內建軟體測試憑證 - HackMD

# 內建軟體測試憑證 ## 更新紀錄 * 2021/04/05 更新版本：21.3.24-DEV * 2021/04/05 SignedData新增驗章錯誤訊息(verifyError) * 2021/04/04 更新版本：21.3.23-DEV * 2021/04/04 新增取得內建憑證之公鑰(Base64格式) * 2021/03/29 更新版本：21.3.18-DEV * 2021/03/29 新增自訂url scheme(因應web主機強制使用https) * 2020/12/19 更新版本：20.12.6-SNAPSHOT * 2020/12/19 新增getIcCardNo，取得內建測試憑證IC卡號。 * 2020/11/22 更新版本：20.11.11-SNAPSHOT * 2020/11/22 Invoker改用GepsHttpInvokerProxyFactoryBean以設定連線Timeout。 * 2020/11/07 更新版本：20.10.11-SNAPSHOT * 2020/11/07 檢驗簽章返回型態由boolean改為簽署者資訊(SignedData)。 * 2020/11/07 新增將base64編碼過的憑證字串轉為憑證資訊(可取得憑證類型、oid、統編、身份證後4碼等)，說明加入getCertInfo使用範例。 ## 使用說明 1. 使用common-api-fwk: 21.3.23-DEV ``` <dependency> <groupId>geps3</groupId> <artifactId>common-api-fwk</artifactId> <version>21.3.23-DEV</version> </dependency> ``` 2. Import **QdcsApiconfig** ``` @Import({ WebConfig.class, JpaConfig.class, CachingConfig.class, AsyncConfig.class, OoiClient.class, OsmApiClientConfig.class, CcsAppConfig.class, VmsApiConfig.class, QdcsApiConfig.class}) @SpringBootApplication @EnableScheduling //@PropertySource({"classpath:obtainment.properties"}) public class Application extends SpringBootServletInitializer implements WebApplicationInitializer { public static void main(String[] args) { SpringApplication.run(Application.class, args); } } ``` 如欲自定義連線網址，請於application.yml設定參數 ``` qdcs: server: scheme: http host: localhost port: 8080 ``` 3. @Autowired **TestCertApi** ``` @Autowired private TestCertApi testCertService; ``` 4. 用法： ``` public interface TestCertApi { /** * 測試憑證驗證簽章 * * @param data * 欲簽章的資料 * @param isBase64 * 內容是否為Base64編碼 * @return 簽章結果 */ public String sign(String data, boolean isBase64); /** * 測試憑證驗證簽章 * * @param data * 簽章資料 * @return 簽署者資訊 */ public SignedData verify(String data); /** * 測試憑證加密 * * @param data * 欲加密的內容 * @param isBase64 * 內容是否為Base64編碼 * @return 加密後的結果(預設以Base64編碼) */ public String encrypt(String data, boolean isBase64); /** * 測試憑證解密 * * @param base64Data * 以Base64編碼後的字串 * @return 解密後的字串(預設不以Base64編碼) */ public String decrypt(String base64Data); /** * 測試憑證解密 * * @param base64Data * 以Base64編碼後的字串 * @param returnBase64 * 是否將結果以Base64編碼字串回傳 * @return 解密後的字串 */ public String decrypt(String base64Data, boolean returnBase64); /** * 取得測試憑證資訊 * * @return 憑證資訊 */ public CertInfo info(); /** * 將base64編碼的憑證轉為CertInfo * * @param base64Cert * @return */ CertInfo getCertInfo(String base64Cert); /** * 取得內建測試憑證IC卡號 * */ public String