290 lines
12 KiB
Java
290 lines
12 KiB
Java
package vpki;
|
|
|
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
import org.bouncycastle.util.encoders.Base64;
|
|
import org.json.simple.JSONObject;
|
|
import org.json.simple.parser.JSONParser;
|
|
import vpki.core.HttpFactory;
|
|
import vpki.core.PkiFactory;
|
|
|
|
import java.io.ByteArrayOutputStream;
|
|
import java.io.IOException;
|
|
import java.math.BigInteger;
|
|
import java.security.*;
|
|
import java.security.interfaces.ECPublicKey;
|
|
import java.security.spec.ECGenParameterSpec;
|
|
import java.security.spec.ECParameterSpec;
|
|
import java.security.spec.ECPoint;
|
|
import java.security.spec.ECPublicKeySpec;
|
|
|
|
public class VpkiApplication {
|
|
JSONObject jSONObject;
|
|
String macAddress;
|
|
String wmi;
|
|
String iftid;
|
|
String pubKeyHex;
|
|
|
|
KeyPair keyPair;
|
|
|
|
String hashedCsrStr;
|
|
String pcid;
|
|
|
|
public void init() throws Exception {
|
|
keyPair = PkiFactory.generateKeyPair(ConfigureInfo.KEY_ALGORITHM);
|
|
jSONObject = new JSONObject();
|
|
|
|
macAddress = "9C36F800001E";
|
|
wmi = "KMH";
|
|
iftid = "ift01";
|
|
|
|
}
|
|
|
|
public JSONObject getCsr() throws Exception {
|
|
|
|
|
|
ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
|
|
byte[] tmp = new byte[]{0x04};
|
|
byte[] x = publicKey.getW().getAffineX().toByteArray(); //getQ().getXCoord().getEncoded();
|
|
byte[] y = publicKey.getW().getAffineY().toByteArray(); //getQ().getYCoord().getEncoded();
|
|
byte[] xy = new byte[x.length+y.length+1];
|
|
|
|
System.out.println("Client PubKey: " + Base64.toBase64String(keyPair.getPublic().getEncoded()));
|
|
System.out.println("PubKey x.length: " + x.length);
|
|
System.out.println("PubKey y.length: " + y.length);
|
|
System.out.println("Client PriKey: " + Base64.toBase64String(keyPair.getPrivate().getEncoded()));
|
|
|
|
System.arraycopy(tmp, 0, xy, 0, 1);
|
|
if(x.length > 32) {
|
|
System.arraycopy(x, 1, xy, 1, 32);
|
|
}else{
|
|
System.arraycopy(x, 0, xy, 1, 32);
|
|
}
|
|
if(y.length > 32) {
|
|
System.arraycopy(y, 1, xy, 33, 32);
|
|
}else{
|
|
System.arraycopy(y, 0, xy, 33, 32);
|
|
}
|
|
|
|
|
|
//hashed CSR Request
|
|
jSONObject.put("iftid",iftid);
|
|
jSONObject.put("macaddr",macAddress);
|
|
jSONObject.put("publickey", Base64.toBase64String(xy));
|
|
jSONObject.put("wmi",wmi);
|
|
|
|
String hashedCSRReqStr = jSONObject.toJSONString();
|
|
System.out.println(">> hashedCSR Request :" + hashedCSRReqStr);
|
|
byte[] hashedCSRBytes = HttpFactory.sendPost(hashedCSRReqStr.getBytes(), HttpFactory.REQUESTTYPE.HASHEDCSR);
|
|
System.out.println(">> hashedCSR Response :" + new String(hashedCSRBytes));
|
|
|
|
JSONParser jsonParser = new JSONParser();
|
|
jSONObject = (JSONObject) jsonParser.parse(new String(hashedCSRBytes));
|
|
String status = (String) jSONObject.get("status");
|
|
|
|
if(!status.equalsIgnoreCase("success")) {
|
|
throw new Exception((String) jSONObject.get("message"));
|
|
}
|
|
|
|
return (JSONObject) jSONObject.get("data");
|
|
}
|
|
|
|
