From 4061725dca8dab4013cfef6f5077366a4f9c9e90 Mon Sep 17 00:00:00 2001 From: zhanglin33 Date: Fri, 17 May 2019 14:47:27 +0800 Subject: [PATCH] SM3WITHSM2 and SHA1WITHRSA4096 in pki module have been completed --- .../pki/SHA1WITHRSA2048SignatureFunction.java | 1 - .../pki/SHA1WITHRSA4096SignatureFunction.java | 182 ++++++++++- .../pki/SM3WITHSM2SignatureFunction.java | 200 ++++++++++++- .../blockchain/crypto/utils/CSRBuilder.java | 20 +- .../SHA1WITHRSA4096SignatureFunctionTest.java | 197 ++++++++++++ .../pki/SM3WITHSM2SignatureFunctionTest.java | 274 +++++++++++++++++ .../crypto/utils/CSRBuilderTest.java | 283 +++++++++++++++++- .../crypto/utils/CertParserTest.java | 102 ++++++- 8 files changed, 1213 insertions(+), 46 deletions(-) create mode 100644 source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunctionTest.java create mode 100644 source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunctionTest.java diff --git a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA2048SignatureFunction.java b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA2048SignatureFunction.java index 297ba8bd..e8eafdad 100644 --- a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA2048SignatureFunction.java +++ b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA2048SignatureFunction.java @@ -29,7 +29,6 @@ import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SHA1WITHRSA2048; */ public class SHA1WITHRSA2048SignatureFunction implements SignatureFunction { - private static final int RAW_PUBKEY_SIZE = 259; private static final int RAW_PRIVKEY_SIZE = 1155; diff --git a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunction.java b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunction.java index 2cde634b..486096bb 100644 --- a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunction.java +++ b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunction.java @@ -1,7 +1,24 @@ package com.jd.blockchain.crypto.service.pki; import com.jd.blockchain.crypto.*; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.math.BigInteger; +import java.security.*; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +import static com.jd.blockchain.crypto.BaseCryptoKey.KEY_TYPE_BYTES; +import static com.jd.blockchain.crypto.CryptoBytes.ALGORYTHM_CODE_SIZE; +import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE; +import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC; import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SHA1WITHRSA4096; /** @@ -11,56 +28,191 @@ import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SHA1WITHRSA4096; * @date 2019-05-15, 17:13 */ public class SHA1WITHRSA4096SignatureFunction implements SignatureFunction { + private static final int RAW_PUBKEY_SIZE = 515; + private static final int RAW_PRIVKEY_SIZE = 2307; + + private static final int RAW_SIGNATUREDIGEST_SIZE = 512; + + private static final AlgorithmIdentifier RSA_ALGORITHM_IDENTIFIER = + new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE); + @Override public SignatureDigest sign(PrivKey privKey, byte[] data) { - return null; + + byte[] rawPrivKeyBytes = privKey.getRawKeyBytes(); + + if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) { + throw new CryptoException("This key has wrong format!"); + } + + if (privKey.getAlgorithm() != SHA1WITHRSA4096.code()) { + throw new CryptoException("This key is not SHA1WITHRSA4096 private key!"); + } + + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes); + + KeyFactory keyFactory; + RSAPrivateCrtKey rawPrivKey; + Signature signer; + byte[] signature; + + try { + keyFactory = KeyFactory.getInstance("RSA"); + rawPrivKey = (RSAPrivateCrtKey) keyFactory.generatePrivate(keySpec); + signer = Signature.getInstance("SHA1withRSA"); + signer.initSign(rawPrivKey); + signer.update(data); + signature = signer.sign(); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | InvalidKeySpecException e) { + throw new CryptoException(e.getMessage(), e); + } + + return new SignatureDigest(SHA1WITHRSA4096, signature); } @Override public boolean verify(SignatureDigest digest, PubKey pubKey, byte[] data) { - return false; + + byte[] rawPubKeyBytes = pubKey.getRawKeyBytes(); + byte[] rawDigestBytes = digest.getRawDigest(); + + if (rawPubKeyBytes.length < RAW_PUBKEY_SIZE) { + throw new CryptoException("This key has wrong format!"); + } + + if (pubKey.getAlgorithm() != SHA1WITHRSA4096.code()) { + throw new CryptoException("This key is not SHA1WITHRSA4096 public key!"); + } + + if (digest.getAlgorithm() != SHA1WITHRSA4096.code() || rawDigestBytes.length != RAW_SIGNATUREDIGEST_SIZE) { + throw new CryptoException("This is not SHA1WITHRSA4096 signature digest!"); + } + + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(rawPubKeyBytes); + + KeyFactory keyFactory; + RSAPublicKey rawPubKey; + Signature verifier; + boolean isValid; + + try { + keyFactory = KeyFactory.getInstance("RSA"); + rawPubKey = (RSAPublicKey) keyFactory.generatePublic(keySpec); + verifier = Signature.getInstance("SHA1withRSA"); + verifier.initVerify(rawPubKey); + verifier.update(data); + isValid = verifier.verify(rawDigestBytes); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | InvalidKeySpecException e) { + throw new CryptoException(e.getMessage(), e); + } + + return isValid; } @Override - public PubKey retrievePubKey(PrivKey privKey) { - return null; + public boolean supportPubKey(byte[] pubKeyBytes) { + return pubKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PUBKEY_SIZE) + && CryptoAlgorithm.match(SHA1WITHRSA4096, pubKeyBytes) + && pubKeyBytes[ALGORYTHM_CODE_SIZE] == PUBLIC.CODE; } @Override - public boolean supportPrivKey(byte[] privKeyBytes) { - return false; + public PubKey resolvePubKey(byte[] pubKeyBytes) { + if (supportPubKey(pubKeyBytes)) { + return new PubKey(pubKeyBytes); + } else { + throw new CryptoException("pubKeyBytes are invalid!"); + } } @Override - public PrivKey resolvePrivKey(byte[] privKeyBytes) { - return null; + public boolean supportPrivKey(byte[] privKeyBytes) { + return privKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PRIVKEY_SIZE) + && CryptoAlgorithm.match(SHA1WITHRSA4096, privKeyBytes) + && privKeyBytes[ALGORYTHM_CODE_SIZE] == PRIVATE.CODE; } @Override - public boolean supportPubKey(byte[] pubKeyBytes) { - return false; + public PrivKey resolvePrivKey(byte[] privKeyBytes) { + if (supportPrivKey(privKeyBytes)) { + return new PrivKey(privKeyBytes); + } else { + throw new CryptoException("privKeyBytes are invalid!"); + } } @Override - public PubKey resolvePubKey(byte[] pubKeyBytes) { - return