hyperledger-twgc / java-gm Goto Github PK
View Code? Open in Web Editor NEWJava语言国密基础库
License: Apache License 2.0
java-gm's Issues
upgrade bouncycastle to latest
- upgrade bouncycastle to latest
- add test case for hash256sm2 etc support
- add mvn repo mirror as download from main repo is too slow some time due to network issue
publish java package
use a github action to publish java package
impl for CryptoSuite & CryptoSuiteFactory
impl for CryptoSuite & CryptoSuiteFactory
sm2/3 factory
make a factory to create sm2/3 basic actions for
- pem generate.
- cert generate.
- digest and sign/verify.
- encrypt/decrypt.
- key load.
- others?
@xiaohui249 , any other suggestions?
SDK SM2/3/4 Sample
impl for java sdk(sm2/3 part)
as a sample for sm2/3 impl for fabric sdk?
add support/test sample for different hash function
1.2.156.10197.1.501 SM2Sign-with-SM3
1.2.156.10197.1.502 SM2Sign-with-SHA1
1.2.156.10197.1.503 SM2Sign-with-SHA256
1.2.156.10197.1.504 SM2Sign-with-SHA511
1.2.156.10197.1.505 SM2Sign-with-SHA224
1.2.156.10197.1.506 SM2Sign-with-SHA384
1.2.156.10197.1.507 SM2Sign-with-RMD160
@davidkhala , do we need add sample for above all?
generateCSR
需要certificate pem
自动测试没有被触发
Benchmark as JMH
sm4 Enum
Cipher cipher = Cipher.getInstance(sm4ModeAndPaddingEnum.getName(), BouncyCastleProvider.PROVIDER_NAME);
我们可以吧cipher作为枚举值么? 这样就避免了每次都去getInstance了。
generate key pair supports password
缺少通过私钥生成对应公钥的实现
资源泄漏的问题比较多
例如:
public static PublicKey loadPublicFromFile(String filename) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
FileReader fr = new FileReader(filename);
PemObject spki = new PemReader(fr).readPemObject();
fr.close();
Provider p = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
return KeyFactory.getInstance(Const.EC_VALUE, BouncyCastleProvider.PROVIDER_NAME).generatePublic(new X509EncodedKeySpec(spki.getContent()));
}
Description Resource Path Location Type Resource leak: '' is never closed SM2Util.java /java-gm/src/main/java/twgc/gm/sm2 line 241 Java Problem
- SM2的密钥基于证书文件,没有提供基于hash to Byte 的转化方法,因此和JS(sm-crypto)的互操作比较困的
EnvelopeMessage Encryption failed
`
/**
* 加密数据
* @param srcMsg 源信息
* @param certPath 证书路径
* @param charSet 字符编码
* @return
* @throws Exception
*/
public String envelopeMessage(String srcMsg, String certPath, String charSet) throws Exception {
CertificateFactory certificatefactory;
X509Certificate cert;
// 使用公钥对对称密钥进行加密 //若此处不加参数 "BC" 会报异常:CertificateException -
certificatefactory = CertificateFactory.getInstance("X.509", "BC");
// 读取.crt文件;你可以读取绝对路径文件下的crt,返回一个InputStream(或其子类)即可。
InputStream bais = new FileInputStream(certPath);
cert = (X509Certificate) certificatefactory.generateCertificate(bais);
//添加数字信封
CMSTypedData msg = new CMSProcessableByteArray(srcMsg.getBytes(charSet));
CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
cert).setProvider("BC"));
CMSEnvelopedData ed = edGen.generate(msg,
new JceCMSContentEncryptorBuilder(PKCSObjectIdentifiers.RC2_CBC)
.setProvider("BC").build());
String rslt = new String(Base64.encode(ed.getEncoded()));
System.out.println(rslt);
return rslt;
}
public MessageUtil() {
Security.addProvider(new BouncyCastleProvider());
// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
`
org.bouncycastle.cms.CMSException: exception wrapping content key: cannot create cipher: No such algorithm: 1.2.840.10045.2.1
at org.bouncycastle.cms.KeyTransRecipientInfoGenerator.generate(Unknown Source)
at org.bouncycastle.cms.CMSEnvelopedDataGenerator.doGenerate(Unknown Source)
at org.bouncycastle.cms.CMSEnvelopedDataGenerator.generate(Unknown Source)
at MessageUtil.envelopeMessage(MessageUtil.java:167)
at envelopeTest.generate(envelopeTest.java:8)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
