USBKEY全解析---证书导入(java)

网上资料关于JAVA操作硬件USBKEY的例子比较少，本篇使用主要实现2个功能：

1    java实现向USBKEY导入证书

2    java调用USBKEY证书签名

对USBKEY陌生的同学请参考：https://blog.youkuaiyun.com/liujoi/article/details/106150546

本篇需要使用：bcpkix-jdk15on-160.jar、bcprov-ext-jdk15on-160.jar,完整源码见附件。

package org.liuy.pkcs11;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import sun.misc.BASE64Encoder;
import sun.security.pkcs11.SunPKCS11;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.CK_INFO;
import sun.security.pkcs11.wrapper.CK_SESSION_INFO;
import sun.security.pkcs11.wrapper.CK_SLOT_INFO;
import sun.security.pkcs11.wrapper.CK_TOKEN_INFO;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Constants;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/**
 * 使用PKCS11 对硬件USBKEY：下发证书、签名、打印硬件基本信息等功能
 * 
 * @author liuy
 *
 */
public class Pkcs11Util {
        
    protected PKCS11 myPKCS11Module_;
      protected long token_ = -1L;
    
    /**
     * 初始化库文件，必须首先加载
     * @param libPath    pkcs11库的路径：windows和linux都可以
     * @throws IOException
     * @throws PKCS11Exception
     */
    public Pkcs11Util(String libPath) throws IOException, PKCS11Exception
    {
        myPKCS11Module_ = PKCS11.getInstance(libPath, "C_GetFunctionList", null, false); 
    }
    
    /**
     * 获取Cryptoki的通用信息
     * @throws PKCS11Exception
     */
    public CK_INFO getInfo()  throws PKCS11Exception
    {
            CK_INFO moduleInfo = myPKCS11Module_.C_GetInfo();
            return moduleInfo;
     }
    
    
    /**
     * 获取 槽信息
     * @return
     * @throws PKCS11Exception
     */
    public List<CK_SLOT_INFO> getSlotInfo() throws PKCS11Exception
   {
          List<CK_SLOT_INFO>  list= new ArrayList<CK_SLOT_INFO>();
          long[] slotIDs = myPKCS11Module_.C_GetSlotList(false);
          for (int i=0; i < slotIDs.length; i++) {
            CK_SLOT_INFO slotInfo = myPKCS11Module_.C_GetSlotInfo(slotIDs[i]);
            list.add(slotInfo);
          }
          return list;
    }
    
     /**
      * 获取硬件信息
      * @return
      * @throws PKCS11Exception
      */
     public List<CK_TOKEN_INFO>  getTokenInfo() throws PKCS11Exception
     {
        List<CK_TOKEN_INFO>  list= new ArrayList<CK_