[PKI] issuer private key로 서명

NOVEMBER 26, 2020

서명로직 코드

  • WCA ServerKey로 암호화 + base64 인코딩된 mo sub2 private key 복호화 후 서명
    // private key 로 직접 서명
    String base64EncodedMoSub2PrivKey = "n2iWb4B7ES9Hc7HmAHvW5RMAAGUhwAJ3hOIUuqH9r9y5l4IGzg9nQfXxocKwJDIBSC/x67JcxNA6aALuz0gd+IQby7TTTfB74sxWSNjZUV67Xup0kPOx3wOWrxmO1R2/qGUkwflm3shSbz3YoWaavzipuYKen/6pBQ5kmKzONPFh+1Nprq34hY2lccf38QRp/aGXNbXvxRZcPsYGU5HIIw==";
    String caServerKey = "_u5PJineTniFyvQmHkWP6g";
    byte[] moSub2PrivateKeyByte = aesDecode(Base64.decode(base64EncodedMoSub2PrivKey), caServerKey);
    PrivateKey moSub2PrivateKey = PkiFactory.privateKeyByteToClass(moSub2PrivateKeyByte);

    SignatureType signature = new SignatureType();
    signature.setSignedInfo(signedInfo);
    JAXBElement<SignedInfoType> signedInfoJAXB = ObjectFactory.createSignedInfo(signedInfo);

    SignatureValueType signatureValue = new SignatureValueType();
    java.security.interfaces.ECPrivateKey ecPrivateKey = (java.security.interfaces.ECPrivateKey) moSub2PrivateKey;
    signatureValue.setValue(MsgFactory.signSignedInfoElement(signedInfoJAXB, ecPrivateKey));
    signature.setSignatureValue(signatureValue);

    byte[] signatureXmlByte = MsgFactory.marshalToByteArray(signature, SignatureType.class);
    String signatureXmlStr = new String(signatureXmlByte);
  private byte[] aesDecode(byte[] data, String secretKey) {
    final byte[] IV = Hex.decode("62EC67F9C3A4A407FCB2A8C49031A8B3");
    // TODO 16byte 넘어가는경우 자르지 말고, 16byte 길이를 유지할수 있는방법을 찾아봐야함.
    try {
      String password = secretKey.length() < 16 ? StringUtils.leftPad(secretKey, 16)
        : StringUtils.substring(secretKey, 0, 16);
      Key key = new SecretKeySpec(password.getBytes(), "AES");
      Cipher c = Cipher.getInstance("AES/CBC/PKCS7Padding", BouncyCastleProvider.PROVIDER_NAME);
      c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(IV));
      return c.doFinal(data);
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }
  public static PrivateKey privateKeyByteToClass(byte[] privKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
    KeyFactory kf = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
    PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(privKey));
    return privateKey;
  }

작업 기록 블로그