null; + public PubKey retrievePubKey(PrivKey privKey) { + + byte[] rawPrivKeyBytes = privKey.getRawKeyBytes(); + + if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) { + throw new CryptoException("This key has wrong format!"); + } + + if (privKey.getAlgorithm() != SHA1WITHRSA4096.code()) { + throw new CryptoException("This key is not SHA1WITHRSA4096 private key!"); + } + + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes); + + KeyFactory keyFactory; + RSAPrivateCrtKey rawPrivKey; + byte[] rawPubKeyBytes; + try { + keyFactory = KeyFactory.getInstance("RSA"); + rawPrivKey = (RSAPrivateCrtKey) keyFactory.generatePrivate(keySpec); + BigInteger modulus = rawPrivKey.getModulus(); + BigInteger exponent = rawPrivKey.getPublicExponent(); + rawPubKeyBytes = KeyUtil.getEncodedSubjectPublicKeyInfo(RSA_ALGORITHM_IDENTIFIER, + new org.bouncycastle.asn1.pkcs.RSAPublicKey(modulus, exponent)); + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + throw new CryptoException(e.getMessage(), e); + } + + return new PubKey(SHA1WITHRSA4096, rawPubKeyBytes); } @Override public boolean supportDigest(byte[] digestBytes) { - return false; + return digestBytes.length == (RAW_SIGNATUREDIGEST_SIZE + ALGORYTHM_CODE_SIZE) + && CryptoAlgorithm.match(SHA1WITHRSA4096, digestBytes); } @Override public SignatureDigest resolveDigest(byte[] digestBytes) { - return null; + if (supportDigest(digestBytes)) { + return new SignatureDigest(digestBytes); + } else { + throw new CryptoException("digestBytes are invalid!"); + } } @Override public AsymmetricKeypair generateKeypair() { - return null; + + Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); + KeyPairGenerator generator; + PublicKey pubKey; + PrivateKey privKey; + try { + generator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME); + generator.initialize(4096); + KeyPair keyPair = generator.generateKeyPair(); + pubKey = keyPair.getPublic(); + privKey = keyPair.getPrivate(); + } catch (NoSuchAlgorithmException | NoSuchProviderException e) { + throw new CryptoException(e.getMessage(), e); + } + + byte[] pubKeyBytes = pubKey.getEncoded(); + byte[] privKeyBytes = privKey.getEncoded(); + + return new AsymmetricKeypair(new PubKey(SHA1WITHRSA4096, pubKeyBytes), + new PrivKey(SHA1WITHRSA4096, privKeyBytes)); } + @Override public CryptoAlgorithm getAlgorithm() { return SHA1WITHRSA4096; diff --git a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunction.java b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunction.java index 7bbea7a1..5b9978d7 100644 --- a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunction.java +++ b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunction.java @@ -1,7 +1,27 @@ package com.jd.blockchain.crypto.service.pki; import com.jd.blockchain.crypto.*; +import org.bouncycastle.asn1.gm.GMObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; +import org.bouncycastle.math.ec.ECPoint; +import org.bouncycastle.math.ec.custom.gm.SM2P256V1Curve; +import java.math.BigInteger; +import java.security.*; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +import static com.jd.blockchain.crypto.BaseCryptoKey.KEY_TYPE_BYTES; +import static com.jd.blockchain.crypto.CryptoBytes.ALGORYTHM_CODE_SIZE; +import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE; +import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC; import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SM3WITHSM2; /** @@ -11,56 +31,204 @@ import static com.jd.blockchain.crypto.service.pki.PKIAlgorithm.SM3WITHSM2; * @date 2019-05-15, 16:39 */ public class SM3WITHSM2SignatureFunction implements SignatureFunction { + private static final int RAW_PUBKEY_SIZE = 65; + private static final int RAW_PRIVKEY_SIZE = 32 + 65; + + private static final int RAW_SIGNATUREDIGEST_SIZE = 64; + + private static final SM2P256V1Curve CURVE = new SM2P256V1Curve(); + private static final BigInteger GX = new BigInteger("32C4AE2C1F1981195F9904466A39C994" + + "8FE30BBFF2660BE1715A4589334C74C7", 16); + private static final BigInteger GY = new BigInteger("BC3736A2F4F6779C59BDCEE36B692153" + + "D0A9877CC62A474002DF32E52139F0A0", 16); + private static final ECPoint G = CURVE.createPoint(GX, GY); + + private static final AlgorithmIdentifier SM2_ALGORITHM_IDENTIFIER = new AlgorithmIdentifier( + X9ObjectIdentifiers.id_ecPublicKey, GMObjectIdentifiers.sm2p256v1); + + @Override public SignatureDigest sign(PrivKey privKey, byte[] data) { - return null; + + Security.addProvider(new BouncyCastleProvider()); + + byte[] rawPrivKeyBytes = privKey.getRawKeyBytes(); + + if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) { + throw new CryptoException("This key has wrong format!"); + } + + if (privKey.getAlgorithm() != SM3WITHSM2.code()) { + throw new CryptoException("This key is not SM3WITHSM2 private key!"); + } + + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes); + + KeyFactory keyFactory; + ECPrivateKey rawPrivKey; + Signature signer; + byte[] signature; + + try { + keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME); + rawPrivKey = (ECPrivateKey) keyFactory.generatePrivate(keySpec); + signer = Signature.getInstance("SM3withSM2", BouncyCastleProvider.PROVIDER_NAME); + + signer.initSign(rawPrivKey); + signer.update(data); + signature = signer.sign(); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | + InvalidKeySpecException | NoSuchProviderException e) { + throw new CryptoException(e.getMessage(), e); + } + + return new SignatureDigest(SM3WITHSM2, signature); } @Override public boolean verify(SignatureDigest digest, PubKey pubKey, byte[] data) { - return false; + + Security.addProvider(new BouncyCastleProvider()); + + byte[] rawPubKeyBytes = pubKey.getRawKeyBytes(); + byte[] rawDigestBytes = digest.getRawDigest(); + + if (rawPubKeyBytes.length < RAW_PUBKEY_SIZE) { + throw new CryptoException("This key has wrong format!"); + } + + if (pubKey.getAlgorithm() != SM3WITHSM2.code()) { + throw new CryptoException("This key is not SM3WITHSM2 public key!"); + } + + if (digest.getAlgorithm() != SM3WITHSM2.code() || rawDigestBytes.length < RAW_SIGNATUREDIGEST_SIZE) { + throw new CryptoException("This is not SM3WITHSM2 signature digest!"); + } + + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(rawPubKeyBytes); + + KeyFactory keyFactory; + ECPublicKey rawPubKey; + Signature verifier; + boolean isValid; + + try { + keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME); + rawPubKey = (ECPublicKey) keyFactory.generatePublic(keySpec); + verifier = Signature.getInstance("SM3withSM2", BouncyCastleProvider.PROVIDER_NAME); + verifier.initVerify(rawPubKey); + verifier.update(data); + isValid = verifier.verify(rawDigestBytes); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | InvalidKeySpecException + | NoSuchProviderException e) { + throw new CryptoException(e.getMessage(), e); + } + + return isValid; } @Override - public PubKey retrievePubKey(PrivKey privKey) { - return null; + public boolean supportPubKey(byte[] pubKeyBytes) { + return pubKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PUBKEY_SIZE) + && CryptoAlgorithm.match(SM3WITHSM2, pubKeyBytes) + && pubKeyBytes[ALGORYTHM_CODE_SIZE] == PUBLIC.CODE; } @Override - public boolean supportPrivKey(byte[] privKeyBytes) { - return false; + public PubKey resolvePubKey(byte[] pubKeyBytes) { + if (supportPubKey(pubKeyBytes)) { + return new PubKey(pubKeyBytes); + } else { + throw new CryptoException("pubKeyBytes are invalid!"); + } } @Override - public PrivKey resolvePrivKey(byte[] privKeyBytes) { - return null; + public boolean supportPrivKey(byte[] privKeyBytes) { + return privKeyBytes.length > (ALGORYTHM_CODE_SIZE + KEY_TYPE_BYTES + RAW_PRIVKEY_SIZE) + && CryptoAlgorithm.match(SM3WITHSM2, privKeyBytes) + && privKeyBytes[ALGORYTHM_CODE_SIZE] == PRIVATE.CODE; } @Override - public boolean supportPubKey(byte[] pubKeyBytes) { - return false; + public PrivKey resolvePrivKey(byte[] privKeyBytes) { + if (supportPrivKey(privKeyBytes)) { + return new PrivKey(privKeyBytes); + } else { + throw new CryptoException("privKeyBytes are invalid!"); + } } @Override - public PubKey resolvePubKey(byte[] pubKeyBytes) { - return null; + public PubKey retrievePubKey(PrivKey privKey) { + + byte[] rawPrivKeyBytes = privKey.getRawKeyBytes(); + + if (rawPrivKeyBytes.length < RAW_PRIVKEY_SIZE) { + throw new CryptoException("This key has wrong format!"); + } + + if (privKey.getAlgorithm() != SM3WITHSM2.code()) { + throw new CryptoException("This key is not SM3WITHSM2 private key!"); + } + + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(rawPrivKeyBytes); + + KeyFactory keyFactory; + ECPrivateKey rawPrivKey; + byte[] rawPubKeyBytes; + try { + keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME); + rawPrivKey = (ECPrivateKey) keyFactory.generatePrivate(keySpec); + BigInteger d = rawPrivKey.getS(); + ECPoint Q = G.multiply(d).normalize(); + rawPubKeyBytes = KeyUtil.getEncodedSubjectPublicKeyInfo(SM2_ALGORITHM_IDENTIFIER, + Q.getEncoded(false)); + } catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) { + throw new CryptoException(e.getMessage(), e); + } + + return new PubKey(SM3WITHSM2, rawPubKeyBytes); } @Override public boolean supportDigest(byte[] digestBytes) { - return false; + return digestBytes.length > (RAW_SIGNATUREDIGEST_SIZE + ALGORYTHM_CODE_SIZE) + && CryptoAlgorithm.match(SM3WITHSM2, digestBytes); } @Override public SignatureDigest resolveDigest(byte[] digestBytes) { - return null; + if (supportDigest(digestBytes)) { + return new SignatureDigest(digestBytes); + } else { + throw new CryptoException("digestBytes are invalid!"); + } } @Override public AsymmetricKeypair generateKeypair() { - return null; - } + Security.addProvider(new BouncyCastleProvider()); + KeyPairGenerator generator; + PublicKey pubKey; + PrivateKey privKey; + try { + generator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME); + generator.initialize(new ECNamedCurveGenParameterSpec("sm2p256v1")); + KeyPair keyPair = generator.generateKeyPair(); + pubKey = keyPair.getPublic(); + privKey = keyPair.getPrivate(); + } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) { + throw new CryptoException(e.getMessage(), e); + } + + byte[] pubKeyBytes = pubKey.getEncoded(); + byte[] privKeyBytes = privKey.getEncoded(); + + return new AsymmetricKeypair(new PubKey(SM3WITHSM2, pubKeyBytes), + new PrivKey(SM3WITHSM2, privKeyBytes)); + } @Override public CryptoAlgorithm getAlgorithm() { return SM3WITHSM2; diff --git a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/utils/CSRBuilder.java b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/utils/CSRBuilder.java index 6659134b..790cb7db 100644 --- a/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/utils/CSRBuilder.java +++ b/source/crypto/crypto-pki/src/main/java/com/jd/blockchain/crypto/utils/CSRBuilder.java @@ -14,7 +14,6 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; import org.bouncycastle.util.encoders.Base64; - import java.io.IOException; import java.security.*; @@ -65,17 +64,24 @@ public class CSRBuilder { keyPair = generator.generateKeyPair(); pubKey = keyPair.getPublic(); privKey = keyPair.getPrivate(); + break; } case "SM2": { generator = KeyPairGenerator.getInstance("EC", BC); + if (KeyLength != 256) { + throw new CryptoException("SM3withSM2 with unsupported key length [" + + KeyLength +"] in CSR!"); + } generator.initialize(new ECNamedCurveGenParameterSpec("sm2p256v1")); keyPair = generator.generateKeyPair(); pubKey = keyPair.getPublic(); privKey = keyPair.getPrivate(); + break; } - default: throw new CryptoException("Unsupported key algorithm[" + algoName + "] in CSR!"); + default: throw new CryptoException("Unsupported algorithm [" + algoName + "] with key length [" + + KeyLength +"] in CSR!"); } } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) { throw new CryptoException(e.getMessage(), e); @@ -86,7 +92,7 @@ public class CSRBuilder { String organizationName, String departmentName, String domainName, String emailName) { - String result = null; + String result; X500NameBuilder nameBuilder = new X500NameBuilder(BCStrictStyle.INSTANCE); nameBuilder.addRDN(BCStyle.C, countryName); // a country name, and China is short as CN @@ -120,12 +126,4 @@ public class CSRBuilder { public PrivateKey getPrivKey() { return privKey; } - - public byte[] getPubKeyBytes() { - return pubKey.getEncoded(); - } - - public byte[] getPrivKeyBytes() { - return privKey.getEncoded(); - } } diff --git a/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunctionTest.java b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunctionTest.java new file mode 100644 index 00000000..9ab2ac7c --- /dev/null +++ b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SHA1WITHRSA4096SignatureFunctionTest.java @@ -0,0 +1,197 @@ +package com.jd.blockchain.crypto.service.pki; + +import com.jd.blockchain.crypto.