);

assertEquals(PUBLIC.CODE, resolvedPubKey.getKeyType().CODE);
assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), resolvedPubKey.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)),
resolvedPubKey.getAlgorithm());
assertArrayEquals(pubKeyBytes, resolvedPubKey.toBytes());
}

@Test
public void supportAndResolveDigestTest() {

byte[] data = new byte[1024];
Random random = new Random();
random.nextBytes(data);

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

PrivKey privKey = keyPair.getPrivKey();

SignatureDigest signatureDigest = signatureFunction.sign(privKey, data);

byte[] signatureDigestBytes = signatureDigest.toBytes();
assertTrue(signatureFunction.supportDigest(signatureDigestBytes));

SignatureDigest resolvedSignatureDigest = signatureFunction.resolveDigest(signatureDigestBytes);

assertEquals(512, resolvedSignatureDigest.getRawDigest().length);
assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), resolvedSignatureDigest.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)),
resolvedSignatureDigest.getAlgorithm());
assertArrayEquals(signatureDigestBytes, resolvedSignatureDigest.toBytes());
}
}

+ 274
- 0
source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunctionTest.java View File

@@ -0,0 +1,274 @@
package com.jd.blockchain.crypto.service.pki;

import com.jd.blockchain.crypto.*;
import com.jd.blockchain.utils.io.BytesUtils;
import org.junit.Test;

import java.util.Random;

import static com.jd.blockchain.crypto.CryptoAlgorithm.ASYMMETRIC_KEY;
import static com.jd.blockchain.crypto.CryptoAlgorithm.SIGNATURE_ALGORITHM;
import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE;
import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC;
import static junit.framework.TestCase.assertNull;
import static org.junit.Assert.*;

/**
* @author zhanglin33
* @title: SM3WITHSM2SignatureFunctionTest
* @description: TODO
* @date 2019-05-16, 17:04
*/
public class SM3WITHSM2SignatureFunctionTest {

@Test
public void getAlgorithmTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name());
assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code());

algorithm = Crypto.getAlgorithm("sm3withsm2");
assertNotNull(algorithm);

assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name());
assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code());

algorithm = Crypto.getAlgorithm("sm3withs");
assertNull(algorithm);
}

@Test
public void generateKeyPairTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PubKey pubKey = keyPair.getPubKey();
PrivKey privKey = keyPair.getPrivKey();

assertEquals(PUBLIC.CODE, pubKey.getKeyType().CODE);
assertTrue(pubKey.getRawKeyBytes().length > 32);
assertEquals(PRIVATE.CODE, privKey.getKeyType().CODE);
assertTrue(privKey.getRawKeyBytes().length > 65 + 32);

assertEquals(algorithm.code(), pubKey.getAlgorithm());
assertEquals(algorithm.code(), privKey.getAlgorithm());

byte[] algoBytes = CryptoAlgorithm.getCodeBytes(algorithm);
byte[] pubKeyTypeBytes = new byte[] { PUBLIC.CODE };
byte[] privKeyTypeBytes = new byte[] { PRIVATE.CODE };
byte[] rawPubKeyBytes = pubKey.getRawKeyBytes();
byte[] rawPrivKeyBytes = privKey.getRawKeyBytes();
assertArrayEquals(BytesUtils.concat(algoBytes, pubKeyTypeBytes, rawPubKeyBytes), pubKey.toBytes());
assertArrayEquals(BytesUtils.concat(algoBytes, privKeyTypeBytes, rawPrivKeyBytes), privKey.toBytes());
}

@Test
public void retrievePubKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PubKey pubKey = keyPair.getPubKey();
PrivKey privKey = keyPair.getPrivKey();

PubKey retrievedPubKey = signatureFunction.retrievePubKey(privKey);

assertEquals(pubKey.getKeyType(), retrievedPubKey.getKeyType());
assertEquals(pubKey.getRawKeyBytes().length, retrievedPubKey.getRawKeyBytes().length);
assertEquals(pubKey.getAlgorithm(), retrievedPubKey.getAlgorithm());
assertArrayEquals(pubKey.toBytes(), retrievedPubKey.toBytes());
}

