暂缓
package cn.trust.mobile.key.api.secx;
import android.app.Activity;
import android.content.Context;
import android.hardware.biometrics.BiometricPrompt;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.support.annotation.RequiresApi;
import android.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
public class SecurityKeyCore implements ISecurityKeyCore {
private Activity mContext;
private ConfigManager mConfigManager;
private int sdkVersion;
private OnAuthenticationResult mOnAuthCoreResult;
private SecStoreUtil secStoreUtil;
private final String SIGN_ALGORITHMS = "SHA256WithRSA";
private final String CIPHER_ALGORITHMS = "RSA/ECB/PKCS1Padding";
private final String KEY_ALGORITHM_RSA = "RSA";
private final int KEY_SIZE = 1024;
private final String AKEY_KEYNAME = "SECX_ENCKEYNAME";//加密的keyName
private final String AKEY_SEED_PWD = "SECX_SEEDPWD";//密码种子
private final String AKEY_SEED_NPWD = "SECX_SEEDNPWD";//密码种子
private final String AKEY_SEED_KS = "SECX_SEEDKS";//ks密码种子
private final String AKEY_SEED_NEW_KS = "SECX_SEEDENEWKS";//新ks密码种子
private final String AKEY_SEED_KSFILE= "SECX_SEEDKSFILE";//文件密码种子
private final String AKEY_SEED_NEW_KSFILE= "SECX_SEEDNEWKSFILE";//新文件密码种子
private final String AKEY_PWD = "SECX_ENCPWD";//加密密码
private final String AKEY_NPWD = "SECX_ENCNPWD";//新密码
private final String AKEY_KSFILE = "SECX_KSFILE";
private final String AKEY_PUBKEY = "SECX_PUBKEY";
// private final String AKEY_P10 = "P10REQ"; //暂时生不了P10,暂不使用
private final String AKEY_SEED_SERVER_KEY1 = "SECX_SEED_SERVERKEY1";//远程访问的种子
private final String AKEY_SEED_SERVER_KEY2 = "SECX_SEED_SERVERKEY2";//本地
private final String AKEY_SERVER_KEY2 = "SECX_FILE_SERVERKEY2";
public SecurityKeyCore(Context context) {
mContext = (Activity) context;
mConfigManager = ConfigManager.getInstance(context);
sdkVersion = mConfigManager.getSDKVersion();
secStoreUtil = SecStoreUtil.getSecStoreUtils(context);
}
// 接口方法,生密钥,建议接口调用时keyName为keyName+userId区分不同用户
public void generateSecretKey(String keyName,String keyPwd,boolean useFinger){
String encKeyName,encKeyPwd,encKSPwd,encFilePwd;
try {
encKeyName = setEncKeyName(keyName,keyName);
encKeyPwd = setEncodedPwd(keyPwd,encKeyName);
encKSPwd = setKSPwd(keyPwd,encKeyName);
encFilePwd = setSymmetricPwd(keyPwd,encKeyName);
} catch (Exception e) {
e.printStackTrace();
mOnAuthCoreResult.onAuthGenerateResult(SecurityKeyEngine.ERROR_SECSTORGE_EXCEPTION,null);
return;
}
// TODO 在不在安全硬件里暂时都通过AndroidKeyStore生成
// if (sdkVersion == ConfigManager.SDK_VERSION_H && mFingerHelper.checkKeyIsInsideSecureHardware()) {
if (sdkVersion == ConfigManager.SDK_VERSION_H) {
generateKeyAbove6(encKeyName,encKeyPwd,useFinger);
} else if (canCreateInTEE()) {
//TODO 生秘钥
//TODO 存储公钥
// secStoreUtil.putString(AKEY_PUB + keyName, securityCipher.encryptString(Base64.encodeToString(pubKey.getEncoded(), Base64.NO_WRAP)));
mOnAuthCoreResult.onAuthGenerateResult(SecurityKeyEngine.SUCCESS,null);
// return SecurityKeyEngine.SUCCESS;
} else if (sdkVersion == ConfigManager.SDK_VERSION_M || sdkVersion == ConfigManager.SDK_VERSION_L) {
generateKeyBelow6(encKeyName,encKeyPwd,encKSPwd,encFilePwd,useFinger);
} else {
mOnAuthCoreResult.onAuthGenerateResult(SecurityKeyEngine.ERROR_API_VERSION_NOT_SUPPORT,null);
// return SecurityKeyEngine.ERROR_API_VERSION_NOT_SUPPORT;
}
}
// 接口方法,获取公钥
public byte[] getPublicKey(String keyName) {
// keyName暂不使用,公钥从安全插件中取,也可以从keystore中取(复杂)
try {
String publicKey = secStoreUtil.decryptString(secStoreUtil.getString(AKEY_PUBKEY + getEncKeyName(keyName)));
if (publicKey != null) {
return Base64.decode(publicKey, Base64.NO_WRAP);
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
// 接口方法,获取公钥
public boolean containsKey(String keyName) {
// keyName暂不使用,公钥从安全插件中取,也可以从keystore中取(复杂)
try {
String publicKey = secStoreUtil.decryptString(secStoreUtil.getString(AKEY_PUBKEY + getEncKeyName(keyName)));
if (publicKey != null) {
return true;
}
} catch (Exception e) {
e.printStackTrace();
return false;
}
return false;
}
// 接口方法,存储数据
public int putEncKey(String keyId, String data) {
try {
String random = UUIDUtil.getUUID();
secStoreUtil.putString(AKEY_SEED_SERVER_KEY2 + keyId,secStoreUtil.encryptString(random));
String filePwd = SecxUtil.getMD5Code(random + mConfigManager.getCheckSecretParams() + "trustdo");
if(filePwd!=null){
byte[] encData = SecxUtil.get3DESEncryptCBC(data.getBytes(), filePwd.getBytes());
