java source code of BCECUtil

littleca-master
- pom.xml
- little-auth
  - little-auth.md
  - pom.xml
  - little-auth-service
    - src
      - main
        resources
        sql
        api_account.sql
        certs
        sm2
        client
        client.p12
        client_pub.pem
        client_pub.cer
        server
        server.p12
        server_pub.pem
        server_pub.cer
        readme.txt
        rsa
        client
        client.p12
        client_pub.pem
        client_pub.cer
        server
        server.p12
        server_pub.pem
        server_pub.cer
        mybatis
        mybatis_config.xml
        logback-spring.xml
        application.properties
        java
        com
        taoyuanx
        ca
        auth
        dao
        ApiAccountDao.java
        utils
        RequestUtil.java
        ResponseUtil.java
        entity
        ApiAccountEntity.java
        LittleAuthBootApplication.java
        config
        LittleAuthMvcConfig.java
        LittleAuthConfig.java
        AuthProperties.java
        helper
        AuthResultWrapper.java
        ApiAccountAuthHelper.java
        service
        impl
        ApiAccountServiceImpl.java
        ApiAccountService.java
        constants
        AuthCaheConstant.java
        controller
        Sm2AuthApiController.java
        RsaAuthApiController.java
        HelpController.java
        ApiAccountInfoController.java
        HmacAuthApiController.java
        dozer
        CBeanMapper.java
        CBeanAfterHandler.java
      - test
        java
        com
        taoyuanx
        test
        LittleAuthRequestTest.java
        RandomCodeUtil.java
    - pom.xml
  - little-auth-token-core
    - src
      - main
        java
        com
        taoyuanx
        auth
        token
        impl
        SimpleTokenManager.java
        Token.java
        TokenForamtUtil.java
        exception
        TokenException.java
        TokenTypeEnum.java
        TokenManager.java
      - test
        java
        com
        taoyuanx
        test
        TokenTest.java
    - pom.xml
  - little-auth-core
    - src
      - main
        java
        com
        taoyuanx
        auth
        sign
        impl
        hmac
        HMacSign.java
        HmacConfig.java
        Mac.java
        HMacAlgorithms.java
        RsaSign.java
        Sm2Sign.java
        ISign.java
        dto
        ResultBuilder.java
        response
        EncodeResponseDTO.java
        AuthResultDTO.java
        ApiAccountDTO.java
        Result.java
        ResultCode.java
        request
        ISignDTO.java
        AuthRefreshRequestDTO.java
        AuthRequestDTO.java
        EncodeRequestDTO.java
        utils
        IpWhiteCheckUtil.java
        JSONUtil.java
        AesHelper.java
        AesUtil.java
        HmacSignUtil.java
        encode
        IAuthEncode.java
        api
        AuthApi.java
        AuthType.java
        token
        exception
        AuthException.java
        TokenCancelException.java
    - pom.xml
  - little-auth-client
    - src
      - main
        java
        com
        taoyuanx
        auth
        client
        impl
        loadbalance
        impl
        RandomLoadbalance.java
        RoundLoadbalance.java
        LoadbalanceEnum.java
        ILoadbalance.java
        AuthClient.java
        DefaultSingletonAuthClientFactory.java
        interceptor
        AuthClientInterceptor.java
        utils
        StrUtil.java
        ResultFiledStringDeSerializer.java
        ServerUtil.java
        OkHttpUtil.java
        ThrowUtil.java
        RandomCodeUtil.java
        Result.java
        exception
        ClientAuthException.java
        cache
        impl
        MemoryTokenCache.java
        TokenCache.java
        core
        AuthClientConstant.java
        ClientConfig.java
        AuthServiceApiEnum.java
        AuthServer.java
        AuthClientFactory.java
        CacheTokenClientImpl.java
        TokenClient.java
      - test
        resources
        sm2
        client.p12
        server_pub.pem
        auth-client.properties
        rsa
        client.p12
        server_pub.pem
        java
        com
        taoyuanx
