Register /
Login
|
Desktop view
|
import java.security.KeyStore;
import java.security.Security;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import com.pheox.jcapi.JCAPIProperties;
import com.pheox.jcapi.JCAPIProvider;
import com.pheox.jcapi.JCAPIUtil;
public class TestJCAPI {
private final static String CN = "..."; // Put your ceritificate CN
private final static byte[] DATA = "Test".getBytes();
private static byte[] sign(KeyStore keyStore, String cn, byte[] data) throws Exception {
System.out.println("Using " + keyStore.getProvider().getName());
// Search entry by CN
KeyStore.PrivateKeyEntry privateKeyEntry = null;
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
if (x509Certificate.getSubjectX500Principal().getName().indexOf(cn) >= 0) {
try {
privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, null);
} catch (UnrecoverableEntryException e) {
privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(null));
}
}
}
}
if (privateKeyEntry == null) {
System.out.println("Certificate not found");
return null;
}
// Sign
System.out.println("Signing with " + ((X509Certificate) privateKeyEntry.getCertificate()).getSubjectX500Principal());
Signature signature = Signature.getInstance("SHA1withRSA", keyStore.getProvider());
signature.initSign(privateKeyEntry.getPrivateKey());
signature.update(data);
byte[] encryptedDigest = signature.sign();
System.out.println("Encrypted Digest (" + encryptedDigest.length + "): " + Arrays.toString(encryptedDigest));
return encryptedDigest;
}
public static void main(String[] args) throws Exception {
Security.addProvider(new JCAPIProvider());
JCAPIProperties.setLogging(true);
System.out.println(JCAPIUtil.getEnvironmentInfo());
System.out.println();
KeyStore ksJcapi = KeyStore.getInstance("msks", "JCAPI");
ksJcapi.load(null, null);
JCAPIProperties.getInstance().setMSCertStoreNames(new String[]{"My"});
byte[] encryptedDigestJcapi = sign(ksJcapi, CN, DATA);
System.out.println();
KeyStore ksJdk = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ksJdk.load(null, null);
byte[] encryptedDigestJdk = sign(ksJdk, CN, DATA);
System.out.println();
System.out.println(Arrays.equals(encryptedDigestJcapi, encryptedDigestJdk));
}
}
JCAPIUtil.removePKCS11CSP("eToken Base Cryptographic Provider");
Hi, we are using JCAPI to sing and validate documents from an applet. It's the best proveder we have found at time, to access MSCAPI, so we'll gladly buy a license to use it, when all tests are OK.
