Merge branch 'jenkins_with_weblogic' into master
This commit is contained in:
@@ -17,6 +17,14 @@ def hibernateVersion = "5.6.15.Final"
|
||||
def nexusUrl = "https://nexus.eactive.synology.me:8090"
|
||||
def generatedJavaDir = "$buildDir/generated/java"
|
||||
|
||||
// FOR LOCAL
|
||||
repositories {
|
||||
maven {
|
||||
url "${nexusUrl}/repository/maven-public/"
|
||||
allowInsecureProtocol = true
|
||||
}
|
||||
}
|
||||
//
|
||||
java {
|
||||
toolchain {
|
||||
languageVersion = JavaLanguageVersion.of(8)
|
||||
@@ -66,6 +74,8 @@ dependencies {
|
||||
|
||||
api 'jakarta.interceptor:jakarta.interceptor-api:2.1.0'
|
||||
|
||||
implementation 'com.nimbusds:nimbus-jose-jwt:9.24.3' //jwhong
|
||||
|
||||
compileOnly group: 'com.ibm.db2', name: 'jcc', version: '11.5.7.0'
|
||||
|
||||
testRuntimeOnly 'com.h2database:h2:2.1.214'
|
||||
|
||||
@@ -0,0 +1,119 @@
|
||||
package com.eactive.eai.common.context;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* 트랜잭션 범위 컨텍스트 관리
|
||||
* - ThreadLocal 기반으로 현재 스레드의 트랜잭션 컨텍스트 관리
|
||||
* - Lazy initialization: 최초 put 시 자동 생성
|
||||
* - 비동기 전달: getAll()로 복사본 획득, restore()로 복원
|
||||
*
|
||||
* <pre>
|
||||
* [동기 거래]
|
||||
* ApiAdapterController → ... → JEP 함수에서 set/get → ... → finally { clear() }
|
||||
*
|
||||
* [비동기 거래]
|
||||
* 송신측: FlowRouter → eaiMessage.setTransactionContextTransfer(getAll()) → JMS Queue
|
||||
* 수신측: Consumer → ElinkESBProcessProxy → restore(transfer) → JEP 함수 → clear()
|
||||
* </pre>
|
||||
*/
|
||||
public class ElinkTransactionContext {
|
||||
|
||||
private static final ThreadLocal<Map<String, Object>> THREAD_LOCAL = new ThreadLocal<>();
|
||||
|
||||
// Context Map Keys
|
||||
private static final String KEY_SEED_SALT = "SEED_SALT";
|
||||
private static final String KEY_ENCRYPTION_KEY = "ENCRYPTION_KEY";
|
||||
private static final String SEED_KEY = "SEED_KEY";
|
||||
public static final String REQUEST_BIZ_DATA = "REQUEST_BIZ_DATA";
|
||||
|
||||
// ==================== 컨텍스트 관리 ====================
|
||||
|
||||
/**
|
||||
* 컨텍스트 정리 (필수)
|
||||
* - 동기: ApiAdapterController finally 블록에서 호출
|
||||
* - 비동기: ElinkESBProcessProxy finally 블록에서 호출
|
||||
*/
|
||||
public static void clear() {
|
||||
THREAD_LOCAL.remove();
|
||||
}
|
||||
|
||||
/**
|
||||
* 비동기 전달용 컨텍스트 복사본 반환
|
||||
* - FlowRouter에서 JMS 송신 전 호출
|
||||
* - 컨텍스트가 없으면 null 반환
|
||||
*/
|
||||
public static Map<String, Object> getAll() {
|
||||
Map<String, Object> ctx = THREAD_LOCAL.get();
|
||||
return ctx != null ? new HashMap<>(ctx) : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* 비동기 수신 시 컨텍스트 복원
|
||||
* - ElinkESBProcessProxy에서 비동기 거래 처리 시작 시 호출
|
||||
*/
|
||||
public static void restore(Map<String, Object> transferContext) {
|
||||
if (transferContext != null && !transferContext.isEmpty()) {
|
||||
THREAD_LOCAL.set(new HashMap<>(transferContext));
|
||||
}
|
||||
}
|
||||
|
||||
// ==================== 내부 헬퍼 ====================
|
||||
|
||||
private static Map<String, Object> getOrCreate() {
|
||||
Map<String, Object> ctx = THREAD_LOCAL.get();
|
||||
if (ctx == null) {
|
||||
ctx = new HashMap<>();
|
||||
THREAD_LOCAL.set(ctx);
|
||||
}
|
||||
return ctx;
|
||||
}
|
||||
|
||||
private static void put(String key, Object value) {
|
||||
if (value != null) {
|
||||
getOrCreate().put(key, value);
|
||||
}
|
||||
}
|
||||
|
||||
private static String get(String key) {
|
||||
Map<String, Object> ctx = THREAD_LOCAL.get();
|
||||
return ctx != null ? (String) ctx.get(key) : null;
|
||||
}
|
||||
|
||||
// ==================== 명시적 변수 접근자 ====================
|
||||
|
||||
public static void setSeedSalt(String seedSalt) {
|
||||
put(KEY_SEED_SALT, seedSalt);
|
||||
}
|
||||
|
||||
public static String getSeedSalt() {
|
||||
return get(KEY_SEED_SALT);
|
||||
}
|
||||
|
||||
public static void setEncryptionKey(String encryptionKey) {
|
||||
put(KEY_ENCRYPTION_KEY, encryptionKey);
|
||||
}
|
||||
|
||||
public static String getEncryptionKey() {
|
||||
return get(KEY_ENCRYPTION_KEY);
|
||||
}
|
||||
|
||||
// ==================== 실 사용 변수 접근자 ====================
|
||||
|
||||
public static void setSeedKey(String encryptionKey) {
|
||||
put(SEED_KEY, encryptionKey);
|
||||
}
|
||||
|
||||
public static String getSeedKey() {
|
||||
return get(SEED_KEY);
|
||||
}
|
||||
|
||||