        test
        AuthClientTest.java
    - pom.xml
- littleca-tsa
  - src
    - main
      - resources
        files
        ca_pub.pem
        ca.p12
        ca_base64.cer
        ca_pri.pem
        logback-spring.xml
        application.properties
      - java
        com
        taoyuanx
        ca
        tsa
        impl
        LittleTimeStampServiceImpl.java
        TimeStampService.java
        web
        LittleTsaService.java
        client
        impl
        LittleTsaClientImpl.java
        TsaClient.java
        config
        LittleTsaConfig.java
        TsaTranserConstant.java
        ex
        LittleTsaException.java
        LittleTsaBootApplication.java
    - test
      - java
        com
        taoyuanx
        test
        LittleTsaClientTest.java
  - pom.xml
- LICENSE
- README.md
- littleca-shell
  - littleca-shell.md
  - pom.xml
  - littleca-shell-ui
    - src
      - main
        resources
        application-dev.properties
        public
        cert.html
        login.html
        files
        cert
        cakey.pem
        cacert.pem
        application-prod.properties
        logback-spring.xml
        application.properties
        static
        js
        web-storage-cache.min.js
        common.js
        qs.js
        jquery-1.11.3.min.js
        css
        cert.css
        login.css
        create.css
        java
        com
        taoyuanx
        ca
        shellui
        security
        TokenInterceptor.java
        anno
        CustomExceptionCode.java
        NeedToken.java
        dto
        CertReq.java
        timer
        DelteTempCertTask.java
        LittleCaShellUIBootApplication.java
        common
        ResultBuilder.java
        CAConstant.java
        Result.java
        ResultCode.java
        util
        Validator.java
        CommonUtil.java
        SimpleTokenManager.java
        CookieUtil.java
        config
        TimerTaskConfig.java
        WebMvcConfig.java
        AppConfig.java
        service
        CertService.java
        ex
        ValidatorException.java
        ParamException.java
        RestCustomHandlerExceptionResolver.java
        CustomException.java
        SecurityException.java
        ServiceException.java
        controller
        ApiController.java
      - test
        java
        com
        taoyuanx
        test
        SpringJunitTest.java
        HashUtilTest.java
    - pom.xml
  - littleca-shell-core
    - src
      - main
        java
        com
        taoyuanx
        ca
        shell
        excutors
        impl
        LinuxShellExecutor.java
        WindowsShellExecutor.java
        ShellExecutor.java
        params
        CertSubject.java
        ShellParam.java
        ShellType.java
      - test
        resources
        logback.xml
        java
        ShellTest.java
    - pom.xml
  - docs
    - shell
      - windows
        cert_shell.bat
        cert_shell_auto.bat
      - linux
        cert_shell_auto.sh
        cert_shell.sh
    - openssl
      - windows
        openssl.cnf
      - linux
        openssl.cnf
- bin
  - jar.sh
- littleca-ui
  - src
    - main
      - resources
        application-dev.properties
        public
        cert.html
        create.html
        header.html
        login.html
        files
        cacert.cer
        cert
        sm2
        ca
        ca_pub.pem
        ca.p12
        ca_base64.cer
        ca_pri.pem
        ecdsa
        ca
        ca_pub.pem
        ca.p12
        ca_base64.cer
        ca_pri.pem
        dsa
        ca
        ca_pub.pem
        ca.p12
        ca_base64.cer
        ca_pri.pem
        rsa
        ca
        ca_pub.pem
        ca.p12
        ca_base64.cer
        ca_pri.pem
        ca_pri.pem
        application-prod.properties
        logback-spring.xml
        application.properties
        static
        layui
        images
        face
        43.gif
        30.gif
        47.gif
        28.gif
        8.gif
        7.gif
        71.gif
        11.gif
        21.gif
        49.gif
        67.gif
        50.gif
        0.gif
        59.gif
        55.gif
        32.gif
        46.gif
        5.gif
        16.gif
        6.gif