public JSONObject getCertificate() throws Exception {
|
|
//Certificate Request
|
|
byte[] signedCSRBytes = PkiFactory.signECDSAHashedValue(Base64.decode(hashedCsrStr), keyPair.getPrivate());
|
|
boolean verify1 = PkiFactory.verifyECDSAHashedValue(Base64.decode(hashedCsrStr), keyPair.getPublic(), signedCSRBytes);
|
|
|
|
byte[] rawSignData = getRawSignatureFromDEREncoding(signedCSRBytes);
|
|
|
|
jSONObject = new JSONObject();
|
|
jSONObject.put("iftid",iftid);
|
|
jSONObject.put("csrsignature",Base64.toBase64String(rawSignData));
|
|
|
|
String csrsignatureReqStr = jSONObject.toJSONString();
|
|
System.out.println(">> CSRSignatureValue Request :" + csrsignatureReqStr);
|
|
byte[] certificateBytes = HttpFactory.sendPost(csrsignatureReqStr.getBytes(), HttpFactory.REQUESTTYPE.CERTIFICATE);
|
|
System.out.println(">> CSRSignatureValue Response :" + new String(certificateBytes));
|
|
|
|
JSONParser jsonParser = new JSONParser();
|
|
jSONObject = (JSONObject) jsonParser.parse(new String(certificateBytes));
|
|
String status = (String) jSONObject.get("status");
|
|
|
|
if(!status.equalsIgnoreCase("success")) {
|
|
throw new Exception((String) jSONObject.get("message"));
|
|
}
|
|
|
|
return (JSONObject) jSONObject.get("data");
|
|
}
|
|
|
|
public static byte[] getRawSignatureFromDEREncoding(byte[] derEncodedSignature) {
|
|
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
|
byte[] r = new byte[32];
|
|
byte[] s = new byte[32];
|
|
|
|
// Length of r is encoded in the fourth byte
|
|
int lengthOfR = derEncodedSignature[3];
|
|
|
|
// Length of r is encoded in the second byte AFTER r
|
|
int lengthOfS = derEncodedSignature[lengthOfR + 5];
|
|
|
|
// Length of r and s are either 33 bytes (including padding byte 0x00), 32 bytes (normal), or less (leftmost 0x00 bytes were removed)
|
|
try {
|
|
if (lengthOfR == 33) System.arraycopy(derEncodedSignature, 5, r, 0, lengthOfR - 1); // skip leftmost padding byte 0x00
|
|
else if (lengthOfR == 32) System.arraycopy(derEncodedSignature, 4, r, 0, lengthOfR);
|
|
else System.arraycopy(derEncodedSignature, 4, r, 32 - lengthOfR, lengthOfR); // destPos = number of leftmost 0x00 bytes
|
|
|
|
if (lengthOfS == 33) System.arraycopy(derEncodedSignature, lengthOfR + 7, s, 0, lengthOfS - 1); // skip leftmost padding byte 0x00
|
|
else if (lengthOfS == 32) System.arraycopy(derEncodedSignature, lengthOfR + 6, s, 0, lengthOfS);
|
|
else System.arraycopy(derEncodedSignature, lengthOfR + 6, s, 32 - lengthOfS, lengthOfS); // destPos = number of leftmost 0x00 bytes
|
|
} catch (ArrayIndexOutOfBoundsException e) {
|
|
}
|
|
|
|
try {
|
|
baos.write(r);
|
|
baos.write(s);
|
|
} catch (IOException e) {
|
|
}
|
|
|
|
byte[] rawRAndS = baos.toByteArray();
|
|
|
|
return rawRAndS;
|
|
}
|
|
|
|
public JSONObject verify() throws Exception {
|
|
jSONObject = new JSONObject();
|
|
jSONObject.put("iftid",iftid);
|
|
// jSONObject.put("subjectdn",String.format(ConfigureInfo.revokeDN,pcid));
|
|
jSONObject.put("pcid",pcid);
|
|
jSONObject.put("result","fail");
|
|
|