@Test
public void signTest() {

byte[] data = new byte[1024];
Random random = new Random();
random.nextBytes(data);

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PrivKey privKey = keyPair.getPrivKey();
SignatureDigest signatureDigest = signatureFunction.sign(privKey, data);

byte[] signatureBytes = signatureDigest.toBytes();

assertTrue(signatureBytes.length > 2 + 64);
assertEquals(algorithm.code(), signatureDigest.getAlgorithm());

assertEquals(PKIAlgorithm.SM3WITHSM2.code(), signatureDigest.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)),
signatureDigest.getAlgorithm());

byte[] algoBytes = BytesUtils.toBytes(signatureDigest.getAlgorithm());
byte[] rawSinatureBytes = signatureDigest.getRawDigest();
assertArrayEquals(BytesUtils.concat(algoBytes, rawSinatureBytes), signatureBytes);
}

@Test
public void verifyTest() {
byte[] data = new byte[1024];
Random random = new Random();
random.nextBytes(data);

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PubKey pubKey = keyPair.getPubKey();
PrivKey privKey = keyPair.getPrivKey();
SignatureDigest signatureDigest = signatureFunction.sign(privKey, data);

System.out.println(signatureDigest.getRawDigest().length);
assertTrue(signatureFunction.verify(signatureDigest, pubKey, data));
}

@Test
public void supportPrivKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PrivKey privKey = keyPair.getPrivKey();
byte[] privKeyBytes = privKey.toBytes();

assertTrue(signatureFunction.supportPrivKey(privKeyBytes));
}

@Test
public void resolvePrivKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PrivKey privKey = keyPair.getPrivKey();
byte[] privKeyBytes = privKey.toBytes();

PrivKey resolvedPrivKey = signatureFunction.resolvePrivKey(privKeyBytes);

assertEquals(PRIVATE.CODE, resolvedPrivKey.getKeyType().CODE);
assertEquals(PKIAlgorithm.SM3WITHSM2.code(), resolvedPrivKey.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)),
resolvedPrivKey.getAlgorithm());
assertArrayEquals(privKeyBytes, resolvedPrivKey.toBytes());
}

@Test
public void supportPubKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PubKey pubKey = keyPair.getPubKey();
byte[] pubKeyBytes = pubKey.toBytes();

assertTrue(signatureFunction.supportPubKey(pubKeyBytes));
}

@Test
public void resolvePubKeyTest() {

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PubKey pubKey = keyPair.getPubKey();
byte[] pubKeyBytes = pubKey.toBytes();

PubKey resolvedPubKey = signatureFunction.resolvePubKey(pubKeyBytes);

assertEquals(PUBLIC.CODE, resolvedPubKey.getKeyType().CODE);
assertEquals(PKIAlgorithm.SM3WITHSM2.code(), resolvedPubKey.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)),
resolvedPubKey.getAlgorithm());
assertArrayEquals(pubKeyBytes, resolvedPubKey.toBytes());
}

@Test
public void supportDigestTest() {

byte[] data = new byte[1024];
Random random = new Random();
random.nextBytes(data);

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PrivKey privKey = keyPair.getPrivKey();

SignatureDigest signatureDigest = signatureFunction.sign(privKey, data);

byte[] signatureDigestBytes = signatureDigest.toBytes();
assertTrue(signatureFunction.supportDigest(signatureDigestBytes));
}

@Test
public void resolveDigestTest() {

byte[] data = new byte[1024];
Random random = new Random();
random.nextBytes(data);

CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2");
assertNotNull(algorithm);

SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm);

AsymmetricKeypair keyPair = signatureFunction.generateKeypair();

PrivKey privKey = keyPair.getPrivKey();

SignatureDigest signatureDigest = signatureFunction.sign(privKey, data);

byte[] signatureDigestBytes = signatureDigest.toBytes();