*; +import com.jd.blockchain.utils.io.BytesUtils; +import org.junit.Test; + +import java.util.Random; + +import static com.jd.blockchain.crypto.CryptoAlgorithm.ASYMMETRIC_KEY; +import static com.jd.blockchain.crypto.CryptoAlgorithm.SIGNATURE_ALGORITHM; +import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE; +import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC; +import static junit.framework.TestCase.assertNull; +import static org.junit.Assert.*; + +/** + * @author zhanglin33 + * @title: SHA1WITHRSA4096SignatureFunctionTest + * @description: TODO + * @date 2019-05-16, 10:49 + */ +public class SHA1WITHRSA4096SignatureFunctionTest { + + private AsymmetricKeypair keyPair = Crypto.getSignatureFunction(Crypto.getAlgorithm("SHA1WITHRSA4096")). + generateKeypair(); + + @Test + public void getAlgorithmTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name()); + assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code()); + + algorithm = Crypto.getAlgorithm("SHA1withRsa4096"); + assertNotNull(algorithm); + + assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name()); + assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code()); + + algorithm = Crypto.getAlgorithm("rsa2048"); + assertNull(algorithm); + } + + @Test + public void generateKeyPairTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096"); + assertNotNull(algorithm); + + PubKey pubKey = keyPair.getPubKey(); + PrivKey privKey = keyPair.getPrivKey(); + + assertEquals(PUBLIC.CODE, pubKey.getKeyType().CODE); + assertTrue(pubKey.getRawKeyBytes().length > 515); + assertEquals(PRIVATE.CODE, privKey.getKeyType().CODE); + assertTrue(privKey.getRawKeyBytes().length > 2307); + + assertEquals(algorithm.code(), pubKey.getAlgorithm()); + assertEquals(algorithm.code(), privKey.getAlgorithm()); + + byte[] algoBytes = CryptoAlgorithm.getCodeBytes(algorithm); + byte[] pubKeyTypeBytes = new byte[] { PUBLIC.CODE }; + byte[] privKeyTypeBytes = new byte[] { PRIVATE.CODE }; + byte[] rawPubKeyBytes = pubKey.getRawKeyBytes(); + byte[] rawPrivKeyBytes = privKey.getRawKeyBytes(); + assertArrayEquals(BytesUtils.concat(algoBytes, pubKeyTypeBytes, rawPubKeyBytes), pubKey.toBytes()); + assertArrayEquals(BytesUtils.concat(algoBytes, privKeyTypeBytes, rawPrivKeyBytes), privKey.toBytes()); + } + + @Test + public void retrievePubKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + PubKey pubKey = keyPair.getPubKey(); + PrivKey privKey = keyPair.getPrivKey(); + + PubKey retrievedPubKey = signatureFunction.retrievePubKey(privKey); + + assertEquals(pubKey.getKeyType(), retrievedPubKey.getKeyType()); + assertEquals(pubKey.getRawKeyBytes().length, retrievedPubKey.getRawKeyBytes().length); + assertEquals(pubKey.getAlgorithm(), retrievedPubKey.getAlgorithm()); + assertArrayEquals(pubKey.toBytes(), retrievedPubKey.toBytes()); + } + + @Test + public void signAndVerifyTest() { + + byte[] data = new byte[1024]; + Random random = new Random(); + random.nextBytes(data); + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + PrivKey privKey = keyPair.getPrivKey(); + PubKey pubKey = keyPair.getPubKey(); + + SignatureDigest signatureDigest = signatureFunction.sign(privKey, data); + + byte[] signatureBytes = signatureDigest.toBytes(); + + assertEquals(2 + 512, signatureBytes.length); + assertEquals(algorithm.code(), signatureDigest.getAlgorithm()); + + assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), signatureDigest.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)), + signatureDigest.getAlgorithm()); + + byte[] algoBytes = BytesUtils.toBytes(signatureDigest.getAlgorithm()); + byte[] rawSinatureBytes = signatureDigest.getRawDigest(); + assertArrayEquals(BytesUtils.concat(algoBytes, rawSinatureBytes), signatureBytes); + + assertTrue(signatureFunction.verify(signatureDigest, pubKey, data)); + } + + @Test + public void supportAndResolvePrivKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + PrivKey privKey = keyPair.getPrivKey(); + byte[] privKeyBytes = privKey.toBytes(); + + assertTrue(signatureFunction.supportPrivKey(privKeyBytes)); + + PrivKey resolvedPrivKey = signatureFunction.resolvePrivKey(privKeyBytes); + + assertEquals(PRIVATE.CODE, resolvedPrivKey.getKeyType().CODE); + assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), resolvedPrivKey.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)), + resolvedPrivKey.getAlgorithm()); + assertArrayEquals(privKeyBytes, resolvedPrivKey.toBytes()); + } + + @Test + public void supportAndResolvePubKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + PubKey pubKey = keyPair.getPubKey(); + byte[] pubKeyBytes = pubKey.toBytes(); + + assertTrue(signatureFunction.supportPubKey(pubKeyBytes)); + + PubKey resolvedPubKey = signatureFunction.resolvePubKey(pubKeyBytes); + + assertEquals(PUBLIC.CODE, resolvedPubKey.getKeyType().CODE); + assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), resolvedPubKey.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)), + resolvedPubKey.getAlgorithm()); + assertArrayEquals(pubKeyBytes, resolvedPubKey.toBytes()); + } + + @Test + public void supportAndResolveDigestTest() { + + byte[] data = new byte[1024]; + Random random = new Random(); + random.nextBytes(data); + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SHA1WITHRSA4096"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + PrivKey privKey = keyPair.getPrivKey(); + + SignatureDigest signatureDigest = signatureFunction.sign(privKey, data); + + byte[] signatureDigestBytes = signatureDigest.toBytes(); + assertTrue(signatureFunction.supportDigest(signatureDigestBytes)); + + SignatureDigest resolvedSignatureDigest = signatureFunction.resolveDigest(signatureDigestBytes); + + assertEquals(512, resolvedSignatureDigest.getRawDigest().length); + assertEquals(PKIAlgorithm.SHA1WITHRSA4096.code(), resolvedSignatureDigest.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 32 & 0x00FF)), + resolvedSignatureDigest.getAlgorithm()); + assertArrayEquals(signatureDigestBytes, resolvedSignatureDigest.toBytes()); + } +} diff --git a/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunctionTest.java b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunctionTest.java new file mode 100644 index 00000000..c9fa8311 --- /dev/null +++ b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/service/pki/SM3WITHSM2SignatureFunctionTest.java @@ -0,0 +1,274 @@ +package com.jd.blockchain.crypto.service.pki; + +import com.jd.blockchain.crypto.*; +import com.jd.blockchain.utils.io.BytesUtils; +import org.junit.Test; + +import java.util.Random; + +import static com.jd.blockchain.crypto.CryptoAlgorithm.ASYMMETRIC_KEY; +import static com.jd.blockchain.crypto.CryptoAlgorithm.SIGNATURE_ALGORITHM; +import static com.jd.blockchain.crypto.CryptoKeyType.PRIVATE; +import static com.jd.blockchain.crypto.CryptoKeyType.PUBLIC; +import static junit.framework.TestCase.assertNull; +import static org.junit.Assert.