|
String verifyResultReqStr = jSONObject.toJSONString();
|
|
System.out.println(">> VerifyResult Request :" + verifyResultReqStr);
|
|
byte[] verifyResultRespBytes = HttpFactory.sendPost(verifyResultReqStr.getBytes(), HttpFactory.REQUESTTYPE.VERITYRESULT);
|
|
System.out.println(">> VerifyResult Response :" + new String(verifyResultRespBytes));
|
|
|
|
JSONParser jsonParser = new JSONParser();
|
|
jSONObject = (JSONObject) jsonParser.parse(new String(verifyResultRespBytes));
|
|
String status = (String) jSONObject.get("status");
|
|
|
|
if(!status.equalsIgnoreCase("success")) {
|
|
throw new Exception((String) jSONObject.get("message"));
|
|
}
|
|
|
|
return (JSONObject) jSONObject.get("data");
|
|
}
|
|
|
|
public static void main(String[] args) {
|
|
VpkiApplication app = new VpkiApplication();
|
|
try {
|
|
|
|
app.init();
|
|
|
|
JSONObject res1 = app.getCsr();
|
|
app.hashedCsrStr = (String) res1.get("hashedtbscsr");
|
|
app.pcid = (String) res1.get("pcid");
|
|
System.out.println();
|
|
|
|
JSONObject res2 = app.getCertificate();
|
|
System.out.println();
|
|
|
|
JSONObject res3 = app.verify();
|
|
System.out.println();
|
|
|
|
} catch (Exception e) {
|
|
e.printStackTrace();
|
|
}
|
|
}
|
|
// public static void main(String[] args) {
|
|
// //Parameter
|
|
// String macAddress = "abcd0123456";
|
|
// String wmi = "KMH";
|
|
// String iftid = "ift01";
|
|
//
|
|
// String pubKeyHex = "04BB751403B9E7D6C5132292DBED87F2D739C4811BA5B9ED185D26544C90E4A3CE03308AE2D6744AE83A3762B58BF864BE66373338DC8775F507F96AAE4C487A5C";
|
|
// String signedDataHex = "B23F130B068AB4FA88057AFA87225A7BC481E33BF91941FB561535D75868A593E7C82B04B50A0E975B6F92659D41B83082981DAE3FB9708560BE91622CFE3076";
|
|
//
|
|
// try {
|
|
// Security.addProvider(new BouncyCastleProvider());
|
|
// System.out.println("KMH CMS Test Application");
|
|
//
|
|
// byte[] pubKeyBytes = hexStringToByteArray(pubKeyHex);
|
|
// byte[] signBytes = hexStringToByteArray(signedDataHex);
|
|
// System.out.println("Test Pub Key : " + Base64.toBase64String(pubKeyBytes));
|
|
// System.out.println("Test signature : " + Base64.toBase64String((signBytes)));
|
|
//
|
|
// int EC_POINTSIZE = 32;
|
|
// byte[] processedXData = new byte[EC_POINTSIZE];
|
|
// byte[] processedYData = new byte[EC_POINTSIZE];
|
|
// System.arraycopy(pubKeyBytes, 1, processedXData, 0, EC_POINTSIZE);
|
|
// System.arraycopy(pubKeyBytes, EC_POINTSIZE + 1, processedYData, 0, EC_POINTSIZE);
|
|
//
|
|
// ECPoint pubPoint = new ECPoint(new BigInteger(1, processedXData), new BigInteger(1, processedYData));
|
|
// AlgorithmParameters params = AlgorithmParameters.getInstance("EC", "BC");
|
|
// params.init(new ECGenParameterSpec("prime256v1"));
|
|
// ECParameterSpec ecParameters = params.getParameterSpec(ECParameterSpec.class);
|
|
// ECPublicKeySpec pubECSpec = new ECPublicKeySpec(pubPoint, ecParameters);
|
|
// ECPublicKey publicKey = (ECPublicKey) KeyFactory.getInstance("EC", "BC").generatePublic(pubECSpec);
|
|
//
|
|
