package com.yussion.sign3;
import java.io.FileReader;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
/**
* 密钥对: ---JCE本身是支持DER编码密钥对的解析的,可以参见PKCS8EncodedKeySpec和X509EncodedKeySpec
* ---DER编码是ASN.1编码规则中的一个子集,最终呈现一堆有规律的二进制内容
* ---PKCS#8定义了私钥信息语法和加密私钥语法,而X509定义证书规范,通常都会用DER和PEM进行编码存储,而在JAVA中则使用的DER
*
* @author Administrator
*
*/
public class Utils {
// 1. DER编码
// 生成私钥对象,传入参数是DER编码的私钥内容
public static PrivateKey generatePrivateKey(byte[] key) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec keySpec = new PKCS8EncodedKeySpec(key);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(keySpec);
}
// 生成公钥对象的,传入参数是DER编码公钥内容
public PublicKey geneneratePublicKey(byte[] key) throws Exception {
KeySpec keySpec = new X509EncodedKeySpec(key);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(keySpec);
}
// 2. PEM编码
// PEM编码也是密钥对较常用的编码方式,openssl则是以PEM编码为主,相对DER对人可读性更强,以BASE64编码呈现,外围包上类似-----BEGIN
// RSA PRIVATE KEY-----
// JCE没有对PEM直接支持的方式,但是可以通过第三方包例如bouncycastle解析,当然如果想要自己理解pem编码结构,也可以自己写代码解析
// 使用bouncycastle解析PEM编码
public static void parasePem() throws Exception {
Security.addProvider(new BouncyCastleProvider());
String PRIVATE_KEY_PATH = "D:/cert/rootca_pri.pem";
PEMParser pemParser = new PEMParser(new FileReader(PRIVATE_KEY_PATH));
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build("".toCharArray());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
Object o;
KeyPair keyPair = null;
X509CertificateHolder holder = null;
PrivateKey pkey = null;
while ((o = pemParser.readObject()) != null) {
if (o instanceof PEMKeyPair){
keyPair = converter.getKeyPair((PEMKeyPair)o);
} else if (o instanceof PEMEncryptedKeyPair){
PEMEncryptedKeyPair pem = (PEMEncryptedKeyPair)o; //server.key
keyPair = converter.getKeyPair((pem).decryptKeyPair(decProv));
}else if (o instanceof X509CertificateHolder){ //rootca.pem
holder = (X509CertificateHolder)o;
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder);
pkey = generatePrivateKey(cert.getEncoded());
}else if(o instanceof ContentInfo) { //pkcs 7 data
ContentInfo d = (ContentInfo)o;
if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData)){
}
}else if(o instanceof ASN1ObjectIdentifier) {
ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier)o;
X9ECParameters ecSpec = ECNamedCurveTable.getByOID(ecOID);
}else if(o instanceof PEMKeyPair) {
PEMKeyPair pem = (PEMKeyPair)o; //ca.key
pkey = generatePrivateKey(pem.getPrivateKeyInfo().getEncoded());
}else if(o instanceof PrivateKeyInfo) {
PrivateKeyInfo pem = (PrivateKeyInfo)o; //rootca_pri.pem
pkey = generatePrivateKey(pem.getEncoded());
}
}
pemParser.close();
PublicKey pubk = keyPair.getPublic();
System.out.println(pubk);
PrivateKey prik = keyPair.getPrivate();
System.out.println(prik);
KeySpec keySpec = new X509EncodedKeySpec(pubk.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
System.out.println(keyFactory.generatePublic(keySpec));
KeySpec keySpec2 = new PKCS8EncodedKeySpec(prik.getEncoded());
System.out.println(keyFactory.generatePrivate(keySpec2));
}
public static void main(String[] args) throws Exception {
parasePem();
}
}
rootca_pri.pem:
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDC1+cZwd2WvByQ
