From cb00660a74cf9dd58dbb4eece5a7061d42889a35 Mon Sep 17 00:00:00 2001 From: 13009 Date: Tue, 20 Feb 2024 14:32:37 +0800 Subject: [PATCH] sm text --- .../core/cipher/AbstractPrivacyDecryptor.java | 32 ++++++++++---- .../core/cipher/AbstractPrivacyEncryptor.java | 33 +++++++++++---- .../api/core/cipher/AbstractSecretCipher.java | 42 +++++++++++++------ .../scfs/api/core/cipher/AbstractSigner.java | 29 ++++++++----- .../api/core/cipher/AbstractVerifier.java | 28 ++++++++----- .../api/core/cipher/CertificateValidity.java | 3 +- .../http/client/TestPrivacyDecryptor.java | 2 +- .../http/client/TestPrivacyEncryptor.java | 2 +- .../core/http/client/TestSecretCipher.java | 2 +- .../scfs/api/core/http/client/TestSigner.java | 2 +- .../api/core/http/client/TestVerifier.java | 2 +- .../czcb/scfs/api/rsa/AesSecretCipher.java | 2 +- .../scfs/api/rsa/RsaPrivacyDecryptor.java | 2 +- .../scfs/api/rsa/RsaPrivacyEncryptor.java | 2 +- .../java/com/czcb/scfs/api/rsa/RsaSigner.java | 2 +- .../com/czcb/scfs/api/rsa/RsaVerifier.java | 2 +- .../api/service/cipher/TestSecretCipher.java | 2 +- .../scfs/api/service/cipher/TestSigner.java | 2 +- .../scfs/api/service/cipher/TestVerifier.java | 2 +- .../czcb/scfs/api/sm/Sm2PrivacyDecryptor.java | 3 +- .../czcb/scfs/api/sm/Sm2PrivacyEncryptor.java | 3 +- .../com/czcb/scfs/api/sm/Sm2Verifier.java | 3 +- .../com/czcb/scfs/api/sm/Sm4SecretCipher.java | 5 ++- .../java/com/czcb/scfs/api/sm/SmProfile.java | 6 +++ .../czcb/scfs/api/sm/SmSecurityProvider.java | 2 + 25 files changed, 147 insertions(+), 68 deletions(-) diff --git a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyDecryptor.java b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyDecryptor.java index 6ec7249..fe00183 100644 --- a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyDecryptor.java +++ b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyDecryptor.java @@ -10,6 +10,8 @@ import javax.crypto.NoSuchPaddingException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; +import java.security.Provider; +import java.util.Objects; import static java.util.Objects.requireNonNull; @@ -18,21 +20,34 @@ import static java.util.Objects.requireNonNull; * @date 2024/2/2 */ public abstract class AbstractPrivacyDecryptor implements PrivacyDecryptor { - private final PrivateKey privateKey; - private final Cipher cipher; + protected final String transformation; + protected final PrivateKey privateKey; + protected final Provider provider; /** * 构造敏感信息解密的抽象类 * - * @param transform 加密使用的模式 - * @param privateKey 加密使用的私钥 + * @param transformation 解密使用的模式 + * @param privateKey 解密使用的私钥 + * @param provider 安全库提供商 */ - protected AbstractPrivacyDecryptor(String transform, PrivateKey privateKey) { + protected AbstractPrivacyDecryptor(String transformation, PrivateKey privateKey, Provider provider) { + this.transformation = requireNonNull(transformation); this.privateKey = requireNonNull(privateKey); + this.provider = provider; + } + + /** + * 获取加密器 + * + * @return Cipher + */ + private Cipher getCipher() { try { - cipher = Cipher.getInstance(transform); + return Objects.isNull(provider) ? Cipher.getInstance(transformation) + : Cipher.getInstance(transformation, provider); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { - throw new IllegalArgumentException("The current Java environment does not support " + transform, e); + throw new IllegalArgumentException("The current Java environment does not support " + transformation, e); } } @@ -46,12 +61,13 @@ public abstract class AbstractPrivacyDecryptor implements PrivacyDecryptor { public String decrypt(String ciphertext) { requireNonNull(ciphertext); try { + Cipher cipher = getCipher(); cipher.init(Cipher.DECRYPT_MODE, privateKey); return Strings.toStr(cipher.doFinal(Base64.decode(ciphertext))); } catch (InvalidKeyException e) { throw new IllegalArgumentException("无效的私钥", e); } catch (BadPaddingException | IllegalBlockSizeException e) { - throw new IllegalArgumentException(String.format("[%s]解密失败", cipher.getAlgorithm()), e); + throw new IllegalArgumentException(String.format("[%s]解密失败", transformation), e); } } diff --git a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyEncryptor.java b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyEncryptor.java index ce50ccc..2f6c891 100644 --- a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyEncryptor.java +++ b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractPrivacyEncryptor.java @@ -9,7 +9,9 @@ import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; +import java.security.Provider; import java.security.PublicKey; +import java.util.Objects; import static java.util.Objects.requireNonNull; @@ -18,21 +20,34 @@ import static java.util.Objects.requireNonNull; * @date 2024/2/2 */ public abstract class AbstractPrivacyEncryptor implements PrivacyEncryptor { - private final PublicKey publicKey; - private final Cipher cipher; + protected final String transformation; + protected final PublicKey publicKey; + protected final Provider provider; /** * 构造敏感信息加密的抽象类 * - * @param transform 加密使用的模式 - * @param publicKey 加密使用的公钥 + * @param transformation 加密使用的模式 + * @param publicKey 加密使用的公钥 + * @param provider 安全库提供商 */ - protected AbstractPrivacyEncryptor(String transform, PublicKey publicKey) { + protected AbstractPrivacyEncryptor(String transformation, PublicKey publicKey, Provider provider) { + this.transformation = requireNonNull(transformation); this.publicKey = requireNonNull(publicKey); + this.provider = provider; + } + + /** + * 获取加密器 + * + * @return Cipher + */ + private Cipher getCipher() { try { - cipher = Cipher.getInstance(transform); + return Objects.isNull(provider) ? Cipher.getInstance(transformation) + : Cipher.getInstance(transformation, provider); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { - throw new IllegalArgumentException("The current Java environment does not support " + transform, e); + throw new IllegalArgumentException("The current Java environment does not support " + transformation, e); } } @@ -45,13 +60,15 @@ public abstract class AbstractPrivacyEncryptor implements PrivacyEncryptor { @Override public String encrypt(String plaintext) { requireNonNull(plaintext); + try { + Cipher cipher = getCipher(); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return Base64.encodeStr(cipher.doFinal(Strings.toBytes(plaintext))); } catch (InvalidKeyException e) { throw new IllegalArgumentException("无效的公钥", e); } catch (BadPaddingException | IllegalBlockSizeException e) { - throw new IllegalArgumentException(String.format("[%s]算法加密失败", cipher.getAlgorithm()), e); + throw new IllegalArgumentException(String.format("[%s]算法加密失败", transformation), e); } } diff --git a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSecretCipher.java b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSecretCipher.java index 7918850..5664fc3 100644 --- a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSecretCipher.java +++ b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSecretCipher.java @@ -5,29 +5,50 @@ import com.czcb.scfs.api.core.exception.EncryptException; import com.czcb.scfs.api.core.util.Base64; import com.czcb.scfs.api.core.util.Strings; +import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.util.Objects; /** + * 对称加密器 + * * @author wangwei * @date 2024/2/2 */ public abstract class AbstractSecretCipher implements SecretCipher { - private final String algorithm; - private final String transformation; - private final int keyLengthBit; + protected final String algorithm; + protected final String transformation; + protected final Provider provider; + protected final int keyLengthBit; - protected AbstractSecretCipher(String algorithm, String transformation, int keyLengthBit) { + protected AbstractSecretCipher(String algorithm, String transformation, Provider provider, int keyLengthBit) { this.algorithm = algorithm; this.transformation = transformation; + this.provider = provider; this.keyLengthBit = keyLengthBit; } + /** + * 获取加密器 + * + * @return Cipher + */ + private Cipher getCipher() { + try { + return Objects.isNull(provider) ? Cipher.getInstance(transformation) + : Cipher.getInstance(transformation, provider); + } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { + throw new IllegalArgumentException("The current Java environment does not support " + transformation, e); + } + } + /** * 加密并转换为字符串 * @@ -37,8 +58,8 @@ public abstract class AbstractSecretCipher implements SecretCipher { @Override public String encrypt(byte[] secretKey, byte[] plaintext) { try { - javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(transformation); - cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, + Cipher cipher = getCipher(); + cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(secretKey, algorithm), new GCMParameterSpec(keyLengthBit, secretKey)); return Base64.encodeStr(cipher.doFinal(plaintext)); @@ -56,15 +77,12 @@ public abstract class AbstractSecretCipher implements SecretCipher { @Override public String decrypt(byte[] secretKey, byte[] ciphertext) { try { - javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(transformation); - cipher.init(javax.crypto.Cipher.DECRYPT_MODE, + Cipher cipher = getCipher(); + cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKey, algorithm), new GCMParameterSpec(keyLengthBit, secretKey)); return Strings.toStr(cipher.doFinal(Base64.decode(ciphertext))); - } catch (InvalidKeyException - | InvalidAlgorithmParameterException - | NoSuchAlgorithmException - | NoSuchPaddingException e) { + } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IllegalArgumentException(e); } catch (Exception e) { throw new DecryptException("解密异常", e); diff --git a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSigner.java b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSigner.java index f08b65e..bf1af9f 100644 --- a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSigner.java +++ b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractSigner.java @@ -4,10 +4,8 @@ import com.czcb.scfs.api.core.exception.SignException; import com.czcb.scfs.api.core.util.Base64; import com.czcb.scfs.api.core.util.Strings; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.SignatureException; +import java.security.*; +import java.util.Objects; import static java.util.Objects.requireNonNull; @@ -17,9 +15,10 @@ import static java.util.Objects.requireNonNull; * @date 2024/2/2 */ public abstract class AbstractSigner implements Signer { - private final String algorithm; - private final String algorithmName; - private final PrivateKey privateKey; + protected final String algorithm; + protected final String algorithmName; + protected final PrivateKey privateKey; + protected final Provider provider; /** * AbstractSigner 构造函数 @@ -28,10 +27,20 @@ public abstract class AbstractSigner implements Signer { * @param algorithmName 获取Signature对象时指定的算法,例如SHA256withRSA * @param privateKey API私钥 */ - protected AbstractSigner(String algorithm, String algorithmName, PrivateKey privateKey) { + protected AbstractSigner(String algorithm, String algorithmName, PrivateKey privateKey, Provider provider) { this.algorithm = requireNonNull(algorithm); this.algorithmName = requireNonNull(algorithmName); this.privateKey = requireNonNull(privateKey); + this.provider = provider; + } + + private java.security.Signature getSignature() { + try { + return Objects.isNull(provider) ? java.security.Signature.getInstance(algorithmName) + : java.security.Signature.getInstance(algorithmName, provider); + } catch (NoSuchAlgorithmException e) { + throw new UnsupportedOperationException("The current Java environment does not support " + algorithmName, e); + } } @Override @@ -39,12 +48,10 @@ public abstract class AbstractSigner implements Signer { requireNonNull(message); try { - java.security.Signature signature = java.security.Signature.getInstance(algorithmName); + java.security.Signature signature = getSignature(); signature.initSign(privateKey); signature.update(Strings.toBytes(message)); return new SignatureResult(Base64.encodeStr(signature.sign())); - } catch (NoSuchAlgorithmException e) { - throw new UnsupportedOperationException("The current Java environment does not support " + algorithmName, e); } catch (InvalidKeyException e) { throw new IllegalArgumentException(algorithm + " signature uses an illegal privateKey.", e); } catch (SignatureException e) { diff --git a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractVerifier.java b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractVerifier.java index 9c1eef0..a964c68 100644 --- a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractVerifier.java +++ b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/AbstractVerifier.java @@ -5,11 +5,10 @@ import com.czcb.scfs.api.core.util.Strings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.security.Signature; -import java.security.SignatureException; +import java.security.*; import java.security.cert.X509Certificate; +import java.util.Objects; import static java.util.Objects.requireNonNull; @@ -20,22 +19,33 @@ import static java.util.Objects.requireNonNull; public abstract class AbstractVerifier implements Verifier { protected final Logger logger = LoggerFactory.getLogger(getClass()); protected final CertificateProvider certificateProvider; - protected final String algorithmName; + protected final String algorithm; + protected final Provider provider; /** * AbstractVerifier 构造函数 * - * @param algorithmName 获取Signature对象时指定的算法 + * @param algorithm 获取Signature对象时指定的算法 * @param certificateProvider 验签使用的证书管理器,非空 */ - protected AbstractVerifier(String algorithmName, CertificateProvider certificateProvider) { - this.algorithmName = requireNonNull(algorithmName); + protected AbstractVerifier(String algorithm, CertificateProvider certificateProvider, Provider provider) { + this.algorithm = requireNonNull(algorithm); this.certificateProvider = requireNonNull(certificateProvider); + this.provider = provider; + } + + private java.security.Signature getSignature() { + try { + return Objects.isNull(provider) ? java.security.Signature.getInstance(algorithm) + : java.security.Signature.getInstance(algorithm, provider); + } catch (NoSuchAlgorithmException e) { + throw new UnsupportedOperationException("The