SignatureDigest resolvedSignatureDigest = signatureFunction.resolveDigest(signatureDigestBytes);

assertTrue(resolvedSignatureDigest.getRawDigest().length > 64);
assertEquals(PKIAlgorithm.SM3WITHSM2.code(), resolvedSignatureDigest.getAlgorithm());
assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)),
resolvedSignatureDigest.getAlgorithm());
assertArrayEquals(signatureDigestBytes, resolvedSignatureDigest.toBytes());
}
}

+ 282
- 1
source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CSRBuilderTest.java View File

@@ -1,6 +1,5 @@
package com.jd.blockchain.crypto.utils;

import com.jd.blockchain.crypto.utils.CSRBuilder;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
@@ -112,4 +111,286 @@ public class CSRBuilderTest {
}
assertTrue(isValid);
}

@Test
public void SHA1withRSA2048CSRTest(){

String countryName = "CN";
String stateName = "Beijing";
String cityName = "Beijing";
String organizationName = "JD.com";
String departmentName = "Blockchain Department";
String domainName = "ledger.jd.com";
String emailName = "zhanglin33@jd.com";

CSRBuilder builder = new CSRBuilder();

builder.init("SHA1withRSA",2048);
String csr = builder.buildRequest(countryName,stateName,cityName,
organizationName,departmentName,domainName,
emailName);

PublicKey pubKey = builder.getPubKey();
PrivateKey privKey = builder.getPrivKey();

byte[] crsBytes = Base64.decode(csr);
PKCS10CertificationRequest request = null;
try {
request = new PKCS10CertificationRequest(crsBytes);
} catch (IOException e) {
e.printStackTrace();
}
assertNotNull(request);
assertEquals("1.2.840.113549.1.1.5",request.getSignatureAlgorithm().getAlgorithm().getId());
byte[] pubKeyBytes = new byte[0];
try {
pubKeyBytes = request.getSubjectPublicKeyInfo().getEncoded();
} catch (IOException e) {
e.printStackTrace();
}
assertArrayEquals(pubKeyBytes,pubKey.getEncoded());

RDN[] rdns = request.getSubject().getRDNs();
assertEquals(BCStyle.C, rdns[0].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.ST, rdns[1].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.L, rdns[2].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.O, rdns[3].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.OU, rdns[4].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.CN, rdns[5].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.E, rdns[6].getFirst().getType().toASN1Primitive());

assertEquals("CN", rdns[0].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Beijing", rdns[1].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Beijing", rdns[2].getFirst().getValue().toASN1Primitive().toString());
assertEquals("JD.com", rdns[3].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Blockchain Department", rdns[4].getFirst().getValue().toASN1Primitive().toString());
assertEquals("ledger.jd.com", rdns[5].getFirst().getValue().toASN1Primitive().toString());
assertEquals("zhanglin33@jd.com", rdns[6].getFirst().getValue().toASN1Primitive().toString());

byte[] signature = request.getSignature();

CertificationRequestInfo requestInfo = new CertificationRequestInfo(request.getSubject(),request.getSubjectPublicKeyInfo(),new DERSet());
byte[] message = new byte[0];
try {
message = requestInfo.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
e.printStackTrace();
}

Signature signer;
byte[] result = new byte[0];
try {
signer = Signature.getInstance("SHA1withRSA");
signer.initSign(privKey);
signer.update(message);
result = signer.sign();
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}
assertArrayEquals(result,signature);

Signature verifier;
boolean isValid = false;
try {
verifier = Signature.getInstance("SHA1withRSA");
verifier.initVerify(pubKey);
verifier.update(message);
isValid = verifier.verify(signature);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}
assertTrue(isValid);
}


@Test
public void SHA1withRSA4096CSRTest(){

String countryName = "CN";
String stateName = "Beijing";
String cityName = "Beijing";
String organizationName = "JD.com";
String departmentName = "Blockchain Department";
String domainName = "ledger.jd.com";
String emailName = "zhanglin33@jd.com";

CSRBuilder builder = new CSRBuilder();

builder.init("SHA1withRSA",4096);
String csr = builder.buildRequest(countryName,stateName,cityName,
organizationName,departmentName,domainName,
emailName);

