转载

汇付天下工具包接入改造

汇付天下接入的时候，也存在各种文件证书等等，并且他们是基于CFCA证书，很难只用证书中的公私钥。

因为还有之前别的jar包可使用，就忽略了汇付天下的3jar包引入。

jar包 sadk-cmbc-3.1.0.8.jar （下载完毕后修改文件名）

代码示例：

import java.security.PrivateKey;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import cfca.internal.tool.PKCS12;
import cfca.sm2rsa.common.Mechanism;
import cfca.sm2rsa.common.PKCS7SignedData;
import cfca.util.SignatureUtil;
import cfca.util.cipher.lib.JCrypto;
import cfca.util.cipher.lib.Session;
import cfca.x509.certificate.X509Cert;
import cfca.x509.certificate.X509CertValidator;

public class CfcaUtil {

public static String signBySha256WithRSA(String content, String pfxContent, String pfxPwd)
throws xxxException {
try {
PKCS12 pkcs12 = new PKCS12();
pkcs12.load(Base64.decodeBase64(pfxContent));
pkcs12.decrypt(pfxPwd.toCharArray());
PrivateKey privateKey = pkcs12.getPrivateKey();
X509Cert x509Cert = pkcs12.getCerts()[0];
SignatureUtil sigUtil = new SignatureUtil();
byte[] signature = sigUtil.p7SignMessageAttach(Mechanism.SHA256_RSA, content.getBytes("UTF-8"), privateKey,
x509Cert, getSession());
return Base64.encodeBase64String(signature);
} catch (Exception e) {
LOGGER.error("CfcaUtil.signBySha256WithRSA|签名失败", e);
throw new xxxException("");
}
}

public static Session getSession() throws xxxException{
try {
JCrypto.getInstance().initialize(SystemConfig.CFCA_SESSION_TYPE, null);
return JCrypto.getInstance().openSession(JCrypto.JSOFT_LIB);
} catch (Exception e) {
LOGGER.error("CfcaUtil.getSession|异常", e);
throw new xxxException("");
}
}

public static void verifyCer(X509Cert userX509Cert, String cerContent) throws xxxException{
try {
X509Cert x509Cert = new X509Cert(Base64.decodeBase64(cerContent));
X509CertValidator.updateTrustCertsMap(x509Cert);
if (!X509CertValidator.validateCertSign(userX509Cert)) {
LOGGER.error("CfcaUtil.verifyCer|userX509Cert is wrong!");
throw new xxxException("");
}
} catch (xxxException e) {
throw e;
} catch (Exception e) {
LOGGER.error("CfcaUtil.verifyCer|验证证书异常", e);
throw new xxxException("");
}
}

public static void verifyMer(String merId, X509Cert x509Cert) throws xxxException{
try {
String subject = x509Cert.getSubject();
if (StringUtils.isBlank(merId)) {
throw new xxxException("");
}
if (!subject.contains(merId)) {
throw new xxxException("");
}
} catch (xxxExceptione) {
throw e;
} catch (Exception e) {
LOGGER.error("CfcaUtil.verifyMer|异常", e);
throw new xxxException("");
}
}

public static boolean verifySign(String sign, String cerContent, String merId) throws xxxException{
try {
byte[] bytes = Base64.decodeBase64(sign.getBytes(SystemConfig.UTF_8));
PKCS7SignedData pkcs7SignedData = new PKCS7SignedData(null);
pkcs7SignedData.loadBase64(bytes);
X509Cert verCert = pkcs7SignedData.getSignerX509Cert();

verifyCer(verCert, cerContent);
verifyMer(merId, verCert);
SignatureUtil verUtil = new SignatureUtil();
return verUtil.p7VerifyMessageAttach(bytes, getSession());
} catch (Exception e) {
LOGGER.error("CfcaUtil.verifySign|异常", e);
throw new xxxException("");
}
}
}

原文 https://onecoder.site/archives/1847

正文到此结束