*; + +/** + * @author zhanglin33 + * @title: SM3WITHSM2SignatureFunctionTest + * @description: TODO + * @date 2019-05-16, 17:04 + */ +public class SM3WITHSM2SignatureFunctionTest { + + @Test + public void getAlgorithmTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name()); + assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code()); + + algorithm = Crypto.getAlgorithm("sm3withsm2"); + assertNotNull(algorithm); + + assertEquals(signatureFunction.getAlgorithm().name(), algorithm.name()); + assertEquals(signatureFunction.getAlgorithm().code(), algorithm.code()); + + algorithm = Crypto.getAlgorithm("sm3withs"); + assertNull(algorithm); + } + + @Test + public void generateKeyPairTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PubKey pubKey = keyPair.getPubKey(); + PrivKey privKey = keyPair.getPrivKey(); + + assertEquals(PUBLIC.CODE, pubKey.getKeyType().CODE); + assertTrue(pubKey.getRawKeyBytes().length > 32); + assertEquals(PRIVATE.CODE, privKey.getKeyType().CODE); + assertTrue(privKey.getRawKeyBytes().length > 65 + 32); + + assertEquals(algorithm.code(), pubKey.getAlgorithm()); + assertEquals(algorithm.code(), privKey.getAlgorithm()); + + byte[] algoBytes = CryptoAlgorithm.getCodeBytes(algorithm); + byte[] pubKeyTypeBytes = new byte[] { PUBLIC.CODE }; + byte[] privKeyTypeBytes = new byte[] { PRIVATE.CODE }; + byte[] rawPubKeyBytes = pubKey.getRawKeyBytes(); + byte[] rawPrivKeyBytes = privKey.getRawKeyBytes(); + assertArrayEquals(BytesUtils.concat(algoBytes, pubKeyTypeBytes, rawPubKeyBytes), pubKey.toBytes()); + assertArrayEquals(BytesUtils.concat(algoBytes, privKeyTypeBytes, rawPrivKeyBytes), privKey.toBytes()); + } + + @Test + public void retrievePubKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PubKey pubKey = keyPair.getPubKey(); + PrivKey privKey = keyPair.getPrivKey(); + + PubKey retrievedPubKey = signatureFunction.retrievePubKey(privKey); + + assertEquals(pubKey.getKeyType(), retrievedPubKey.getKeyType()); + assertEquals(pubKey.getRawKeyBytes().length, retrievedPubKey.getRawKeyBytes().length); + assertEquals(pubKey.getAlgorithm(), retrievedPubKey.getAlgorithm()); + assertArrayEquals(pubKey.toBytes(), retrievedPubKey.toBytes()); + } + + @Test + public void signTest() { + + byte[] data = new byte[1024]; + Random random = new Random(); + random.nextBytes(data); + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PrivKey privKey = keyPair.getPrivKey(); + SignatureDigest signatureDigest = signatureFunction.sign(privKey, data); + + byte[] signatureBytes = signatureDigest.toBytes(); + + assertTrue(signatureBytes.length > 2 + 64); + assertEquals(algorithm.code(), signatureDigest.getAlgorithm()); + + assertEquals(PKIAlgorithm.SM3WITHSM2.code(), signatureDigest.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)), + signatureDigest.getAlgorithm()); + + byte[] algoBytes = BytesUtils.toBytes(signatureDigest.getAlgorithm()); + byte[] rawSinatureBytes = signatureDigest.getRawDigest(); + assertArrayEquals(BytesUtils.concat(algoBytes, rawSinatureBytes), signatureBytes); + } + + @Test + public void verifyTest() { + byte[] data = new byte[1024]; + Random random = new Random(); + random.nextBytes(data); + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PubKey pubKey = keyPair.getPubKey(); + PrivKey privKey = keyPair.getPrivKey(); + SignatureDigest signatureDigest = signatureFunction.sign(privKey, data); + + System.out.println(signatureDigest.getRawDigest().length); + assertTrue(signatureFunction.verify(signatureDigest, pubKey, data)); + } + + @Test + public void supportPrivKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PrivKey privKey = keyPair.getPrivKey(); + byte[] privKeyBytes = privKey.toBytes(); + + assertTrue(signatureFunction.supportPrivKey(privKeyBytes)); + } + + @Test + public void resolvePrivKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PrivKey privKey = keyPair.getPrivKey(); + byte[] privKeyBytes = privKey.toBytes(); + + PrivKey resolvedPrivKey = signatureFunction.resolvePrivKey(privKeyBytes); + + assertEquals(PRIVATE.CODE, resolvedPrivKey.getKeyType().CODE); + assertEquals(PKIAlgorithm.SM3WITHSM2.code(), resolvedPrivKey.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)), + resolvedPrivKey.getAlgorithm()); + assertArrayEquals(privKeyBytes, resolvedPrivKey.toBytes()); + } + + @Test + public void supportPubKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PubKey pubKey = keyPair.getPubKey(); + byte[] pubKeyBytes = pubKey.toBytes(); + + assertTrue(signatureFunction.supportPubKey(pubKeyBytes)); + } + + @Test + public void resolvePubKeyTest() { + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PubKey pubKey = keyPair.getPubKey(); + byte[] pubKeyBytes = pubKey.toBytes(); + + PubKey resolvedPubKey = signatureFunction.resolvePubKey(pubKeyBytes); + + assertEquals(PUBLIC.CODE, resolvedPubKey.getKeyType().CODE); + assertEquals(PKIAlgorithm.SM3WITHSM2.code(), resolvedPubKey.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)), + resolvedPubKey.getAlgorithm()); + assertArrayEquals(pubKeyBytes, resolvedPubKey.toBytes()); + } + + @Test + public void supportDigestTest() { + + byte[] data = new byte[1024]; + Random random = new Random(); + random.nextBytes(data); + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PrivKey privKey = keyPair.getPrivKey(); + + SignatureDigest signatureDigest = signatureFunction.sign(privKey, data); + + byte[] signatureDigestBytes = signatureDigest.toBytes(); + assertTrue(signatureFunction.supportDigest(signatureDigestBytes)); + } + + @Test + public void resolveDigestTest() { + + byte[] data = new byte[1024]; + Random random = new Random(); + random.nextBytes(data); + + CryptoAlgorithm algorithm = Crypto.getAlgorithm("SM3WITHSM2"); + assertNotNull(algorithm); + + SignatureFunction signatureFunction = Crypto.getSignatureFunction(algorithm); + + AsymmetricKeypair keyPair = signatureFunction.generateKeypair(); + + PrivKey privKey = keyPair.getPrivKey(); + + SignatureDigest signatureDigest = signatureFunction.sign(privKey, data); + + byte[] signatureDigestBytes = signatureDigest.toBytes(); + + SignatureDigest resolvedSignatureDigest = signatureFunction.resolveDigest(signatureDigestBytes); + + assertTrue(resolvedSignatureDigest.getRawDigest().length > 64); + assertEquals(PKIAlgorithm.SM3WITHSM2.code(), resolvedSignatureDigest.getAlgorithm()); + assertEquals((short) (SIGNATURE_ALGORITHM | ASYMMETRIC_KEY | ((byte) 33 & 0x00FF)), + resolvedSignatureDigest.getAlgorithm()); + assertArrayEquals(signatureDigestBytes, resolvedSignatureDigest.toBytes()); + } +} diff --git a/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CSRBuilderTest.java b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CSRBuilderTest.java index d42c72f4..f309ff52 100644 --- a/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CSRBuilderTest.java +++ b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CSRBuilderTest.java @@ -1,6 +1,5 @@ package com.jd.blockchain.crypto.utils; -import com.jd.blockchain.crypto.utils.CSRBuilder; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; @@ -112,4 +111,286 @@ public class CSRBuilderTest { } assertTrue(isValid); } + + @Test + public void SHA1withRSA2048CSRTest(){ + + String countryName = "CN"; + String stateName = "Beijing"; + String cityName = "Beijing"; + String organizationName = "JD.com"; + String departmentName = "Blockchain Department"; + String domainName = "ledger.jd.com"; + String emailName = "zhanglin33@jd.com"; + + CSRBuilder builder = new CSRBuilder(); + + builder.init("SHA1withRSA",2048); + String csr = builder.buildRequest(countryName,stateName,cityName, + organizationName,departmentName,domainName, + emailName); + + PublicKey pubKey = builder.getPubKey(); + PrivateKey privKey = builder.getPrivKey(); + + byte[] crsBytes = Base64.decode(csr); + PKCS10CertificationRequest request = null; + try { + request = new PKCS10CertificationRequest(crsBytes); + } catch (IOException e) { + e.printStackTrace(); + } + assertNotNull(request); + assertEquals("1.2.840.113549.1.1.5",request.getSignatureAlgorithm().getAlgorithm().getId()); + byte[] pubKeyBytes = new byte[0]; + try { + pubKeyBytes = request.getSubjectPublicKeyInfo().getEncoded(); + } catch (IOException e) { + e.printStackTrace(); + } + assertArrayEquals(pubKeyBytes,pubKey.getEncoded()); + + RDN[] rdns = request.getSubject().getRDNs(); + assertEquals(BCStyle.C, rdns[0].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.ST, rdns[1].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.L, rdns[2].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.O, rdns[3].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.OU, rdns[4].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.CN, rdns[5].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.E, rdns[6].getFirst().getType().toASN1Primitive()); + + assertEquals("CN", rdns[0].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Beijing", rdns[1].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Beijing", rdns[2].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("JD.com", rdns[3].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Blockchain Department", rdns[4].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("ledger.jd.com", rdns[5].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("zhanglin33@jd.com", rdns[6].getFirst().getValue().toASN1Primitive().toString()); + + byte[] signature = request.getSignature(); + + CertificationRequestInfo requestInfo = new CertificationRequestInfo(request.getSubject(),request.getSubjectPublicKeyInfo(),new DERSet()); + byte[] message = new byte[0]; + try { + message = requestInfo.getEncoded(ASN1Encoding.DER); + } catch (IOException e) { + e.printStackTrace(); + } + + Signature signer; + byte[] result = new byte[0]; + try { + signer = Signature.getInstance("SHA1withRSA"); + signer.initSign(privKey); + signer.update(message); + result = signer.sign(); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { + e.printStackTrace(); + } + assertArrayEquals(result,signature); + + Signature verifier; + boolean isValid = false; + try { + verifier = Signature.getInstance("SHA1withRSA"); + verifier.initVerify(pubKey); + verifier.update(message); + isValid = verifier.verify(signature); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { + e.printStackTrace(); + } + assertTrue(isValid); + } + + + @Test + public void SHA1withRSA4096CSRTest(){ + + String countryName = "CN"; + String stateName = "Beijing"; + String cityName = "Beijing"; + String organizationName = "JD.com"; + String departmentName = "Blockchain Department"; + String domainName = "ledger.jd.com"; + String emailName = "zhanglin33@jd.com"; + + CSRBuilder builder = new CSRBuilder(); + + builder.init("SHA1withRSA",4096); + String csr = builder.buildRequest(countryName,stateName,cityName, + organizationName,departmentName,domainName, + emailName); + + PublicKey pubKey = builder.getPubKey(); + PrivateKey privKey = builder.getPrivKey(); + + byte[] crsBytes = Base64.decode(csr); + PKCS10CertificationRequest request = null; + try { + request = new PKCS10CertificationRequest(crsBytes); + } catch (IOException e) { + e.printStackTrace(); + } + assertNotNull(request); + assertEquals("1.2.840.113549.1.1.5",request.getSignatureAlgorithm().getAlgorithm().getId()); + byte[] pubKeyBytes = new byte[0]; + try { + pubKeyBytes = request.getSubjectPublicKeyInfo().getEncoded(); + } catch (IOException e) { + e.printStackTrace(); + } + assertArrayEquals(pubKeyBytes,pubKey.getEncoded()); + + RDN[] rdns = request.getSubject().getRDNs(); + assertEquals(BCStyle.C, rdns[0].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.ST, rdns[1].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.L, rdns[2].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.O, rdns[3].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.OU, rdns[4].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.CN, rdns[5].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.E, rdns[6].getFirst().getType().toASN1Primitive()); + + assertEquals("CN", rdns[0].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Beijing", rdns[1].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Beijing", rdns[2].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("JD.com", rdns[3].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Blockchain Department", rdns[4].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("ledger.jd.com", rdns[5].