        15.gif
        27.gif
        18.gif
        52.gif
        34.gif
        35.gif
        31.gif
        33.gif
        4.gif
        29.gif
        14.gif
        19.gif
        58.gif
        60.gif
        57.gif
        42.gif
        12.gif
        40.gif
        54.gif
        3.gif
        2.gif
        26.gif
        66.gif
        37.gif
        13.gif
        1.gif
        25.gif
        69.gif
        36.gif
        10.gif
        17.gif
        61.gif
        24.gif
        56.gif
        51.gif
        9.gif
        44.gif
        45.gif
        23.gif
        48.gif
        22.gif
        64.gif
        38.gif
        20.gif
        53.gif
        65.gif
        68.gif
        70.gif
        63.gif
        62.gif
        41.gif
        39.gif
        lay
        modules
        carousel.js
        colorpicker.js
        jquery.js
        laytpl.js
        util.js
        laydate.js
        slider.js
        code.js
        rate.js
        element.js
        table.js
        upload.js
        layer.js
        laypage.js
        form.js
        mobile.js
        tree.js
        flow.js
        layedit.js
        font
        iconfont.eot
        iconfont.ttf
        iconfont.woff
        css
        layui.css
        modules
        layer
        default
        loading-0.gif
        layer.css
        loading-1.gif
        loading-2.gif
        laydate
        default
        laydate.css
        code.css
        layui.mobile.css
        layui.js
        js
        common.js
        js.cookie.js
        system
        login.js
        jquery-1.11.3.min.js
        css
        cert.css
        login.css
        create.css
      - java
        com
        taoyuanx
        ca
        ui
        security
        TokenInterceptor.java
        anno
        CustomExceptionCode.java
        NeedToken.java
        dto
        KeyPairResult.java
        CertReq.java
        CertResult.java
        timer
        DelteTempCertTask.java
        common
        ResultBuilder.java
        CAConstant.java
        Result.java
        ResultCode.java
        LittleCaUIBootApplication.java
        util
        Validator.java
        KeyPairUtil.java
        CommonUtil.java
        SimpleTokenManager.java
        CookieUtil.java
        config
        TimerTaskConfig.java
        WebMvcConfig.java
        AppConfig.java
        CaConfig.java
        service
        impl
        CertServiceImpl.java
        CertService.java
        ex
        ValidatorException.java
        ParamException.java
        RestCustomHandlerExceptionResolver.java
        CustomException.java
        SecurityException.java
        ServiceException.java
        controller
        ApiController.java
    - test
      - java
        com
        taoyuanx
        test
        SpringJunitTest.java
        SimplteTokenManagerTest.java
  - pom.xml
- littleca-core
  - src
    - main
      - java
        com
        taoyuanx
        ca
        core
        api
        impl
        CAImpl.java
        SM2.java
        RSA.java
        DSA.java
        ECDSA.java
        AsymmetricalCipher.java
        ICA.java
        AsymmetricalSignature.java
        AsymmetricalUtil.java
        util
        ByteStringUtil.java
        CertUtil.java
        RSAUtil.java
        Util.java
        exception
        CertException.java
        sm
        Sm2Result.java
        util
        Sm3Util.java
        Sm4Util.java
        Sm2Util.java
        Sm2KeyExchangeUtil.java
        BCECUtil.java
        interfaces
        impl
        Sm2KeyPairImpl.java
        Sm2PublicKeyImpl.java
        Sm2PrivateKeyImpl.java
        Sm2KeyPair.java
        Sm2PrivateKey.java
        Sm2PublicKey.java
        bc
        X509CertExtensions.java
        ProviderInstance.java
    - test
      - java
        example
        ca
        ECDSACATestExample.java
        RSACATestExample.java
        DSACATestExample.java
        SM2CATestExample.java
        cert
        CertTest.java
        op
        RSAOPExample.java
        DSAOPExample.java
        SM4Example.java
        ECDSAOPExample.java
        SM2OPExample.java
  - pom.xml
- .gitignore
- docs
  - sm2
  - bcdoc