PublicKey pubKey = builder.getPubKey();
PrivateKey privKey = builder.getPrivKey();

byte[] crsBytes = Base64.decode(csr);
PKCS10CertificationRequest request = null;
try {
request = new PKCS10CertificationRequest(crsBytes);
} catch (IOException e) {
e.printStackTrace();
}
assertNotNull(request);
assertEquals("1.2.840.113549.1.1.5",request.getSignatureAlgorithm().getAlgorithm().getId());
byte[] pubKeyBytes = new byte[0];
try {
pubKeyBytes = request.getSubjectPublicKeyInfo().getEncoded();
} catch (IOException e) {
e.printStackTrace();
}
assertArrayEquals(pubKeyBytes,pubKey.getEncoded());

RDN[] rdns = request.getSubject().getRDNs();
assertEquals(BCStyle.C, rdns[0].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.ST, rdns[1].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.L, rdns[2].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.O, rdns[3].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.OU, rdns[4].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.CN, rdns[5].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.E, rdns[6].getFirst().getType().toASN1Primitive());

assertEquals("CN", rdns[0].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Beijing", rdns[1].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Beijing", rdns[2].getFirst().getValue().toASN1Primitive().toString());
assertEquals("JD.com", rdns[3].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Blockchain Department", rdns[4].getFirst().getValue().toASN1Primitive().toString());
assertEquals("ledger.jd.com", rdns[5].getFirst().getValue().toASN1Primitive().toString());
assertEquals("zhanglin33@jd.com", rdns[6].getFirst().getValue().toASN1Primitive().toString());

byte[] signature = request.getSignature();

CertificationRequestInfo requestInfo = new CertificationRequestInfo(request.getSubject(),request.getSubjectPublicKeyInfo(),new DERSet());
byte[] message = new byte[0];
try {
message = requestInfo.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
e.printStackTrace();
}

Signature signer;
byte[] result = new byte[0];
try {
signer = Signature.getInstance("SHA1withRSA");
signer.initSign(privKey);
signer.update(message);
result = signer.sign();
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}
assertArrayEquals(result,signature);

Signature verifier;
boolean isValid = false;
try {
verifier = Signature.getInstance("SHA1withRSA");
verifier.initVerify(pubKey);
verifier.update(message);
isValid = verifier.verify(signature);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}
assertTrue(isValid);
}


@Test
public void SM3withSM2CSRTest(){

String countryName = "CN";
String stateName = "Beijing";
String cityName = "Beijing";
String organizationName = "JD.com";
String departmentName = "Blockchain Department";
String domainName = "ledger.jd.com";
String emailName = "zhanglin33@jd.com";

CSRBuilder builder = new CSRBuilder();

builder.init("SM3withSM2",256);
String csr = builder.buildRequest(countryName,stateName,cityName,
organizationName,departmentName,domainName,
emailName);

System.out.println(csr);
PublicKey pubKey = builder.getPubKey();
PrivateKey privKey = builder.getPrivKey();

byte[] crsBytes = Base64.decode(csr);
PKCS10CertificationRequest request = null;
try {
request = new PKCS10CertificationRequest(crsBytes);
} catch (IOException e) {
e.printStackTrace();
}
assertNotNull(request);
assertEquals("1.2.156.10197.1.501",request.getSignatureAlgorithm().getAlgorithm().getId());
byte[] pubKeyBytes = new byte[0];
try {
pubKeyBytes = request.getSubjectPublicKeyInfo().getEncoded();
} catch (IOException e) {
e.printStackTrace();
}
assertArrayEquals(pubKeyBytes,pubKey.getEncoded());

RDN[] rdns = request.getSubject().getRDNs();
assertEquals(BCStyle.C, rdns[0].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.ST, rdns[1].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.L, rdns[2].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.O, rdns[3].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.OU, rdns[4].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.CN, rdns[5].getFirst().getType().toASN1Primitive());
assertEquals(BCStyle.E, rdns[6].getFirst().getType().toASN1Primitive());

assertEquals("CN", rdns[0].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Beijing", rdns[1].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Beijing", rdns[2].getFirst().getValue().toASN1Primitive().toString());
assertEquals("JD.com", rdns[3].getFirst().getValue().toASN1Primitive().toString());
assertEquals("Blockchain Department", rdns[4].getFirst().getValue().toASN1Primitive().toString());
assertEquals("ledger.jd.com", rdns[5].getFirst().getValue().toASN1Primitive().toString());
assertEquals("zhanglin33@jd.com", rdns[6].getFirst().getValue().toASN1Primitive().toString());

byte[] signature = request.getSignature();