// System.out.println("Test Pub Key : " + Base64.toBase64String(publicKey.getEncoded()));
|
|
//
|
|
// //Create Key Pair
|
|
// KeyPair keyPair = PkiFactory.generateKeyPair(ConfigureInfo.KEY_ALGORITHM);
|
|
// String b64PubKey = Base64.toBase64String(keyPair.getPublic().getEncoded());
|
|
// String b64PriKey = Base64.toBase64String(keyPair.getPrivate().getEncoded());
|
|
//
|
|
// System.out.println("PublicKey :" + b64PubKey);
|
|
// System.out.println("PrivateKey :" + b64PriKey);
|
|
//
|
|
// //hashed CSR Request
|
|
// JSONObject jSONObject = new JSONObject();
|
|
// jSONObject.put("iftid",iftid);
|
|
// jSONObject.put("macaddr",macAddress);
|
|
// jSONObject.put("publickey",b64PubKey);
|
|
// jSONObject.put("wmi",wmi);
|
|
// String hashedCSRReqStr = jSONObject.toJSONString();
|
|
// System.out.println("hashedCSR Request :" + hashedCSRReqStr);
|
|
// byte[] hashedCSRBytes = HttpFactory.sendPost(hashedCSRReqStr.getBytes(), HttpFactory.REQUESTTYPE.HASHEDCSR);
|
|
// System.out.println("hashedCSR Response :" + new String(hashedCSRBytes));
|
|
//
|
|
// JSONParser jsonParser = new JSONParser();
|
|
// jSONObject = (JSONObject) jsonParser.parse(new String(hashedCSRBytes));
|
|
// JSONObject jSONObjectData = (JSONObject) jSONObject.get("data");
|
|
// String hashedCsrStr = (String) jSONObjectData.get("hashedtbscsr");
|
|
// String pcid = (String) jSONObjectData.get("pcid");
|
|
//
|
|
// //Certificate Request
|
|
// byte[] signedCSRBytes = PkiFactory.signECDSAHashedValue(Base64.decode(hashedCsrStr), keyPair.getPrivate());
|
|
// jSONObject = new JSONObject();
|
|
// jSONObject.put("iftid",iftid);
|
|
// jSONObject.put("csrsignature",Base64.toBase64String(signedCSRBytes));
|
|
// String csrsignatureReqStr = jSONObject.toJSONString();
|
|
// System.out.println("CSRSignatureValue Request :" + csrsignatureReqStr);
|
|
// byte[] certificateBytes = HttpFactory.sendPost(csrsignatureReqStr.getBytes(), HttpFactory.REQUESTTYPE.CERTIFICATE);
|
|
// System.out.println("CSRSignatureValue Response :" + new String(certificateBytes));
|
|
//
|
|
// //VerifyResult Request
|
|
// jSONObject = new JSONObject();
|
|
// jSONObject.put("iftid",iftid);
|
|
// jSONObject.put("subjectdn",String.format(ConfigureInfo.revokeDN,pcid));
|
|
// jSONObject.put("result","fail");
|
|
// String verifyResultReqStr = jSONObject.toJSONString();
|
|
// System.out.println("VerifyResult Request :" + verifyResultReqStr);
|
|
// byte[] verifyResultRespBytes = HttpFactory.sendPost(verifyResultReqStr.getBytes(), HttpFactory.REQUESTTYPE.VERITYRESULT);
|
|
// System.out.println("VerifyResult Response :" + new String(verifyResultRespBytes));
|
|
//
|
|
// System.out.println("end");
|
|
// } catch (Exception e) {
|
|
// e.printStackTrace();
|
|
// }
|
|
// }
|
|
|
|
public static byte[] hexStringToByteArray(String s) {
|
|
int len = s.length();
|
|
byte[] data = new byte[len / 2];
|
|
for (int i = 0; i < len; i += 2) {
|
|
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
|
|
+ Character.digit(s.charAt(i+1), 16));
|
|
}
|
|
return data;
|
|
}
|
|
}
|