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("zhanglin33@jd.com", rdns[6].getFirst().getValue().toASN1Primitive().toString()); + + byte[] signature = request.getSignature(); + + CertificationRequestInfo requestInfo = new CertificationRequestInfo(request.getSubject(),request.getSubjectPublicKeyInfo(),new DERSet()); + byte[] message = new byte[0]; + try { + message = requestInfo.getEncoded(ASN1Encoding.DER); + } catch (IOException e) { + e.printStackTrace(); + } + + Signature signer; + byte[] result = new byte[0]; + try { + signer = Signature.getInstance("SHA1withRSA"); + signer.initSign(privKey); + signer.update(message); + result = signer.sign(); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { + e.printStackTrace(); + } + assertArrayEquals(result,signature); + + Signature verifier; + boolean isValid = false; + try { + verifier = Signature.getInstance("SHA1withRSA"); + verifier.initVerify(pubKey); + verifier.update(message); + isValid = verifier.verify(signature); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { + e.printStackTrace(); + } + assertTrue(isValid); + } + + + @Test + public void SM3withSM2CSRTest(){ + + String countryName = "CN"; + String stateName = "Beijing"; + String cityName = "Beijing"; + String organizationName = "JD.com"; + String departmentName = "Blockchain Department"; + String domainName = "ledger.jd.com"; + String emailName = "zhanglin33@jd.com"; + + CSRBuilder builder = new CSRBuilder(); + + builder.init("SM3withSM2",256); + String csr = builder.buildRequest(countryName,stateName,cityName, + organizationName,departmentName,domainName, + emailName); + + System.out.println(csr); + PublicKey pubKey = builder.getPubKey(); + PrivateKey privKey = builder.getPrivKey(); + + byte[] crsBytes = Base64.decode(csr); + PKCS10CertificationRequest request = null; + try { + request = new PKCS10CertificationRequest(crsBytes); + } catch (IOException e) { + e.printStackTrace(); + } + assertNotNull(request); + assertEquals("1.2.156.10197.1.501",request.getSignatureAlgorithm().getAlgorithm().getId()); + byte[] pubKeyBytes = new byte[0]; + try { + pubKeyBytes = request.getSubjectPublicKeyInfo().getEncoded(); + } catch (IOException e) { + e.printStackTrace(); + } + assertArrayEquals(pubKeyBytes,pubKey.getEncoded()); + + RDN[] rdns = request.getSubject().getRDNs(); + assertEquals(BCStyle.C, rdns[0].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.ST, rdns[1].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.L, rdns[2].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.O, rdns[3].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.OU, rdns[4].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.CN, rdns[5].getFirst().getType().toASN1Primitive()); + assertEquals(BCStyle.E, rdns[6].getFirst().getType().toASN1Primitive()); + + assertEquals("CN", rdns[0].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Beijing", rdns[1].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Beijing", rdns[2].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("JD.com", rdns[3].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("Blockchain Department", rdns[4].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("ledger.jd.com", rdns[5].getFirst().getValue().toASN1Primitive().toString()); + assertEquals("zhanglin33@jd.com", rdns[6].getFirst().getValue().toASN1Primitive().toString()); + + byte[] signature = request.getSignature(); + + CertificationRequestInfo requestInfo = new CertificationRequestInfo(request.getSubject(),request.getSubjectPublicKeyInfo(),new DERSet()); + byte[] message = new byte[0]; + try { + message = requestInfo.getEncoded(ASN1Encoding.DER); + } catch (IOException e) { + e.printStackTrace(); + } + + Signature signer; + byte[] result = new byte[0]; + try { + signer = Signature.getInstance("SM3withSM2"); + signer.initSign(privKey); + signer.update(message); + result = signer.sign(); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { + e.printStackTrace(); + } + + Signature verifier; + boolean isValid = false; + try { + verifier = Signature.getInstance("SM3withSM2"); + verifier.initVerify(pubKey); + verifier.update(message); + isValid = verifier.verify(signature); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { + e.printStackTrace(); + } + assertTrue(isValid); + + try { + verifier = Signature.getInstance("SM3withSM2"); + verifier.initVerify(pubKey); + verifier.update(message); + isValid = verifier.verify(result); + } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { + e.printStackTrace(); + } + assertTrue(isValid); + } } diff --git a/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CertParserTest.java b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CertParserTest.java index 59ad3814..7f106a2d 100644 --- a/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CertParserTest.java +++ b/source/crypto/crypto-pki/src/test/java/com/jd/blockchain/crypto/utils/CertParserTest.java @@ -1,6 +1,6 @@ package com.jd.blockchain.crypto.utils; -import com.jd.blockchain.crypto.utils.CertParser; +import org.bouncycastle.util.encoders.Hex; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -14,7 +14,7 @@ import static org.junit.Assert.assertEquals; public class CertParserTest { @Test - public void parseTest() { + public void parseSHA1WITHRSA2048Test() { CertParser parser = new CertParser(); String issuerCert = "-----BEGIN CERTIFICATE-----\n" + @@ -46,4 +46,102 @@ public class CertParserTest { parser.parse(userCert, issuerCert); assertEquals("SHA1WITHRSA",parser.getSigAlgName()); } + + @Test + public void parseSHA1WITHRSA4096Test() { + CertParser parser = new CertParser(); + String issuerCert = + "-----BEGIN CERTIFICATE-----\n" + + "MIIDzzCCAregAwIBAgIKUalCR1Mt5ZSK8jANBgkqhkiG9w0BAQUFADBZMQswCQYD\n" + + "VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g\n" + + "QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODI5MDU1\n" + + "NDM2WhcNMzIwODI0MDU1NDM2WjBZMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp\n" + + "bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRgwFgYDVQQDEw9D\n" + + "RkNBIFRFU1QgT0NBMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\n" + + "jn0n8Fp6hcRdACdn1+Y6GAkC6KGgNdKyHPrmsdmhCjnd/i4qUFwnG8cp3D4lFw1G\n" + + "jmjSO5yVYbik/NbS6lbNpRgTK3fDfMFvLJpRIC+IFhG9SdAC2hwjsH9qTpL9cK2M\n" + + "bSdrC6pBdDgnbzaM9AGBF4Y6vXhj5nah4ZMsBvDp19LzXjlGuTPLuAgv9ZlWknsd\n" + + "RN70PIAmvomd10uqX4GIJ4Jq/FdKXOLZ2DNK/NhRyN6Yq71L3ham6tutXeZow5t5\n" + + "0254AnUlo1u6SeH9F8itER653o/oMLFwp+63qXAcqrHUlOQPX+JI8fkumSqZ4F2F\n" + + "t/HfVMnqdtFNCnh5+eIBAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAUdN7FjQp9EBqq\n" + + "aYNbTSHOhpvMcTgwDAYDVR0TBAUwAwEB/zA4BgNVHR8EMTAvMC2gK6AphidodHRw\n" + + "Oi8vMjEwLjc0LjQyLjMvdGVzdHJjYS9SU0EvY3JsMS5jcmwwCwYDVR0PBAQDAgEG\n" + + "MB0GA1UdDgQWBBT8C7xEmg4xoYOpgYcnHgVCxr9W+DANBgkqhkiG9w0BAQUFAAOC\n" + + "AQEAb7W0K9fZPA+JPw6lRiMDaUJ0oh052yEXreMBfoPulxkBj439qombDiFggRLc\n" + + "3g8wIEKzMOzOKXTWtnzYwN3y/JQSuJb/M1QqOEEM2PZwCxI4AkBuH6jg03RjlkHg\n" + + "/kTtuIFp9ItBCC2/KkKlp0ENfn4XgVg2KtAjZ7lpyVU0LPnhEqqUVY/xthjlCSa7\n" + + "/XHNStRxsfCTIBUWJ8n2FZyQhfV/UkMNHDBIiJR0v6C4Ai0/290WvbPEIAq+03Si\n" + + "fsHzBeA0C8lP5VzfAr6wWePaZMCpStpLaoXNcAqReKxQllElOqAhRxC5VKH+rnIQ\n" + + "OMRZvB7FRyE9IfwKApngcZbA5g==\n" + + "-----END