CertificationRequestInfo requestInfo = new CertificationRequestInfo(request.getSubject(),request.getSubjectPublicKeyInfo(),new DERSet());
byte[] message = new byte[0];
try {
message = requestInfo.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
e.printStackTrace();
}

Signature signer;
byte[] result = new byte[0];
try {
signer = Signature.getInstance("SM3withSM2");
signer.initSign(privKey);
signer.update(message);
result = signer.sign();
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}

Signature verifier;
boolean isValid = false;
try {
verifier = Signature.getInstance("SM3withSM2");
verifier.initVerify(pubKey);
verifier.update(message);
isValid = verifier.verify(signature);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}
assertTrue(isValid);

try {
verifier = Signature.getInstance("SM3withSM2");
verifier.initVerify(pubKey);
verifier.update(message);
isValid = verifier.verify(result);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}
assertTrue(isValid);
}
}

+ 100
- 2
source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CertParserTest.java View File

@@ -1,6 +1,6 @@
package com.jd.blockchain.crypto.utils;

import com.jd.blockchain.crypto.utils.CertParser;
import org.bouncycastle.util.encoders.Hex;
import org.junit.Test;

import static org.junit.Assert.assertEquals;
@@ -14,7 +14,7 @@ import static org.junit.Assert.assertEquals;
public class CertParserTest {

@Test
public void parseTest() {
public void parseSHA1WITHRSA2048Test() {
CertParser parser = new CertParser();
String issuerCert =
"-----BEGIN CERTIFICATE-----\n" +
@@ -46,4 +46,102 @@ public class CertParserTest {
parser.parse(userCert, issuerCert);
assertEquals("SHA1WITHRSA",parser.getSigAlgName());
}

@Test
public void parseSHA1WITHRSA4096Test() {
CertParser parser = new CertParser();
String issuerCert =
"-----BEGIN CERTIFICATE-----\n" +
"MIIDzzCCAregAwIBAgIKUalCR1Mt5ZSK8jANBgkqhkiG9w0BAQUFADBZMQswCQYD\n" +
"VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g\n" +
"QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODI5MDU1\n" +
"NDM2WhcNMzIwODI0MDU1NDM2WjBZMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp\n" +
"bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRgwFgYDVQQDEw9D\n" +
"RkNBIFRFU1QgT0NBMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\n" +
"jn0n8Fp6hcRdACdn1+Y6GAkC6KGgNdKyHPrmsdmhCjnd/i4qUFwnG8cp3D4lFw1G\n" +
"jmjSO5yVYbik/NbS6lbNpRgTK3fDfMFvLJpRIC+IFhG9SdAC2hwjsH9qTpL9cK2M\n" +
"bSdrC6pBdDgnbzaM9AGBF4Y6vXhj5nah4ZMsBvDp19LzXjlGuTPLuAgv9ZlWknsd\n" +
"RN70PIAmvomd10uqX4GIJ4Jq/FdKXOLZ2DNK/NhRyN6Yq71L3ham6tutXeZow5t5\n" +
"0254AnUlo1u6SeH9F8itER653o/oMLFwp+63qXAcqrHUlOQPX+JI8fkumSqZ4F2F\n" +
"t/HfVMnqdtFNCnh5+eIBAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAUdN7FjQp9EBqq\n" +
"aYNbTSHOhpvMcTgwDAYDVR0TBAUwAwEB/zA4BgNVHR8EMTAvMC2gK6AphidodHRw\n" +
"Oi8vMjEwLjc0LjQyLjMvdGVzdHJjYS9SU0EvY3JsMS5jcmwwCwYDVR0PBAQDAgEG\n" +
"MB0GA1UdDgQWBBT8C7xEmg4xoYOpgYcnHgVCxr9W+DANBgkqhkiG9w0BAQUFAAOC\n" +
"AQEAb7W0K9fZPA+JPw6lRiMDaUJ0oh052yEXreMBfoPulxkBj439qombDiFggRLc\n" +
"3g8wIEKzMOzOKXTWtnzYwN3y/JQSuJb/M1QqOEEM2PZwCxI4AkBuH6jg03RjlkHg\n" +
"/kTtuIFp9ItBCC2/KkKlp0ENfn4XgVg2KtAjZ7lpyVU0LPnhEqqUVY/xthjlCSa7\n" +
"/XHNStRxsfCTIBUWJ8n2FZyQhfV/UkMNHDBIiJR0v6C4Ai0/290WvbPEIAq+03Si\n" +
"fsHzBeA0C8lP5VzfAr6wWePaZMCpStpLaoXNcAqReKxQllElOqAhRxC5VKH+rnIQ\n" +
"OMRZvB7FRyE9IfwKApngcZbA5g==\n" +
"-----END CERTIFICATE-----";