if(encData!=null){
secStoreUtil.putString(AKEY_SERVER_KEY2 + keyId,secStoreUtil.encryptString(ByteStreamUtils.bytesToHexString(encData)));
return SecurityKeyEngine.SUCCESS;
}else {
return SecurityKeyEngine.ERROR_CIPHER_ENCKEY_NULL;
}
}else{
return SecurityKeyEngine.ERROR_CIPHER_ENCKEY_NULL;
}
} catch (Exception e) {
e.printStackTrace();
return SecurityKeyEngine.ERROR_SECSTORGE_EXCEPTION;
}
}
//获取数据
public String getEncKey(String keyId){
try {
String encDataStr = secStoreUtil.getString(AKEY_SERVER_KEY2 + keyId);
String decDataStr = secStoreUtil.decryptString(encDataStr);
String encRandom = secStoreUtil.getString(AKEY_SEED_SERVER_KEY2 + keyId);
String decRandom = secStoreUtil.decryptString(encRandom);
String filePwd = SecxUtil.getMD5Code(decRandom + mConfigManager.getCheckSecretParams() + "trustdo");
byte[] decData = SecxUtil.get3DESDecryptCBC(ByteStreamUtils.hexStringToBinary(decDataStr), filePwd.getBytes());
return new String(decData);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
// 接口方法,签名
public void signature(String keyName,String keyPwd,byte[] dataToSign) {
// TODO 在不在安全硬件里暂时都通过AndroidKeyStore生成
// if (sdkVersion == ConfigManager.SDK_VERSION_H && mFingerHelper.checkKeyIsInsideSecureHardware()) {
if (sdkVersion == ConfigManager.SDK_VERSION_H) {
try {
String encKeyName = getEncKeyName(keyName);
//检验数据
if ("".equals(dataToSign) || null == dataToSign) {
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_SIGN_GET_SIGN_DATA,null);
return;
}
//检验密码
if(!verifyPwd(keyPwd,encKeyName)){
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_PASSWORD_INCORRECT, null);
return;
}
signatureAbove6(encKeyName,getEncodedPwd(encKeyName),dataToSign);
} catch (Exception e) {
e.printStackTrace();
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_SECSTORGE_EXCEPTION, null);
}
}else if(canCreateInTEE()){
try {
String encKeyName = getEncKeyName(keyName);
//检验数据
if ("".equals(dataToSign) || null == dataToSign) {
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_SIGN_GET_SIGN_DATA,null);
return;
}
//检验密码
if(!verifyPwd(keyPwd,encKeyName)){
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_PASSWORD_INCORRECT, null);
return;
}
//TODO 签名操作
} catch (Exception e) {
e.printStackTrace();
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_SECSTORGE_EXCEPTION, null);
}
}else if( sdkVersion == ConfigManager.SDK_VERSION_M || sdkVersion == ConfigManager.SDK_VERSION_L){
try {
String encKeyName = getEncKeyName(keyName);
//检验数据
if ("".equals(dataToSign) || null == dataToSign) {
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_SIGN_GET_SIGN_DATA,null);
return;
}
//检验密码
if(!verifyPwd(keyPwd,encKeyName)){
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_PASSWORD_INCORRECT, null);
return;
}
signatureBelow6(encKeyName,getEncodedPwd(encKeyName),getKSPwd(keyPwd,encKeyName),getSymmetricPwd(keyPwd,encKeyName),dataToSign);
} catch (Exception e) {
e.printStackTrace();
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_SECSTORGE_EXCEPTION, null);
}
}else{
mOnAuthCoreResult.onAuthSignResult(SecurityKeyEngine.ERROR_API_VERSION_NOT_SUPPORT, null);
}
}
// 接口方法,删除密钥
public void deleteSecretKey(String keyName,String keyPwd) {
// TODO 在不在安全硬件里暂时都通过AndroidKeyStore生成
// if (sdkVersion == ConfigManager.SDK_VERSION_H && mFingerHelper.checkKeyIsInsideSecureHardware()) {
if (sdkVersion == ConfigManager.SDK_VERSION_H) {
try {
String encKeyName = getEncKeyName(keyName);
//检验密码
if(!verifyPwd(keyPwd,encKeyName)){
mOnAuthCoreResult.onAuthDeleteResult(SecurityKeyEngine.ERROR_PASSWORD_INCORRECT, null);
return;
}
deleteAbove6(keyName,encKeyName,getEncodedPwd(encKeyName));
} catch (Exception e) {
e.printStackTrace();
mOnAuthCoreResult.onAuthDeleteResult(SecurityKeyEngine.ERROR_SECSTORGE_EXCEPTION, null);
}
}else if(canCreateInTEE()){
try {
String encKeyName = getEncKeyName(keyName);
//检验密码
if(!verifyPwd(keyPwd,encKeyName)){
mOnAuthCoreResult.onAuthDeleteResult(SecurityKeyEngine.ERROR_PASSWORD_INCORRECT, null);
return;
}
//TODO 删除操作
} catch (Exception e) {
e.printStackTrace();
mOnAuthCoreResult.onAuthDeleteResult(SecurityKeyEngine.ERROR_SECSTORGE_EXCEPTION, null);
}
}else if( sdkVersion == ConfigManager.SDK_VERSION_M || sdkVersion == ConfigManager.SDK_VERSION_L){
try {
String encKeyName = getEncKeyName(keyName);
//检验密码
if(!verifyPwd(keyPwd,encKeyName)){