package com.taoyuanx.ca.core.sm.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.util.io.pem.PemWriter;

public class BCECUtil {
    private static final String ALGO_NAME_EC = "EC";
    private static final String PEM_STRING_PUBLIC = "PUBLIC KEY";
    private static final String PEM_STRING_ECPRIVATEKEY = "EC PRIVATE KEY";

    /**
     * 生成ECC密钥对
     *
     * @return ECC密钥对
     */
    public static AsymmetricCipherKeyPair generateKeyPair(ECDomainParameters domainParameters,
                                                          SecureRandom random) {
        ECKeyGenerationParameters keyGenerationParams = new ECKeyGenerationParameters(domainParameters,
            random);
        ECKeyPairGenerator keyGen = new ECKeyPairGenerator();
        keyGen.init(keyGenerationParams);
        return keyGen.generateKeyPair();
    }

    public static int getCurveLength(ECKeyParameters ecKey) {
        return getCurveLength(ecKey.getParameters());
    }

    public static int getCurveLength(ECDomainParameters domainParams) {
        return (domainParams.getCurve().getFieldSize() + 7) / 8;
    }

    public static ECPrivateKeyParameters createEcPrivateKey(BigInteger d, ECDomainParameters domainParameters) {
        return new ECPrivateKeyParameters(d, domainParameters);
    }

    public static ECPublicKeyParameters createEcPublicKey(BigInteger x, BigInteger y,
                                                          ECCurve curve, ECDomainParameters domainParameters) {
        byte[] xBytes = x.toByteArray();
        byte[] yBytes = y.toByteArray();
        return createEcPublicKey(xBytes, yBytes, curve, domainParameters);
    }

    public static ECPublicKeyParameters createEcPublicKey(String xHex, String yHex,
                                                          ECCurve curve, ECDomainParameters domainParameters) {
        byte[] xBytes = ByteUtils.fromHexString(xHex);
        byte[] yBytes = ByteUtils.fromHexString(yHex);
        return createEcPublicKey(xBytes, yBytes, curve, domainParameters);
    }

    public static ECPublicKeyParameters createEcPublicKey(byte[] xBytes, byte[] yBytes,
                                                          ECCurve curve, ECDomainParameters domainParameters) {
        final byte uncompressedFlag = 0x04;
        byte[] encodedPubKey = new byte[1 + xBytes.length + yBytes.length];
        encodedPubKey[0] = uncompressedFlag;
        System.arraycopy(xBytes, 0, encodedPubKey, 1, xBytes.length);
        System.arraycopy(yBytes, 0, encodedPubKey, 1 + xBytes.length, yBytes.length);
        return new ECPublicKeyParameters(curve.decodePoint(encodedPubKey), domainParameters);
    }

    public static byte[] convertEcPriKeyToPkcs8Der(ECPrivateKeyParameters priKey,
                                                   ECPublicKeyParameters pubKey) throws IOException {
        ECDomainParameters domainParams = priKey.getParameters();
        ECParameterSpec spec = new ECParameterSpec(domainParams.getCurve(), domainParams.getG(),
            domainParams.getN(), domainParams.getH());
        BCECPublicKey publicKey = null;
        if (pubKey != null) {
            publicKey = new BCECPublicKey(ALGO_NAME_EC, pubKey, spec,
                BouncyCastleProvider.CONFIGURATION);
        }
        BCECPrivateKey privateKey = new BCECPrivateKey(ALGO_NAME_EC, priKey, publicKey,
            spec, BouncyCastleProvider.CONFIGURATION);
        return privateKey.getEncoded();
    }

    public static String convertPkcs8DerEcPriKeyToPem(byte[] encodedKey) throws IOException {
        return convertDerEcDataToPem(PEM_STRING_ECPRIVATEKEY, encodedKey);
    }

    public static byte[] convertPemToPkcs8DerEcPriKey(String pemString) throws IOException {
        return convertPemToDerEcData(pemString);
    }