String userCert = "MIIFRjCCBC6gAwIBAgIFICdWiDMwDQYJKoZIhvcNAQEFBQAwWTELMAkGA1UEBhMCQ04xMDAuBgNVBAoTJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEYMBYGA1UEAxMPQ0ZDQSBURVNUIE9DQTExMB4XDTE5MDUxNjA3MDcyMloXDTIxMDUxNjA3MDcyMloweDELMAkGA1UEBhMCQ04xGDAWBgNVBAoTD0NGQ0EgVEVTVCBPQ0ExMTERMA8GA1UECxMITG9jYWwgUkExFTATBgNVBAsTDEluZGl2aWR1YWwtMTElMCMGA1UEAxQcMDUxQHpoYW5nbGluIUBaMTg2MTIyMjkyOTVAMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL0rTOxd8rsjPtFJ0aGVh9bZPy5Xo0SADaP7BbJsG4+ykLQMZHg9hTf/6fv1OsD2HEKFoMpIkW2gwCJW2nvicHcVql/shCoktc6ZBW6Dr/DxOgbO9tpoGxZ50xdI4Q0NsrxqtbCldW4ozPHdjgRJ83i1KSFh7evNrVByN/mB+jchrVGLWyJ1uIRgUUgpRZmZPoOHaizVJqrqWJGGk6xbDLR2gUQ1hTzetQaz1OeKtelHDk9FY08XSmNGssSMpuSjrxn78S888VW5WIxyo4cwrXSXFk3J7LNTy70Oga16HZjJD/vLTM6a4riPa8+uivPinKxK38/++nlBPNwhx6n46uYkd9Zvw+SJiJgpnuPJLtMZpKpJx7V1BDVEydKPUthilTdsmJtkBFSlFw0G1aKfuciBGzzJ3SKngJF/JqJAWIonVAFBGb6Gokp1Sw+T4KqXrdbjxYxiyyjZ++8O1vydgFAkx/NjsuwJnpKETiRKFJmY7YawcUvC4ixF7XQc0luFWRDYcbxOppir+ieMqhGXyaFhLUuB4WXv+rFxfa3NmkBW8q5TPzt/PwWcXpITsYTZYla/E/grB+OeZLYgjigT5YlgytPHG6Gt1ySCCd8WXFWpkBbQfXzqcvtU27RCcAUgfXk5NLb7NZCQg7heGjgzOdYJCPsa1d3m7l04+VIKGCZdAgMBAAGjgfUwgfIwHwYDVR0jBBgwFoAU/Au8RJoOMaGDqYGHJx4FQsa/VvgwSAYDVR0gBEEwPzA9BghggRyG7yoBAjAxMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNmY2EuY29tLmNuL3VzL3VzLTE1Lmh0bTA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vMjEwLjc0LjQyLjMvT0NBMTEvUlNBL2NybDI1NzE3LmNybDALBgNVHQ8EBAMCA+gwHQYDVR0OBBYEFMjh6AzDCuNkD+pqQfiS6bqPGpI4MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEApZaLXS6/6FudPA3l2xom5U7nJUOpQ1E6DO/ic9dFGtLE0WgyAqB3JVPvXEntppX55x/dAV7rvvz9NaEdiAe8DAj7qyoPDvC8ZWQK8U4n9l8N78QwALOURxzQNs+CBatJQzbu2w1RKVwkfE6xEIVnu+wjiAtymfwdLHMagHxDIC/eOPbTnbbtITJk2ukFfoc0WJ6Awg5lW+x7nGokEn/XAjKyRHCpkRUFGQm4ww41zlrqCqQqnVGVABJtjbdtFf7nh33QHl0fkj19nfMox9eGuntPyM0bNA0XqPMA+FWSCqeDT6uLbyaOKWxlhv53U/NCJl76U3tssMEWsm9amEDDQg==";