current Java environment does not support " + algorithm, e); + } } protected boolean verify(X509Certificate certificate, String message, String signature) { try { - Signature sign = Signature.getInstance(algorithmName); + Signature sign = getSignature(); sign.initVerify(certificate); sign.update(Strings.toBytes(message)); return sign.verify(Base64.decode(signature)); @@ -43,8 +53,6 @@ public abstract class AbstractVerifier implements Verifier { return false; } catch (InvalidKeyException e) { throw new IllegalArgumentException("verify uses an illegal certificate.", e); - } catch (NoSuchAlgorithmException e) { - throw new UnsupportedOperationException("不支持的签名算法:" + algorithmName, e); } } diff --git a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/CertificateValidity.java b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/CertificateValidity.java index 6a8f8b8..11d9410 100644 --- a/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/CertificateValidity.java +++ b/scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/CertificateValidity.java @@ -6,14 +6,13 @@ import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; /** * 校验证书是否有效 */ public class CertificateValidity { - public X509Certificate getLongestCertificate(ConcurrentHashMap certificates) { + public X509Certificate getLongestCertificate(Map certificates) { if (certificates == null || certificates.isEmpty()) { return null; } diff --git a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyDecryptor.java b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyDecryptor.java index 6e4b02a..4ccd640 100644 --- a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyDecryptor.java +++ b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyDecryptor.java @@ -11,6 +11,6 @@ public class TestPrivacyDecryptor extends AbstractPrivacyDecryptor { * @param privateKey 加密使用的私钥 */ protected TestPrivacyDecryptor(PrivateKey privateKey) { - super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", privateKey); + super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", privateKey, null); } } diff --git a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyEncryptor.java b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyEncryptor.java index 85ae44a..e604e58 100644 --- a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyEncryptor.java +++ b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestPrivacyEncryptor.java @@ -11,6 +11,6 @@ public class TestPrivacyEncryptor extends AbstractPrivacyEncryptor { * @param publicKey 加密使用的公钥 */ protected TestPrivacyEncryptor(PublicKey publicKey) { - super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", publicKey); + super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", publicKey, null); } } diff --git a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSecretCipher.java b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSecretCipher.java index 08bd596..4724cd6 100644 --- a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSecretCipher.java +++ b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSecretCipher.java @@ -5,6 +5,6 @@ import com.czcb.scfs.api.core.cipher.AbstractSecretCipher; public class TestSecretCipher extends AbstractSecretCipher { protected TestSecretCipher() { - super("AES", "AES/GCM/NoPadding", 128); + super("AES", "AES/GCM/NoPadding", null, 128); } } diff --git a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSigner.java b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSigner.java index 0841d57..8c63d98 100644 --- a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSigner.java +++ b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSigner.java @@ -14,6 +14,6 @@ public class TestSigner extends AbstractSigner { * @param privateKey API私钥 */ protected TestSigner(PrivateKey privateKey) { - super("SHA256-WITH-RSA", "SHA256withRSA", privateKey); + super("SHA256withRSA", "SHA256withRSA", privateKey, null); } } diff --git a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestVerifier.java b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestVerifier.java index 19eff12..b7c6a2a 100644 --- a/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestVerifier.java +++ b/scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestVerifier.java @@ -12,6 +12,6 @@ public class TestVerifier extends AbstractVerifier { * @param certificateProvider 验签使用的证书管理器,非空 */ protected TestVerifier(CertificateProvider certificateProvider) { - super("SHA256withRSA", certificateProvider); + super("SHA256withRSA", certificateProvider, null); } } diff --git a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/AesSecretCipher.java b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/AesSecretCipher.java index b8f2279..db5a32d 100644 --- a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/AesSecretCipher.java +++ b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/AesSecretCipher.java @@ -9,6 +9,6 @@ import com.czcb.scfs.api.core.cipher.AbstractSecretCipher; public class AesSecretCipher extends AbstractSecretCipher { protected AesSecretCipher() { - super("AES", "AES/GCM/NoPadding", 128); + super("AES", "AES/GCM/NoPadding", null, 128); } } diff --git a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyDecryptor.java b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyDecryptor.java index 65b2c72..6f4a5c2 100644 --- a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyDecryptor.java +++ b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyDecryptor.java @@ -15,6 +15,6 @@ public final class RsaPrivacyDecryptor extends AbstractPrivacyDecryptor { * @param privateKey 加密使用的私钥 */ public RsaPrivacyDecryptor(PrivateKey privateKey) { - super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", privateKey); + super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", privateKey, null); } } diff --git a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyEncryptor.java b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyEncryptor.java index c995df0..148536e 100644 --- a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyEncryptor.java +++ b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaPrivacyEncryptor.java @@ -16,6 +16,6 @@ public final class RsaPrivacyEncryptor extends AbstractPrivacyEncryptor { * @param publicKey 加密使用的公钥 */ public RsaPrivacyEncryptor(PublicKey publicKey) { - super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", publicKey); + super("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", publicKey, null); } } diff --git a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaSigner.java b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaSigner.java index 18f75a2..3b3a657 100644 --- a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaSigner.java +++ b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaSigner.java @@ -14,6 +14,6 @@ public class RsaSigner extends AbstractSigner { * @param privateKey API私钥 */ protected RsaSigner(PrivateKey privateKey) { - super("SHA256-WITH-RSA", "SHA256withRSA", privateKey); + super("SHA256withRSA", "SHA256withRSA", privateKey, null); } } diff --git a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaVerifier.java b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaVerifier.java index e547a76..4ec67df 100644 --- a/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaVerifier.java +++ b/scfs-api-rsa/src/main/java/com/czcb/scfs/api/rsa/RsaVerifier.java @@ -12,6 +12,6 @@ public class RsaVerifier extends AbstractVerifier { * @param certificateProvider 验签使用的证书管理器,非空 */ protected RsaVerifier(CertificateProvider certificateProvider) { - super("SHA256withRSA", certificateProvider); + super("SHA256withRSA", certificateProvider, null); } } diff --git a/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSecretCipher.java b/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSecretCipher.java index 2c86d06..93f71e2 100644 --- a/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSecretCipher.java +++ b/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSecretCipher.java @@ -5,6 +5,6 @@ import com.czcb.scfs.api.core.cipher.AbstractSecretCipher; public class TestSecretCipher extends AbstractSecretCipher { protected TestSecretCipher() { - super("AES", "AES/GCM/NoPadding", 128); + super("AES", "AES/GCM/NoPadding", null, 128); } } diff --git a/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSigner.java b/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSigner.java index a8d60f9..5ab37e8 100644 --- a/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSigner.java +++ b/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestSigner.java @@ -14,6 +14,6 @@ public class TestSigner extends AbstractSigner { * @param privateKey API私钥 */ public TestSigner(PrivateKey privateKey) { - super("SHA256-WITH-RSA", "SHA256withRSA", privateKey); + super("SHA256withRSA", "SHA256withRSA", privateKey, null); } } diff --git a/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestVerifier.java b/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestVerifier.java index 3d4771d..fbbe3c2 100644 --- a/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestVerifier.java +++ b/scfs-api-service/src/test/java/com/czcb/scfs/api/service/cipher/TestVerifier.java @@ -12,6 +12,6 @@ public class TestVerifier extends AbstractVerifier { * @param certificateProvider 验签使用的证书管理器,非空 */ public TestVerifier(CertificateProvider certificateProvider) { - super("SHA256withRSA", certificateProvider); + super("SHA256withRSA", certificateProvider, null); } } diff --git a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyDecryptor.java b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyDecryptor.java index fa5bb54..93ccdbe 100644 --- a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyDecryptor.java +++ b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyDecryptor.java @@ -1,6 +1,7 @@ package com.czcb.scfs.api.sm; import com.czcb.scfs.api.core.cipher.AbstractPrivacyDecryptor; +import com.tencent.kona.KonaProvider; import java.security.PrivateKey; @@ -17,6 +18,6 @@ public final class Sm2PrivacyDecryptor extends AbstractPrivacyDecryptor { * @param privateKey API私钥 */ public Sm2PrivacyDecryptor(PrivateKey privateKey) { - super("SM2", privateKey); + super("SM2", privateKey, new KonaProvider()); } } diff --git a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyEncryptor.java b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyEncryptor.java index f207d40..eb277e2 100644 --- a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyEncryptor.java +++ b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2PrivacyEncryptor.java @@ -1,6 +1,7 @@ package com.czcb.scfs.api.sm; import com.czcb.scfs.api.core.cipher.AbstractPrivacyEncryptor; +import com.tencent.kona.KonaProvider; import java.security.PublicKey; @@ -17,6 +18,6 @@ public final class Sm2PrivacyEncryptor extends AbstractPrivacyEncryptor { * @param publicKey 请求的敏感信息加密时使用的国密公钥 */ public Sm2PrivacyEncryptor(PublicKey publicKey) { - super("SM2", publicKey); + super("SM2", publicKey, new KonaProvider()); } } diff --git a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2Verifier.java b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2Verifier.java index d418445..c00926b 100644 --- a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2Verifier.java +++ b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm2Verifier.java @@ -2,6 +2,7 @@ package com.czcb.scfs.api.sm; import com.czcb.scfs.api.core.cipher.AbstractVerifier; import com.czcb.scfs.api.core.cipher.CertificateProvider; +import com.tencent.kona.KonaProvider; /** * @author wangwei @@ -18,6 +19,6 @@ public class Sm2Verifier extends AbstractVerifier { * @param certificateProvider 验签使用的证书管理器,非空 */ public Sm2Verifier(CertificateProvider certificateProvider) { - super("SM2", certificateProvider); + super("SM3withSM2", certificateProvider, new KonaProvider()); } } diff --git a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm4SecretCipher.java b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm4SecretCipher.java index 4c6afaf..e8bed52 100644 --- a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm4SecretCipher.java +++ b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/Sm4SecretCipher.java @@ -1,9 +1,12 @@ package com.czcb.scfs.api.sm; import com.czcb.scfs.api.core.cipher.AbstractSecretCipher; +import com.tencent.kona.KonaProvider; /** + * 对称加密器 + * * @author wangwei * @date 2024/2/2 */ @@ -13,6 +16,6 @@ public final class Sm4SecretCipher extends AbstractSecretCipher { } public Sm4SecretCipher() { - super("SM4", "SM4/GCM/NoPadding", 128); + super("SM4", "SM4/GCM/NoPadding", new KonaProvider(), 128); } } diff --git a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmProfile.java b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmProfile.java index 9609c5c..2942dbb 100644 --- a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmProfile.java +++ b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmProfile.java @@ -15,6 +15,8 @@ import java.util.List; import java.util.Objects; /** + * 支持国密的配置类 + * * @author wangwei * @date 2024/2/2 */ @@ -67,12 +69,16 @@ public final class SmProfile extends AbstractProfile { public SmProfile build() { Objects.requireNonNull(this.channel); + // 证书加载器 CertificateProvider certificateProvider = new LocalCertificateProvider(certificates); + // 加密器 this.privacy = new SmPrivacy(privateKey, certificateProvider); + // 签名器 this.signature = new DefaultSignature(certificateProvider, new Sm2Signer(privateKey), new Sm2Verifier(certificateProvider)); httpProfile(httpProfile); if (Objects.isNull(httpProfile)) { + // 创建默认的http配置 httpProfile(new DefaultHttpProfile.Builder().build()); } diff --git a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmSecurityProvider.java b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmSecurityProvider.java index ed9c81e..d0a55de 100644 --- a/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmSecurityProvider.java +++ b/scfs-api-sm/src/main/java/com/czcb/scfs/api/sm/SmSecurityProvider.java @@ -8,6 +8,8 @@ import java.security.Security; * 注入 KonaProvider */ public class SmSecurityProvider { + private SmSecurityProvider() { + } public static void addProvider() { if (Security.getProvider(KonaProvider.NAME) == null) {