getIcCardNo(); /** * 取得內建憑證(Base64格式) * */ public String getEncodedCert() { } ``` ### getCertInfo 將憑證編碼字串丟給API解析 ``` String base64Cert = "MIIFCjCCA/KgAwIBAgIRANdvFHB/uWX26EcgpmwH9jkwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVFcxEjAQBgNVBAoMCeihjOaUv+mZojEzMDEGA1UECwwqKOa4rOippueUqCkg5pS/5bqc5ris6Kmm5oaR6K2J566h55CG5Lit5b+DMB4XDTIwMDQyODA4NDc0N1oXDTIwMTAyODA4NDc0N1owJTELMAkGA1UEBhMCVFcxFjAUBgNVBAoMDea4rOippuapn+mXnDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTDE3bX14v4vUR/O4ym+QvU9JhW4ojszHBxvIzKmvcDNAAa0emSpbaPehOXdyfvM79qhjd9IttiLsqrotC0jI3ZiFd8esdL5KAU4519xFlvv6ueF0Y9tM8AIW1/BkIGH0IlgcwdBwsQkPx+cTy3NVxiUnsRBEQT0A48BQ2FO3+3O6Jinbhk0Pao7D9OipsxpLt/6Z7HrQ9h+aS2xJ8SeneZV8wEMmJ92/GGZIfYAGsSN2FH1/itKz47MIMTknkMhCH/B055eZW5Rv2PKcqmzOOCvgDkhF2qh3wt7fK6Rj9lCuRHoSdAFRuME39R7whUn7IJHOKDuDtu729r5pFXg6HAgMBAAGjggICMIIB/jAfBgNVHSMEGDAWgBR3r9Blh+4dyKn2l6AlRw7JldpxqzAdBgNVHQ4EFgQU7XbFqO7EzIr4eQrLapQCepIvuyAwDgYDVR0PAQH/BAQDAgQwMBQGA1UdIAQNMAswCQYHYIZ2ZQADADAaBgNVHREEEzARgQ90ZXN0QGNodC5jb20udHcwTgYDVR0JBEcwRTAWBgdghnYBZAIBMQsGCWCGdgFkAwIBATAUBgdghnYBZAICMQkTB3ByaW1hcnkwFQYHYIZ2AWQCZjEKBghghnYBZYGcITCBhgYDVR0fBH8wfTBAoD6gPIY6aHR0cDovL2d0ZXN0Y2EubmF0Lmdvdi50dy9jcmwvR1Rlc3RDQTIvODg4OC0xL2NvbXBsZXRlLmNybDA5oDegNYYzaHR0cDovL2d0ZXN0Y2EubmF0Lmdvdi50dy9jcmwvR1Rlc3RDQTIvY29tcGxldGUuY3JsMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDB/BggrBgEFBQcBAQRzMHEwPgYIKwYBBQUHMAKGMmh0dHA6Ly9ndGVzdGNhLm5hdC5nb3YudHcvY2VydHMvSXNzdWVkVG9UaGlzQ0EucDdiMC8GCCsGAQUFBzABhiNodHRwOi8vZ3Rlc3RjYS5uYXQuZ292LnR3L09DU1Avb2NzcDANBgkqhkiG9w0BAQsFAAOCAQEADHrLRgjLof0zeeqjndq0YfJGI/iSDChw6uYv19vHit/gSc9OPT3j+xiKjSAtvqjFomTATxjL1P1I04jANNoZPdJ2uDvUF59Wh+aU09MyIOVVULgEphpHP/kDr9y3syq/3OBALZmSJBXrdU/P5K1yZ60kO6w18q8c/aFlufr7YCtFqzTNpvqRan635kscVGrXA2kiSkpVBqm+4A7BRbBML8fGvfEFQMhNtUd2NSMPFRQcJ5XKJsA0L2LAH9vbONFjK3dat224LTzd4OhnueuFR1sRF4X3+IMW5I7GMU10a1V8ybW4EWLOrJTE2t20KvCZQnLVZZ+LOIBU5KCKJPSbFQ=="; CertInfo certInfo = testCertService.getCertInfo(base64Cert); System.out.println(certInfo); ``` > CertInfo [subjectDN=O=測試機關1, C=TW, issuerDN=OU=(測試用) 政府測試憑證管理中心, O=行政院, C=TW, notBefore=Tue Apr 28 16:47:47 CST 2020, notAfter=Wed Oct 28 16:47:47 CST 2020, serialNumber=286360778606329282209690417006144648761, crlDistrbution=http://gtestca.nat.gov.tw/crl/GTestCA2/8888-1/complete.crl09 