parser.parse(userCert, issuerCert);
assertEquals("SHA1WITHRSA",parser.getSigAlgName());
}

@Test
public void parseSM3WITHSM2Test() {
CertParser parser = new CertParser();
String issuerCert =
"-----BEGIN CERTIFICATE-----\n" +
"MIICTzCCAfOgAwIBAgIKJFSZ4SRVDndYUTAMBggqgRzPVQGDdQUAMF0xCzAJBgNV\n" +
"BAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBB\n" +
"dXRob3JpdHkxHDAaBgNVBAMME0NGQ0EgVEVTVCBDUyBTTTIgQ0EwHhcNMTIwODI5\n" +
"MDU0ODQ3WhcNMzIwODI0MDU0ODQ3WjBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwn\n" +
"Q2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQD\n" +
"DBNDRkNBIFRFU1QgU00yIE9DQTExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" +
"L1mx4wriQUojGsIkNL14kslv9nwiqsiVpELOZauzghrbccNlPYKNYKZOCvXwIIqU\n" +
"9QY02d4weqKqo/JMcNsKEaOBmDCBlTAfBgNVHSMEGDAWgBS12JBvXPDYM9JjvX6y\n" +
"w43GTxJ6YTAMBgNVHRMEBTADAQH/MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly8y\n" +
"MTAuNzQuNDIuMy90ZXN0cmNhL1NNMi9jcmwxLmNybDALBgNVHQ8EBAMCAQYwHQYD\n" +
"VR0OBBYEFL6mfk09fI+gVebBLwkuLCBDs0J/MAwGCCqBHM9VAYN1BQADSAAwRQIh\n" +
"AKuk7s3eYCZDck5NWU0eNQmLhBN/1zmKs517qFrDrkJWAiAP4cVfLtdza/OkwU9P\n" +
"PrIDl+E4aL3FypntFXHG3T+Keg==\n" +
"-----END CERTIFICATE-----";

String userCert = "MIICwDCCAmWgAwIBAgIFICdWkWgwDAYIKoEcz1UBg3UFADBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQDDBNDRkNBIFRFU1QgU00yIE9DQTExMB4XDTE5MDUxNjA4MTA1MVoXDTIxMDUxNjA4MTA1MVoweDELMAkGA1UEBhMCQ04xGDAWBgNVBAoMD0NGQ0EgVEVTVCBPQ0ExMTERMA8GA1UECwwITG9jYWwgUkExFTATBgNVBAsMDEluZGl2aWR1YWwtMTElMCMGA1UEAwwcMDUxQHpoYW5nbGluIUBaMTg2MTIyMjkyOTVAMzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPvNXpdZ4/4g+wx5qKS94CPkMqpEDhlnXYYW7ZzsbNI4d28sVBz5Ji6dTT1Zx627Kvw4tdUaUt7BVMvZsu3BFlyjgfQwgfEwHwYDVR0jBBgwFoAUvqZ+TT18j6BV5sEvCS4sIEOzQn8wSAYDVR0gBEEwPzA9BghggRyG7yoBAjAxMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNmY2EuY29tLmNuL3VzL3VzLTE1Lmh0bTA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vMjEwLjc0LjQyLjMvT0NBMTEvU00yL2NybDIxMDkuY3JsMAsGA1UdDwQEAwID6DAdBgNVHQ4EFgQUxR5C/VjASus5zrAAFS4ulMpRjKgwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAwGCCqBHM9VAYN1BQADRwAwRAIgVBzVi/fgkknr+2BH2wXeGMXC+Pa6p7rbldUsYMOYoyUCIAmQ4KEk2U1xJZSBpOPy5jN9kmRb+0YH6x04O/2tqCgq";