PySyz5cHugJ6lbupGj1Ek+ccrvvyMZRYB9uQVJHFSK8ON2YP7CfIWmxSLsYY0DUE
0zhwF4QujKx6sJm29if4jmQYMbPcOhGxOQSm1uId6xkA+XMed0Q/vPp0hXjR4rAq
7CGEGP0e07Wa9ts0cxR+mwCVKiuW2X2EOEILpcx6a4mXTyPefzXm1M4OVAhEVRxr
HmMINFzduBxeg2CRpMW97BPsooP+ZpyY8XKXAM6Re5ZAKYlv08AuviSIurMVFSHr
fQaiRFmPB+JtQDyKcJHj+0tjSVlkk7NdS40bkvtghxXP+QwcIl5yGM64lpgDMWgQ
VO0ShuzI0LiLFIzPby6XiuMINRoGFH2tIbYBB+18GGvacTKFrfZJloLOJ10u/6Ss
3xdm6bJWkC0rahnoR00DKrOMxfNhoZDPyZr7+07fbaSzFYMYevrXQzqx69VW9CVb
SSEMXJEfpSngFsO7K8HDHFvB4YEHWXwavRVpxR2mg05wxUQCLG2SXLeICan0ZoOp
xEVmpEL/5Ao5266BdIqnKBlb0R3oAQpZulH7kuINh5l7++L7OYc/eYNmGNAfefNY
rLsh514iu00Ogb4QxR2JTns0vxvM/IRQLYeRrrTTAPHo+2JhkOGq8I6tdgaqV70N
uQCd6Ip9hhdJnGaq6hZreD7ashJdWwIDAQABAoICAQCB1EVMV26kowHRaBG3CDYV
0u8V6bHa0v4iNP9ZkIuW7UxwgAPgn0lmkLD8oxNh5rT3frEQ7dPX8txxM6E2p6TP
M7M2KXizfkBSEedGa8/yHctuMJUV6rdOwjmt+YmoskYKxoyImetQx2ElqKQIlnIL
WXx4HqcfwtLULcpsmmXjJVbKhIYVpsuigwdyiCxZdKBhCEmpKHs9tQyzn9LTQ7jh
kG1u2NG/GnEcxTLdiciz+oG8M55sWgBK1nPemw7WMd2sB8zmQqlTkfpBJNUHyM14
TgOlUplEkg/UPr0UEmr7ZqOstcv3pK/VuQ1iwAs+r/QIyNjuDIKMFh7GSyCRKNCb
MTuNOo1N1v2qoPNebDkXNx3hIk6QhcYeL8zFR6cIGn7sQcjUqmX7Pxj16yW86Vyc
XD0ESady0iMkUQCfPRj1QMGzlv39KwiPCK8GI07H5TsgEjMvTU1EXXlNNIg4RHJH
gF41G2NVD2n709JQKZsOqtba/MAX+Es4qy3IIBv9depr8Qg9Ca+9JHS7f7CyMNIq
DAtCaXXVoA3Dk8A5lEwyXxd3nDxRVqbQG6jWzwNnZ68GHKpQw69wc78kLdsj8HY9
Xof5yTsD3memuq6AYwIc+1bgjDLjj/uBpA54nAOfavP3BYeJ1DayQS0y6PQKB/5d
CmrpN9PO1DsAYTWtqsWNaQKCAQEA4RnxTw7e8/h1grPrnnrS63CKVAFp6oBcQ+O7
svr4e6q5VxdjkaKOHQvMjgVjPpdJA2DnVqJggi0PQunDxYI7rjrTOd6hPGUmwjxY
VBpGRVhv5Euzf2R476AmISBGL7FYidE933EqTuNMTaz+zWlOyGzF+04zOfox1GIn
DifMmNDSoEQZOi3TSWrqtAFP2T6nQvlLAnRjAOG3JJS1Ua5gUJlEvIfwdNOrAMx/
nn+24tSFpSkZ3ccZPU+Jauwvaj5UTNn0Dn8sjeJ059SjcQduoazE5wG4mgOoynsk
TaDmCWw1dyig/RvNC6RwZQ07wdJQlOKcGFvxgWw+sBuWG2agzQKCAQEA3ZayE2wI
ntVlUk0GU2hli6MCdFGx0M7vzo7s/MQGZWQCuOQ0vozXGty1Z3XfQdVnn/WiCeO1
ypazzO733E/EL9o81NrC3ZkG0vdKK05jDIEmsjwveHAJaWsEUA04jmVWpBjuappq
z+tBEacNn62cr6zvBnRPcDfAUOytzvsRA5yk794wwjhHwbXVEu0ibrgYpaGNhkq4
bmAu1LiBlfc56aKVuRPtotwEfid3pkKzE6ARRGtiQVSEnWe0POHXsdG6Rbvqt+Bn
EjaZoZCzbSWQDXju7w+W7PyFWDBhvnfBhXsiO5bcobdBiwNsAfYNA1yYQ6i3yz05
VdkKUPIMhmDWxwKCAQA6RuQhaqEwGogZwYjjq7rFd4poe0E3k+nPLbtfd/gy1B1N
veFqR+JxBKf9sMlj3/joJgNee4VuzkmgMjMcBD59Of+LgObPYwSozsSzaWX9+Apn
2W1sMs/Ygea9NsTU/h4E+CYDniGs8M3FYl9JQNVDsF2FVVaP0QVrjcm8sXMXsSCG
m3rIhCqqXELNPXW1sbHN9gqEZStohAdNMi7LKdEHrNaN1MfdBxvDhi4YE8p+aTT8
cGqg7zXKmLfj9afE4sQibV7xDd20EgfgKT3zOlBbDQahI+HuBbqCSWU5r8k+cURa
SCt9u9/W/siWcNmisVdpZE2zRMJ+lk6Ye1veVjCVAoIBAEqnutdQTpc0zi4sRTVU
tuGUyf7mh0ISdjjhbna6lG0UhNZGDH8mdFJYicWRsOY9P+xklXM/hL/8hhdFa7yO
I0r7/AK6sWx3YhUxu4tbnYNY//CM1nF9Ta52n71YtvVCry4aODkyTUo/uGx6G9zw
YRnO6bkC9sCYB/M7ylMxw0m0PN2TvlmxHHvnByKZQkCLRcKH62aTRg/p191TTFV6
NcjBPjBcxnNYLStToLwjPLIf+7FRfIkGMKfXiKH6dPEz984Gwc2xjQhV3OzSE6Fy
RlZDqDxixDaT3VkY89V4A3s1QRNSgIL7etmbDYibnUbEq4ggD8wplGeX+CHNaurb
NYECggEAYvGZNq0jq/sXegL+LK9PV2+AxwZXsSG9uNkNkwdoG/mz98yKrkEC0uo9
YtzXChWq24JW2JOVf4gWi64TmForkdZ5FbOE8Eft4XXcxW802J2dpagZ+hf0oMzR
twrci7SakU3erG7JxbKdAd096tQabHbzCz10mKU6DJer8RkzvAlJpWOD3dA0S67v
OnZkxIGojQBbi0W2dzCiT3rgisSftWpm6mSS1IOAgSino6JjUysSq/yiajculjWc
5aOWVy1V45T5fyRafKjQeEm6IxfW2goPBHOwOhF9HVOdlUuEGYHKRsTE4sRAmM0l
Iq81CoJBTo7yCyri4cy6l+YW/ZFpvw==
-----END PRIVATE KEY-----