Caused by: org.bouncycastle.operator.OperatorCreationException: cannot create cipher: No such algorithm: 1.2.840.10045.2.1
at org.bouncycastle.operator.jcajce.OperatorHelper.createAsymmetricWrapper(Unknown Source)
at org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper.generateWrappedKey(Unknown Source)
... 27 more
Caused by: java.security.NoSuchAlgorithmException: No such algorithm: 1.2.840.10045.2.1
at javax.crypto.Cipher.getInstance(Cipher.java:688)
at javax.crypto.Cipher.getInstance(Cipher.java:596)
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createCipher(Unknown Source)
... 29 more
`
The encryption certificate used is as follow:
-----BEGIN CERTIFICATE----- MIICmDCCAj6gAwIBAgIIICADCQACNmIwCgYIKoEcz1UBg3UwdjEcMBoGA1UEAwwTU21hcnRDQV9UZXN0X1NNMl9DQTEVMBMGA1UECwwMU21hcnRDQV9UZXN0MRAwDgYDVQQKDAdTbWFydENBMQ8wDQYDVQQHDAbljZfkuqwxDzANBgNVBAgMBuaxn+iLjzELMAkGA1UEBhMCQ04wHhcNMjAwMzA5MDgxNTI4WhcNMjEwMzA5MDgxNTI4WjCBrjEqMCgGA1UELQwhZmZlYjNlM2IxZWI3NDFlOGFjMDRhZDllZGU4ZDg3OGMxMQswCQYDVQQGEwJDTjESMBAGA1UECAwJ5rGf6IuP55yBMRIwEAYDVQQHDAnoi4/lt57luIIxDDAKBgNVBAoMAzAwMTESMBAGA1UECwwJ5Zu65a6a5YC8MSkwJwYDVQQDDCDoi4/lt57lkIzmtY7ljLrlnZfpk77noJTnqbbpmaJAMTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABHaRmfiRODgUqYFFj514NrJbiC8i76U/Up9nlUYglm/EY48yk4rnaDqQbZ52EBatWuCSo7eJq1r8hNZVtZfyys+jfTB7MAsGA1UdDwQEAwIDODAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBS9yBor73EI3noVdS52WdLiFqG9HzAfBgNVHSMEGDAWgBRc87oljMJlDOxn777djWunXq/jrDAeBggqgRzQFAQBAwQSExAxMjM0NTY3ODkwUVdFUlRZMAoGCCqBHM9VAYN1A0gAMEUCIFlHt1MFenymSpEKzQgySo0F5TGEWhSGInvCHDq75bU9AiEAqLfCLkCvkNu1+8Vw3Fee3r3K9MvhsAMc61axwT5SEXs= -----END CERTIFICATE-----
code refactor basing on current structure
java % pwd
/Users/yuanyi/OpenSource/java-gm/src/main/java
java % ls
Interact.java SM3Util.java SM4Util.java
refactor needed for this structure.
azp ci badge显示没跑
use github action replace with azp
开发者使用文档
关于
- check style
- gradle
- 互操作测试
sm4 chaincode sample?
use sm4 to encrypt and decrypt data sample?
for java based chaincode?
build failure: gradlew not found
Not found wrapperScript: /home/vsts/work/1/s/gradlew
clean up: gradle
我发现有一个gradle jar放在代码当中,它是必要的么?
some advise with sm3util and sm2util
without JCE, dont need init BC provider
java-gm/src/main/java/SM3Util.java
Lines 18 to 20 in 5b5f58e
sm2 en/decrypt use which append mode? C1|C2|C3 or C1|C3|C2
java-gm/src/main/java/SM2Util.java
Line 106 in 5b5f58e
sm3/sm4 check each other between different languages
update azp for release.
Hi @davidkhala ,
could you please ref doc here for update azp for jar file release?
https://docs.microsoft.com/zh-cn/azure/devops/pipelines/artifacts/maven?view=azure-devops
I can't see Artifacts tag with my azp premission.
SM4Util重构后的问题
看了synchronized同步代码,以及SM4Util的公开构造方法。我的想法:1、改成synchronized,目的应该是避免一个SM4Util单实例使用出现线程安全问题,但是影响了性能,而且并没有从实质上解决线程安全问题,线程安全问题是由Cipher引起的,而Cipher对象是公用的,无法保证调用者单例使用;2、SM4Util的构造方法是public的,所以从这个层面来讲,上一步的synchronized意义不大,而且实例化SM4Util时,Cipher.getInstance仍然要执行一遍。
[提议] 支持通过直接读取公私钥字符串来加载其对象
提议描述:
通常有些场景是将公私钥配置在配置文件或者配置中心里面,这个时候我们的工具类似乎就有点力不从心,当然可以自己实现。
例子:
加载公钥:
twgc.gm.sm2.SM2Util#loadPublicFromFile
public static PublicKey loadPublicFromFile(String filename) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
try (PemReader pemReader = new PemReader(new FileReader(filename))) {
PemObject spki = pemReader.readPemObject();
Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
return KeyFactory.getInstance(Const.EC_VALUE, BouncyCastleProvider.PROVIDER_NAME).generatePublic(new X509EncodedKeySpec(spki.getContent()));
}
}期望:
// 提供类似的方法可以通过读取字符串来加载
PemReader pemReader = new PemReader(new StringReader(publicKey))support x509 format
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.