parser.parse(userCert, issuerCert);
assertEquals("SM3WITHSM2",parser.getSigAlgName());
}

@Test
public void authenticateIssuerByCATest() {
CertParser parser = new CertParser();
String CACert =
"-----BEGIN CERTIFICATE-----\n" +
"MIICFDCCAbegAwIBAgIKPYozwkCO86Nd9TAMBggqgRzPVQGDdQUAMF0xCzAJBgNV\n" +
"BAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBB\n" +
"dXRob3JpdHkxHDAaBgNVBAMME0NGQ0EgVEVTVCBDUyBTTTIgQ0EwHhcNMTIwODI5\n" +
"MDMyOTQ2WhcNMzIwODI5MDMyOTQ2WjBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwn\n" +
"Q2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQD\n" +
"DBNDRkNBIFRFU1QgQ1MgU00yIENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" +
"tTjB3O4JueYFDDOtxH678HBZbEmrsgd3BDIdGf0BekyA26n9S0/pKPnjBh/zLouS\n" +
"8+GB5EEnjbn4An24yo1Gv6NdMFswHwYDVR0jBBgwFoAUtdiQb1zw2DPSY71+ssON\n" +
"xk8SemEwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFLXYkG9c\n" +
"8Ngz0mO9frLDjcZPEnphMAwGCCqBHM9VAYN1BQADSQAwRgIhAKwuuqoBS1bwDowW\n" +
"a4IU//UsvudswJYSlltqrd/PQ9q+AiEAyTUAjFdaGI+8yPdr3A93UiA38wtGPf9e\n" +
"6B6O/6abyWE=\n" +
"-----END CERTIFICATE-----";

String issuerCert = "-----BEGIN CERTIFICATE-----\n" +
"MIICTzCCAfOgAwIBAgIKJFSZ4SRVDndYUTAMBggqgRzPVQGDdQUAMF0xCzAJBgNV\n" +
"BAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBB\n" +
"dXRob3JpdHkxHDAaBgNVBAMME0NGQ0EgVEVTVCBDUyBTTTIgQ0EwHhcNMTIwODI5\n" +
"MDU0ODQ3WhcNMzIwODI0MDU0ODQ3WjBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwn\n" +
"Q2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQD\n" +
"DBNDRkNBIFRFU1QgU00yIE9DQTExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" +
"L1mx4wriQUojGsIkNL14kslv9nwiqsiVpELOZauzghrbccNlPYKNYKZOCvXwIIqU\n" +
"9QY02d4weqKqo/JMcNsKEaOBmDCBlTAfBgNVHSMEGDAWgBS12JBvXPDYM9JjvX6y\n" +
"w43GTxJ6YTAMBgNVHRMEBTADAQH/MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly8y\n" +
"MTAuNzQuNDIuMy90ZXN0cmNhL1NNMi9jcmwxLmNybDALBgNVHQ8EBAMCAQYwHQYD\n" +
"VR0OBBYEFL6mfk09fI+gVebBLwkuLCBDs0J/MAwGCCqBHM9VAYN1BQADSAAwRQIh\n" +
"AKuk7s3eYCZDck5NWU0eNQmLhBN/1zmKs517qFrDrkJWAiAP4cVfLtdza/OkwU9P\n" +
"PrIDl+E4aL3FypntFXHG3T+Keg==\n" +
"-----END CERTIFICATE-----";
parser.parse(issuerCert, CACert);
assertEquals("SM3WITHSM2",parser.getSigAlgName());
}
}

Write Preview
Loading…
Cancel
Save