wenlukang1
/
CTSK_DEV
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

提交内容:CA代码测试 

备注:CA代码测试
提交人:邹江涛
This commit is contained in:
zoujiangtao 2024-12-30 17:31:35 +08:00
parent 06fc641a5f
commit 07900e03d0
2 changed files with 152 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecResourceBundle.java Normal file
View File

@ -0,0 +1,69 @@
package shkd.sys.sys.plugin.CA;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.Set;
/**
* @description: CA服务 ResourceBundle对象
**/
public class InfoSecResourceBundle extends ResourceBundle {
private Map<String,Object> lookup;
public InfoSecResourceBundle(Properties properties){
lookup = new HashMap(properties);
}
public InfoSecResourceBundle(Map<String,Object> lookup){
this.lookup = lookup;
}
public InfoSecResourceBundle(InputStream stream) throws IOException {
Properties properties = new Properties();
properties.load(stream);
lookup = new HashMap(properties);
}
@Override
protected Object handleGetObject(String key) {
if (key == null) {
throw new NullPointerException();
}
return lookup.get(key);
}
@Override
public Enumeration<String> getKeys() {
return new Enumeration() {
private Iterator<String> iterator = lookup.keySet().iterator();
@Override
public boolean hasMoreElements() {
return iterator.hasNext();
}
@Override
public Object nextElement() {
return iterator.next();
}
};
}
protected Set<String> handleKeySet() {
return lookup.keySet();
}
@Override
public boolean containsKey(String key) {
return lookup.containsKey(key);
}
}

83
sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecService.java Normal file
View File

@ -0,0 +1,83 @@
package shkd.sys.sys.plugin.CA;
import cn.com.infosec.netsign.agent.NetSignAgent;
import cn.com.infosec.netsign.agent.NetSignResult;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Properties;
import kd.bos.ca.bean.VerifySignResult;
import kd.bos.dataentity.serialization.SerializationUtils;
import kd.bos.ca.AbstractCAService;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
/**
* @description: CA服务
**/
public class InfoSecService extends AbstractCAService {
private static Log log = LogFactory.getLog(InfoSecService.class);
private static Properties properties;
private static boolean isInitialize;
static {
initProperties();
}
/**
* 初始化
*/
private static void initProperties() {
if (properties == null) {
try (InputStream in = InfoSecService.class.getResourceAsStream("/resources/InfoSecConfig.properties")) {
properties = new Properties();
properties.load(in);
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("信安世纪服务配置文件初始化失败:" + e.getMessage());
}
}
}
/**
* @param signData 签名信息
* @param cleartext 原文信息
* @param publicKey 证书公钥
* @param caConfig ca配置信息
* @return 验签结果
*/
@Override
public VerifySignResult verifySign(String signData, String cleartext, String publicKey, Map<String, Object> caConfig) {
log.info("验签开始");
VerifySignResult result = new VerifySignResult();
try {
/**
* 虽然能获取到苍穹系统上的配置并构造ResourceBundle对象但是信安世纪的服务只能初始化一次感觉有点坑
* 服务只能初始化一次再次调用NetSignAgent.initialize不会生效所以修改配置后只能重启服务
*/
if (!isInitialize) {
properties.putAll(caConfig);
InfoSecResourceBundle resourceBundle = new InfoSecResourceBundle(properties);
NetSignAgent.initialize(resourceBundle);
isInitialize = Boolean.TRUE;
}
X509Certificate certificate = NetSignAgent.generateCertificate(publicKey.getBytes());
NetSignResult netSignResult = NetSignAgent.rawVerify(cleartext.getBytes(), signData, "SHA1", null, certificate);
log.info(SerializationUtils.toJsonString(netSignResult));
result.setSuccess(true);
result.setMessage("验签通过。");
} catch (Exception e) {
log.error(e);
result.setSuccess(false);
result.setMessage("验签失败:" + e.getMessage());
}
return result;
}
}