http://gtestca.nat.gov.tw/crl/GTestCA2/complete.crl, issuerURL=null, cardType=PRIMARY, certType=GTESTCA, detailType=AUXILIARY_GOVERNMENT_UNIT, enterpriseId=null, ocsp=http://gtestca.nat.gov.tw/OCSP/ocsp, orgOID=2.16.886.1.101.20001, personId=null, subjectType=政府機關, subjectTypeOID=2.16.886.1.100.3.2.1.1] ### verify 驗證簽章並回傳簽章資訊(含憑證) ``` System.out.println("Sign 'test123'"); String data = testCertService.sign("test123", false); SignedData signedData = testCertService.verify(data); System.out.println("Get cert from signed data:"); System.out.println("SignedData verified: " + signedData.getVerified()); signedData.getSignCerts().forEach(c->{ System.out.println(c.getEncoededCert()); }); ``` >Sign 'test123' >Get cert from signed data: >SignedData verified: true >MIIFCjCCA/KgAwIBAgIRANdvFHB/uWX26EcgpmwH9jkwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVFcxEjAQBgNVBAoMCeihjOaUv+mZojEzMDEGA1UECwwqKOa4rOippueUqCkg5pS/5bqc5ris6Kmm5oaR6K2J566h55CG5Lit5b+DMB4XDTIwMDQyODA4NDc0N1oXDTIwMTAyODA4NDc0N1owJTELMAkGA1UEBhMCVFcxFjAUBgNVBAoMDea4rOippuapn+mXnDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTDE3bX14v4vUR/O4ym+QvU9JhW4ojszHBxvIzKmvcDNAAa0emSpbaPehOXdyfvM79qhjd9IttiLsqrotC0jI3ZiFd8esdL5KAU4519xFlvv6ueF0Y9tM8AIW1/BkIGH0IlgcwdBwsQkPx+cTy3NVxiUnsRBEQT0A48BQ2FO3+3O6Jinbhk0Pao7D9OipsxpLt/6Z7HrQ9h+aS2xJ8SeneZV8wEMmJ92/GGZIfYAGsSN2FH1/itKz47MIMTknkMhCH/B055eZW5Rv2PKcqmzOOCvgDkhF2qh3wt7fK6Rj9lCuRHoSdAFRuME39R7whUn7IJHOKDuDtu729r5pFXg6HAgMBAAGjggICMIIB/jAfBgNVHSMEGDAWgBR3r9Blh+4dyKn2l6AlRw7JldpxqzAdBgNVHQ4EFgQU7XbFqO7EzIr4eQrLapQCepIvuyAwDgYDVR0PAQH/BAQDAgQwMBQGA1UdIAQNMAswCQYHYIZ2ZQADADAaBgNVHREEEzARgQ90ZXN0QGNodC5jb20udHcwTgYDVR0JBEcwRTAWBgdghnYBZAIBMQsGCWCGdgFkAwIBATAUBgdghnYBZAICMQkTB3ByaW1hcnkwFQYHYIZ2AWQCZjEKBghghnYBZYGcITCBhgYDVR0fBH8wfTBAoD6gPIY6aHR0cDovL2d0ZXN0Y2EubmF0Lmdvdi50dy9jcmwvR1Rlc3RDQTIvODg4OC0xL2NvbXBsZXRlLmNybDA5oDegNYYzaHR0cDovL2d0ZXN0Y2EubmF0Lmdvdi50dy9jcmwvR1Rlc3RDQTIvY29tcGxldGUuY3JsMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDB/BggrBgEFBQcBAQRzMHEwPgYIKwYBBQUHMAKGMmh0dHA6Ly9ndGVzdGNhLm5hdC5nb3YudHcvY2VydHMvSXNzdWVkVG9UaGlzQ0EucDdiMC8GCCsGAQUFBzABhiNodHRwOi8vZ3Rlc3RjYS5uYXQuZ292LnR3L09DU1Avb2NzcDANBgkqhkiG9w0BAQsFAAOCAQEADHrLRgjLof0zeeqjndq0YfJGI/iSDChw6uYv19vHit/gSc9OPT3j+xiKjSAtvqjFomTATxjL1P1I04jANNoZPdJ2uDvUF59Wh+aU09MyIOVVULgEphpHP/kDr9y3syq/3OBALZmSJBXrdU/P5K1yZ60kO6w18q8c/aFlufr7YCtFqzTNpvqRan635kscVGrXA2kiSkpVBqm+4A7BRbBML8fGvfEFQMhNtUd2NSMPFRQcJ5XKJsA0L2LAH9vbONFjK3dat224LTzd4OhnueuFR1sRF4X3+IMW5I7GMU10a1V8ybW4EWLOrJTE2t20KvCZQnLVZZ+LOIBU5KCKJPSbFQ== ###### tags: GEPS3 憑證