    /**
     * openssl d2i_ECPrivateKey函数要求的DER编码的私钥也是PKCS1标准的，
     * 这个工具函数的主要目的就是为了能生成一个openssl可以“识别”的ECC私钥
     *
     * @param priKey
     * @param pubKey
     * @return
     * @throws IOException
     */
    public static byte[] convertEcPriKeyToPkcs1Der(ECPrivateKeyParameters priKey,
                                                   ECPublicKeyParameters pubKey) throws IOException {
        byte[] pkcs8Bytes = convertEcPriKeyToPkcs8Der(priKey, pubKey);
        PrivateKeyInfo pki = PrivateKeyInfo.getInstance(pkcs8Bytes);
        ASN1Encodable encodable = pki.parsePrivateKey();
        ASN1Primitive primitive = encodable.toASN1Primitive();
        byte[] pkcs1Bytes = primitive.getEncoded();
        return pkcs1Bytes;
    }

    public static byte[] convertEcPubKeyToX509Der(ECPublicKeyParameters pubKey) {
        ECDomainParameters domainParams = pubKey.getParameters();
        ECParameterSpec spec = new ECParameterSpec(domainParams.getCurve(), domainParams.getG(),
            domainParams.getN(), domainParams.getH());
        BCECPublicKey publicKey = new BCECPublicKey(ALGO_NAME_EC, pubKey, spec,
            BouncyCastleProvider.CONFIGURATION);
        return publicKey.getEncoded();
    }

    public static String convertX509DerEcPubKeyToPem(byte[] encodedKey) throws IOException {
        return convertDerEcDataToPem(PEM_STRING_PUBLIC, encodedKey);
    }

    public static byte[] convertPemToX509DerEcPubKey(String pemString) throws IOException {
        return convertPemToDerEcData(pemString);
    }

    /**
     * openssl i2d_ECPrivateKey函数生成的DER编码的ecc私钥是：PKCS1标准的、带有EC_GROUP、带有公钥的，
     * 这个工具函数的主要目的就是为了使Java程序能够“识别”openssl生成的ECC私钥
     *
     * @param encodedKey
     * @return
     * @throws NoSuchAlgorithmException
     * @throws NoSuchProviderException
     * @throws InvalidKeySpecException
     */
    public static ECPrivateKeyParameters convertPkcs1DerToEcPriKey(byte[] encodedKey)
        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        PKCS8EncodedKeySpec peks = new PKCS8EncodedKeySpec(encodedKey);
        KeyFactory kf = KeyFactory.getInstance(ALGO_NAME_EC, BouncyCastleProvider.PROVIDER_NAME);
        BCECPrivateKey privateKey = (BCECPrivateKey) kf.generatePrivate(peks);
        ECParameterSpec ecParameterSpec = privateKey.getParameters();
        ECDomainParameters ecDomainParameters = new ECDomainParameters(ecParameterSpec.getCurve(),
            ecParameterSpec.getG(), ecParameterSpec.getN(), ecParameterSpec.getH());
        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(privateKey.getD(),
            ecDomainParameters);
        return priKey;
    }

    private static String convertDerEcDataToPem(String type, byte[] encodedData) throws IOException {
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
        try {
            PemObject pemObj = new PemObject(type, encodedData);
            pWrt.writeObject(pemObj);
        } finally {
            pWrt.close();
        }
        return new String(bOut.toByteArray());
    }

    private static byte[] convertPemToDerEcData(String pemString) throws IOException {
        ByteArrayInputStream bIn = new ByteArrayInputStream(pemString.getBytes());
        PemReader pRdr = new PemReader(new InputStreamReader(bIn));
        try {
            PemObject pemObject = pRdr.readPemObject();
            return pemObject.getContent();
        } finally {
            pRdr.close();
        }
    }
}