[new] enhance PemUtil#readPemKey method, support more pem format, depend on bcpkix-jdk15on

2025-07-21 15:09:48 +08:00 · 2022-07-17 15:41:26 +08:00
parent a9310c2d30
commit 7c2e0ed887
10 changed files with 177 additions and 39 deletions
--- a/hutool-crypto/src/test/java/cn/hutool/crypto/test/PemUtilTest.java
+++ b/hutool-crypto/src/test/java/cn/hutool/crypto/test/PemUtilTest.java
@@ -14,6 +14,7 @@ import org.junit.Test;
 import java.nio.charset.StandardCharsets;
 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.util.*;

 public class PemUtilTest {

@@ -50,7 +51,7 @@ public class PemUtilTest {

 	@Test
 	public void readECPrivateKeyTest() {
-		PrivateKey privateKey = PemUtil.readSm2PemPrivateKey(ResourceUtil.getStream("test_ec_private_key.pem"));
+		PrivateKey privateKey = PemUtil.readSm2PemPrivateKey(ResourceUtil.getStream("test_ec_sec1_private_key.pem"));
 		SM2 sm2 = new SM2(privateKey, null);
 		sm2.usePlainEncoding();

@@ -77,4 +78,46 @@ public class PemUtilTest {
 		boolean verify = sm2.verify(StrUtil.utf8Bytes(content), sign);
 		Assert.assertTrue(verify);
 	}
+
+	@Test
+	public void verifyPemUtilReadKey() {
+		// 公钥
+		// PKCS#10 文件读取公钥
+		PublicKey csrPublicKey = PemUtil.readPemPublicKey(ResourceUtil.getStream("test_ec_certificate_request.csr"));
+
+		// 证书读取公钥
+		PublicKey certPublicKey = PemUtil.readPemPublicKey(ResourceUtil.getStream("test_ec_certificate.cer"));
+
+		// PEM 公钥
+		PublicKey plainPublicKey = PemUtil.readPemPublicKey(ResourceUtil.getStream("test_ec_public_key.pem"));
+
+		// 私钥
+		// 加密的 PEM 私钥
+		PrivateKey encPrivateKey = PemUtil.readPemPrivateKey(ResourceUtil.getStream("test_ec_encrypted_private_key.key"), "123456".toCharArray());
+
+		// PKCS#8 私钥
+		PrivateKey pkcs8PrivateKey = PemUtil.readPemPrivateKey(ResourceUtil.getStream("test_ec_pkcs8_private_key.key"));
+
+		// SEC 1 私钥
+		PrivateKey sec1PrivateKey = PemUtil.readPemPrivateKey(ResourceUtil.getStream("test_ec_sec1_private_key.pem"));
+
+		// 组装还原后的公钥和私钥列表
+		List<PublicKey> publicKeyList = Arrays.asList(csrPublicKey, certPublicKey, plainPublicKey);
+		List<PrivateKey> privateKeyList = Arrays.asList(encPrivateKey, pkcs8PrivateKey, sec1PrivateKey);
+
+		// 做笛卡尔积循环验证
+		for (PrivateKey privateKeyItem : privateKeyList) {
+			for (PublicKey publicKeyItem : publicKeyList) {
+				// 校验公私钥
+				SM2 genSm2 = new SM2(privateKeyItem, publicKeyItem);
+				genSm2.usePlainEncoding();
+
+				String content = "我是Hanley.";
+				byte[] sign = genSm2.sign(StrUtil.utf8Bytes(content));
+				boolean verify = genSm2.verify(StrUtil.utf8Bytes(content), sign);
+				Assert.assertTrue(verify);
+			}
+		}
+	}
+
 }
--- a/hutool-crypto/src/test/resources/test_ec_certificate.cer
+++ b/hutool-crypto/src/test/resources/test_ec_certificate.cer
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBozCCAUegAwIBAgIIJQJK8f5oQVQwDAYIKoEcz1UBg3UFADAjMQswCQYDVQQG
+EwJDTjEUMBIGA1UEAwwLSHV0b29sIFRlc3QwHhcNMjIwNzE3MDcyMzU4WhcNMjMw