CERTIFICATE-----"; + + String userCert = "MIIFRjCCBC6gAwIBAgIFICdWiDMwDQYJKoZIhvcNAQEFBQAwWTELMAkGA1UEBhMCQ04xMDAuBgNVBAoTJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEYMBYGA1UEAxMPQ0ZDQSBURVNUIE9DQTExMB4XDTE5MDUxNjA3MDcyMloXDTIxMDUxNjA3MDcyMloweDELMAkGA1UEBhMCQ04xGDAWBgNVBAoTD0NGQ0EgVEVTVCBPQ0ExMTERMA8GA1UECxMITG9jYWwgUkExFTATBgNVBAsTDEluZGl2aWR1YWwtMTElMCMGA1UEAxQcMDUxQHpoYW5nbGluIUBaMTg2MTIyMjkyOTVAMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL0rTOxd8rsjPtFJ0aGVh9bZPy5Xo0SADaP7BbJsG4+ykLQMZHg9hTf/6fv1OsD2HEKFoMpIkW2gwCJW2nvicHcVql/shCoktc6ZBW6Dr/DxOgbO9tpoGxZ50xdI4Q0NsrxqtbCldW4ozPHdjgRJ83i1KSFh7evNrVByN/mB+jchrVGLWyJ1uIRgUUgpRZmZPoOHaizVJqrqWJGGk6xbDLR2gUQ1hTzetQaz1OeKtelHDk9FY08XSmNGssSMpuSjrxn78S888VW5WIxyo4cwrXSXFk3J7LNTy70Oga16HZjJD/vLTM6a4riPa8+uivPinKxK38/++nlBPNwhx6n46uYkd9Zvw+SJiJgpnuPJLtMZpKpJx7V1BDVEydKPUthilTdsmJtkBFSlFw0G1aKfuciBGzzJ3SKngJF/JqJAWIonVAFBGb6Gokp1Sw+T4KqXrdbjxYxiyyjZ++8O1vydgFAkx/NjsuwJnpKETiRKFJmY7YawcUvC4ixF7XQc0luFWRDYcbxOppir+ieMqhGXyaFhLUuB4WXv+rFxfa3NmkBW8q5TPzt/PwWcXpITsYTZYla/E/grB+OeZLYgjigT5YlgytPHG6Gt1ySCCd8WXFWpkBbQfXzqcvtU27RCcAUgfXk5NLb7NZCQg7heGjgzOdYJCPsa1d3m7l04+VIKGCZdAgMBAAGjgfUwgfIwHwYDVR0jBBgwFoAU/Au8RJoOMaGDqYGHJx4FQsa/VvgwSAYDVR0gBEEwPzA9BghggRyG7yoBAjAxMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNmY2EuY29tLmNuL3VzL3VzLTE1Lmh0bTA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vMjEwLjc0LjQyLjMvT0NBMTEvUlNBL2NybDI1NzE3LmNybDALBgNVHQ8EBAMCA+gwHQYDVR0OBBYEFMjh6AzDCuNkD+pqQfiS6bqPGpI4MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEApZaLXS6/6FudPA3l2xom5U7nJUOpQ1E6DO/ic9dFGtLE0WgyAqB3JVPvXEntppX55x/dAV7rvvz9NaEdiAe8DAj7qyoPDvC8ZWQK8U4n9l8N78QwALOURxzQNs+CBatJQzbu2w1RKVwkfE6xEIVnu+wjiAtymfwdLHMagHxDIC/eOPbTnbbtITJk2ukFfoc0WJ6Awg5lW+x7nGokEn/XAjKyRHCpkRUFGQm4ww41zlrqCqQqnVGVABJtjbdtFf7nh33QHl0fkj19nfMox9eGuntPyM0bNA0XqPMA+FWSCqeDT6uLbyaOKWxlhv53U/NCJl76U3tssMEWsm9amEDDQg=="; + + parser.parse(userCert, issuerCert); + assertEquals("SHA1WITHRSA",parser.getSigAlgName()); + } + + @Test + public void parseSM3WITHSM2Test() { + CertParser parser = new CertParser(); + String issuerCert = + "-----BEGIN CERTIFICATE-----\n" + + "MIICTzCCAfOgAwIBAgIKJFSZ4SRVDndYUTAMBggqgRzPVQGDdQUAMF0xCzAJBgNV\n" + + "BAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBB\n" + + "dXRob3JpdHkxHDAaBgNVBAMME0NGQ0EgVEVTVCBDUyBTTTIgQ0EwHhcNMTIwODI5\n" + + "MDU0ODQ3WhcNMzIwODI0MDU0ODQ3WjBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwn\n" + + "Q2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQD\n" + + "DBNDRkNBIFRFU1QgU00yIE9DQTExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" + + "L1mx4wriQUojGsIkNL14kslv9nwiqsiVpELOZauzghrbccNlPYKNYKZOCvXwIIqU\n" + + "9QY02d4weqKqo/JMcNsKEaOBmDCBlTAfBgNVHSMEGDAWgBS12JBvXPDYM9JjvX6y\n" + + "w43GTxJ6YTAMBgNVHRMEBTADAQH/MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly8y\n" + + "MTAuNzQuNDIuMy90ZXN0cmNhL1NNMi9jcmwxLmNybDALBgNVHQ8EBAMCAQYwHQYD\n" + + "VR0OBBYEFL6mfk09fI+gVebBLwkuLCBDs0J/MAwGCCqBHM9VAYN1BQADSAAwRQIh\n" + + "AKuk7s3eYCZDck5NWU0eNQmLhBN/1zmKs517qFrDrkJWAiAP4cVfLtdza/OkwU9P\n" + + "PrIDl+E4aL3FypntFXHG3T+Keg==\n" + + "-----END CERTIFICATE-----"; + + String userCert = "MIICwDCCAmWgAwIBAgIFICdWkWgwDAYIKoEcz1UBg3UFADBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQDDBNDRkNBIFRFU1QgU00yIE9DQTExMB4XDTE5MDUxNjA4MTA1MVoXDTIxMDUxNjA4MTA1MVoweDELMAkGA1UEBhMCQ04xGDAWBgNVBAoMD0NGQ0EgVEVTVCBPQ0ExMTERMA8GA1UECwwITG9jYWwgUkExFTATBgNVBAsMDEluZGl2aWR1YWwtMTElMCMGA1UEAwwcMDUxQHpoYW5nbGluIUBaMTg2MTIyMjkyOTVAMzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPvNXpdZ4/4g+wx5qKS94CPkMqpEDhlnXYYW7ZzsbNI4d28sVBz5Ji6dTT1Zx627Kvw4tdUaUt7BVMvZsu3BFlyjgfQwgfEwHwYDVR0jBBgwFoAUvqZ+TT18j6BV5sEvCS4sIEOzQn8wSAYDVR0gBEEwPzA9BghggRyG7yoBAjAxMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNmY2EuY29tLmNuL3VzL3VzLTE1Lmh0bTA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vMjEwLjc0LjQyLjMvT0NBMTEvU00yL2NybDIxMDkuY3JsMAsGA1UdDwQEAwID6DAdBgNVHQ4EFgQUxR5C/VjASus5zrAAFS4ulMpRjKgwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAwGCCqBHM9VAYN1BQADRwAwRAIgVBzVi/fgkknr+2BH2wXeGMXC+Pa6p7rbldUsYMOYoyUCIAmQ4KEk2U1xJZSBpOPy5jN9kmRb+0YH6x04O/2tqCgq"; + + parser.parse(userCert, issuerCert); + assertEquals("SM3WITHSM2",parser.getSigAlgName()); + } + + @Test + public void authenticateIssuerByCATest() { + CertParser parser = new CertParser(); + String CACert = + "-----BEGIN CERTIFICATE-----\n" + + "MIICFDCCAbegAwIBAgIKPYozwkCO86Nd9TAMBggqgRzPVQGDdQUAMF0xCzAJBgNV\n" + + "BAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBB\n" + + "dXRob3JpdHkxHDAaBgNVBAMME0NGQ0EgVEVTVCBDUyBTTTIgQ0EwHhcNMTIwODI5\n" + + "MDMyOTQ2WhcNMzIwODI5MDMyOTQ2WjBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwn\n" + + "Q2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQD\n" + + "DBNDRkNBIFRFU1QgQ1MgU00yIENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" + + "tTjB3O4JueYFDDOtxH678HBZbEmrsgd3BDIdGf0BekyA26n9S0/pKPnjBh/zLouS\n" + + "8+GB5EEnjbn4An24yo1Gv6NdMFswHwYDVR0jBBgwFoAUtdiQb1zw2DPSY71+ssON\n" + + "xk8SemEwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFLXYkG9c\n" + + "8Ngz0mO9frLDjcZPEnphMAwGCCqBHM9VAYN1BQADSQAwRgIhAKwuuqoBS1bwDowW\n" + + "a4IU//UsvudswJYSlltqrd/PQ9q+AiEAyTUAjFdaGI+8yPdr3A93UiA38wtGPf9e\n" + + "6B6O/6abyWE=\n" + + "-----END CERTIFICATE-----"; + + String issuerCert = "-----BEGIN CERTIFICATE-----\n" + + "MIICTzCCAfOgAwIBAgIKJFSZ4SRVDndYUTAMBggqgRzPVQGDdQUAMF0xCzAJBgNV\n" + + "BAYTAkNOMTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBB\n" + + "dXRob3JpdHkxHDAaBgNVBAMME0NGQ0EgVEVTVCBDUyBTTTIgQ0EwHhcNMTIwODI5\n" + + "MDU0ODQ3WhcNMzIwODI0MDU0ODQ3WjBdMQswCQYDVQQGEwJDTjEwMC4GA1UECgwn\n" + + "Q2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQD\n" + + "DBNDRkNBIFRFU1QgU00yIE9DQTExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" + + "L1mx4wriQUojGsIkNL14kslv9nwiqsiVpELOZauzghrbccNlPYKNYKZOCvXwIIqU\n" + + "9QY02d4weqKqo/JMcNsKEaOBmDCBlTAfBgNVHSMEGDAWgBS12JBvXPDYM9JjvX6y\n" + + "w43GTxJ6YTAMBgNVHRMEBTADAQH/MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly8y\n" + + "MTAuNzQuNDIuMy90ZXN0cmNhL1NNMi9jcmwxLmNybDALBgNVHQ8EBAMCAQYwHQYD\n" + + "VR0OBBYEFL6mfk09fI+gVebBLwkuLCBDs0J/MAwGCCqBHM9VAYN1BQADSAAwRQIh\n" + + "AKuk7s3eYCZDck5NWU0eNQmLhBN/1zmKs517qFrDrkJWAiAP4cVfLtdza/OkwU9P\n" + + "PrIDl+E4aL3FypntFXHG3T+Keg==\n" + + "-----END CERTIFICATE-----"; + parser.parse(issuerCert, CACert); + assertEquals("SM3WITHSM2",parser.getSigAlgName()); + } }