package com.sdyy.common.bc_sm2;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
/**
* @创建人
* @创建时间 2020/5/7
* @描述
*/
public class BcUtils {
// private static String sm2PfxLocation = ConfigService.getConfig("SM2_PFX_LOCATION");
private static String certStr = "MIIBszCCAV6gAwIBAgIGAWEmMrj+MAwGCCqBHM9VAYN1BQAwHzELMAkGA1UEBhMC\n" +
"Q04xEDAOBgNVBAMTB0F1dG9DQUQwHhcNMTgwMTI0MDMyNTEyWhcNMzUwODA1MTYw\n";
public static void main(String[] args) throws Exception{
String orgData = "123123123";//要签名的数据
String algorithm = "SM3withSM2";
String yqData = "123123123";//要签名的数据
String pfxFile = "D:/ESM.pfx";//sm2证书对应的pfx
String password = "111111"; //pfx访问密码
Security.addProvider(new BouncyCastleProvider());
FileInputStream fis = new FileInputStream(pfxFile);
KeyStore ks2 = KeyStore.getInstance("PKCS12", "BC");
ks2.load(fis, password.toCharArray());
Enumeration enum1 = ks2.aliases();
String keyAlias = null;
if (enum1.hasMoreElements())
{
keyAlias = (String)enum1.nextElement();
}
Signature sig = Signature.getInstance(algorithm, "BC");
sig.initSign((PrivateKey) ks2.getKey(keyAlias, null), new SecureRandom());
sig.update(orgData.getBytes());
byte[] rs = sig.sign();
String str = Hex.toHexString(rs);
System.out.println(str);
//验证签名
sm2VerifySignedData(rs,certStr,yqData);
}
/**
*sm2对签名后的数据进行验签
* @param rs 签名产生签名值
* @param certKey 证书串,及公钥
* @param signValue 签名原文
* @return
*/
public static void sm2VerifySignedData(byte[] rs,String certKey,String signValue){
try {
CertificateFactory factory = new CertificateFactory();
X509Certificate certificate = (X509Certificate) factory.engineGenerateCertificate(new ByteArrayInputStream(Base64.decode(certKey)));
System.out.println(certificate.getSigAlgName());
// 验证签名
Signature signature = Signature.getInstance(certificate.getSigAlgName(), new BouncyCastleProvider());
signature.initVerify(certificate);
signature.update(signValue.getBytes(StandardCharsets.UTF_8));
System.out.println(signature.verify(rs));
}catch (Exception e){
e.printStackTrace();
}
}
//bc包sm2签名
/**
* bc包sm2签名
* @param data 待签数据
* @param pfxFile pfx文件地址(sm2证书对应的pfx)
* @param password pfx访问密码
* @return 签名值
*/
public static byte[] sm2SignData(String data,String pfxFile,String password){
try {
String algorithm = "SM3withSM2";
Security.addProvider(new BouncyCastleProvider());
FileInputStream fis = new FileInputStream(pfxFile);
KeyStore ks2 = KeyStore.getInstance("PKCS12", "BC");
ks2.load(fis, password.toCharArray());
Enumeration enum1 = ks2.aliases();
String keyAlias = null;
if (enum1.hasMoreElements())
{
keyAlias = (String)enum1.nextElement();
}
Signature sig = Signature.getInstance(algorithm, "BC");
sig.initSign((PrivateKey) ks2.getKey(keyAlias, null), new SecureRandom());
sig.update(data.getBytes());
byte[] rs = sig.sign();
String str = Hex.toHexString(rs);
System.out.println(str);
return rs;
}catch (Exception e){
e.printStackTrace();
}
return null;
}
}