+NzE3MDcyMzU4WjAjMQswCQYDVQQGEwJDTjEUMBIGA1UEAwwLSHV0b29sIFRlc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASXXjbO+6vY7vdD5aXoi2EMHUq0itI8
+kG6FN3cgLBFFoelyy3JxX94h7RpH4ylpNUXeRNuzv1VcPa06nsN1OjTWo2MwYTAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUFHvMM9CZ
+VUxWKt1+CHI5uYLpLgQwHwYDVR0jBBgwFoAUFHvMM9CZVUxWKt1+CHI5uYLpLgQw
+DAYIKoEcz1UBg3UFAANIADBFAiA5p0Gh7mvuuHMVG2SmbGj5HQpWcpwCaUF90BQ9
+/QEYZgIhAIXmeD2bDlOCPc3vxS4aNGxSd1wq/MT9bBJhKyiXWjx5
+-----END CERTIFICATE-----
--- a/hutool-crypto/src/test/resources/test_ec_certificate_request.csr
+++ b/hutool-crypto/src/test/resources/test_ec_certificate_request.csr
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBODCB3wIBADBWMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4G
+A1UEBxMHQmVpamluZzEPMA0GA1UECxMGSHV0b29sMRIwEAYDVQQDEwlodXRvb2wu
+Y24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASXXjbO+6vY7vdD5aXoi2EMHUq0
+itI8kG6FN3cgLBFFoelyy3JxX94h7RpH4ylpNUXeRNuzv1VcPa06nsN1OjTWoCcw
+JQYJKoZIhvcNAQkOMRgwFjAUBgNVHREEDTALgglodXRvb2wuY24wCgYIKoZIzj0E
+AwIDSAAwRQIhAIH0w1XbGnRfbM1flsqRHzfur+pEZ3wiqpChxAI39lpIAiAsNAwn
+o7PsXpTXLhq1ZgqurIjFeFuvY1hszUODmO5ySQ==
+-----END CERTIFICATE REQUEST-----
--- a/hutool-crypto/src/test/resources/test_ec_encrypted_private_key.key
+++ b/hutool-crypto/src/test/resources/test_ec_encrypted_private_key.key
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,04b396b78c1f1172857a8b76682b63ef
+
+NoaLaSy87gLE6C3yCi7JwiB86NSYipZmMVlLIcHaBL2ECRUcGDmXEZu6OqFyrbDc
+XWXraEl3OieYduiVmuJ0GQ8oeWd5DNgHLBYTPnfgjBowbluAO9/R9AUh4R8Fz918
+/zsMZJckjSv3Gs6NWZW02v9OvhTDSJBNwu/M2WTWH10=
+-----END EC PRIVATE KEY-----
--- a/hutool-crypto/src/test/resources/test_ec_pkcs8_private_key.key
+++ b/hutool-crypto/src/test/resources/test_ec_pkcs8_private_key.key
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgEZmc6NdYu8UzpzhX
+1bcRzfWBlcGgnPtqfVsRzXfXZ/6gCgYIKoZIzj0DAQehRANCAASXXjbO+6vY7vdD
+5aXoi2EMHUq0itI8kG6FN3cgLBFFoelyy3JxX94h7RpH4ylpNUXeRNuzv1VcPa06
+nsN1OjTW
+-----END PRIVATE KEY-----
--- a/hutool-crypto/src/test/resources/test_ec_private_key.pem
+++ b/hutool-crypto/src/test/resources/test_ec_private_key.pem
@@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIKB89IhhSy9WrtQS7TWO5Yqyv5a3DnogWYUhb3TbzjnWoAoGCCqBHM9V
-AYItoUQDQgAE3LRuqCM697gL3jPhw98eGfTDcJsuJr6H1nE4VkgdtBdX3So2lC6m
-UGEnWeRZuh8HnzCRobcu02Bgv7CVR5Iigg==
-----END EC PRIVATE KEY-----
--- a/hutool-crypto/src/test/resources/test_ec_public_key.pem
+++ b/hutool-crypto/src/test/resources/test_ec_public_key.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEl142zvur2O73Q+Wl6IthDB1KtIrS
+PJBuhTd3ICwRRaHpcstycV/eIe0aR+MpaTVF3kTbs79VXD2tOp7DdTo01g==
+-----END PUBLIC KEY-----
--- a/hutool-crypto/src/test/resources/test_ec_sec1_private_key.pem
+++ b/hutool-crypto/src/test/resources/test_ec_sec1_private_key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBGZnOjXWLvFM6c4V9W3Ec31gZXBoJz7an1bEc1312f+oAoGCCqGSM49
+AwEHoUQDQgAEl142zvur2O73Q+Wl6IthDB1KtIrSPJBuhTd3ICwRRaHpcstycV/e
+Ie0aR+MpaTVF3kTbs79VXD2tOp7DdTo01g==
+-----END EC PRIVATE KEY-----