public static void setRequestBizData(String bizData) {
|
||||
put(REQUEST_BIZ_DATA, bizData);
|
||||
}
|
||||
|
||||
public static String getRequestBizData() {
|
||||
return get(REQUEST_BIZ_DATA);
|
||||
}
|
||||
}
|
||||
@@ -370,8 +370,8 @@ public class MonitorVO implements Serializable
|
||||
//if (logger.isError()) logger.error("MonitorVO["+this.eaiServiceCode+"] "+svcOgNo+" - "+logSequence+" ["+iErrorCode+"] : "+msgRcvTm+" / "+(msgPssTm-msgRcvTm)+" msec",e);
|
||||
//throw new Exception("RECEAICMT101");
|
||||
// String msg = ErrorCodeHandler.getMessage("RECEAICMT101", new String[]{this.eaiServiceCode, svcOgNo, String.valueOf(logSequence), String.valueOf(iErrorCode), String.valueOf(msgRcvTm), String.valueOf(msgPssTm-msgRcvTm)});
|
||||
if (logger.isError()) {
|
||||
logger.error(ExceptionUtil.make(e, "RECEAICMT101"), e);
|
||||
if (logger.isInfo()) {
|
||||
logger.info(ExceptionUtil.make(e, "RECEAICMT101"), e);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1014,7 +1014,11 @@ public class MonitorVO implements Serializable
|
||||
**/
|
||||
synchronized private void countM02(String logSeq, long msgPssTm, long msgRcvTm, int iErrorCode){
|
||||
if(iErrorCode == 0){
|
||||
long psstmp = Long.parseLong((this.pssCnt.get(logSeq).toString()));
|
||||
Object o = this.pssCnt.get(logSeq);
|
||||
long psstmp = 0;
|
||||
if( o != null ) {
|
||||
psstmp = Long.parseLong((this.pssCnt.get(logSeq).toString()));
|
||||
}
|
||||
long psstmpIn = Long.parseLong((this.pssCntInPeriod.get(logSeq).toString()));
|
||||
psstmp++;
|
||||
psstmpIn++;
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -369,9 +369,9 @@ public class EAIServerManager implements Lifecycle {
|
||||
}
|
||||
}
|
||||
public static void main(String[] args) throws Exception{
|
||||
System.out.println(substrRule("card-internal-runtime-568fd58554-b2cnk","[5,2],[5,2],[-2]",0));
|
||||
System.out.println(substrRule("card-internal-runtime-568fd58554-b2cnk","[5,2],[5,2],[-2]",1));
|
||||
System.out.println(substrRule("card-internal-runtime-568fd58554-b2cnk","[0,2],[0,2],[-2]",2));
|
||||
// System.out.println(substrRule("card-internal-runtime-568fd58554-b2cnk","[5,2],[5,2],[-2]",0));
|
||||
// System.out.println(substrRule("card-internal-runtime-568fd58554-b2cnk","[5,2],[5,2],[-2]",1));
|
||||
// System.out.println(substrRule("card-internal-runtime-568fd58554-b2cnk","[0,2],[0,2],[-2]",2));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -23,8 +23,8 @@ public class EAIServerVO implements Serializable {
|
||||
* 리모트 호출 url ==> rmi://{ip}:{rmi RegistryPort}/xxxxx
|
||||
* 사이트마다 다를수 있음.
|
||||
*/
|
||||
//private int plusRmiPort = 1;
|
||||
private int plusRmiPort = 11; //jwhong for weblogic
|
||||
private int plusRmiPort = 1;
|
||||
//private int plusRmiPort = 11; //jwhong for weblogic
|
||||
|
||||
/**
|
||||
* sessionManager에서 쓰기위해
|
||||
|
||||
@@ -47,6 +47,7 @@ public interface LogKeys
|
||||
public static final String DATE_PATTERN ="date.pattern";
|
||||
public static final String APPEND ="append";
|
||||
public static final String MAX_BACKUP_INDEX ="max.backup.index";
|
||||
public static final String MAX_FILE_SIZE ="max.file.size";
|
||||
public static final String ENCODING ="encoding";
|
||||
public static final String COMPRESS_EXT ="compress.ext";
|
||||
|
||||
|
||||
@@ -27,8 +27,9 @@ import ch.qos.logback.core.ConsoleAppender;
|
||||
import ch.qos.logback.core.Context;
|
||||
import ch.qos.logback.core.FileAppender;
|
||||
import ch.qos.logback.core.rolling.RollingFileAppender;
|
||||
import ch.qos.logback.core.rolling.TimeBasedRollingPolicy;
|
||||
import ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy;
|
||||
import ch.qos.logback.core.sift.AppenderFactory;
|
||||
import ch.qos.logback.core.util.FileSize;
|
||||
import co.elastic.logging.logback.EcsEncoder;
|
||||
|
||||
/**
|
||||
@@ -846,9 +847,16 @@ public class Logger implements LogKeys {
|
||||
rollingFileAppender.setName("FILE-" + discriminatingValue);
|
||||
rollingFileAppender.setFile(appenderLogDirectory + localServer + File.separator + appenderLogDirectorySub + File.separator + discriminatingValue + ".log");
|
||||
|
||||
TimeBasedRollingPolicy<ILoggingEvent> rollingPolicy = new TimeBasedRollingPolicy<>();
|
||||
String sMaxFileSize = pmanager.getProperty(APPENDER_SIFT, MAX_FILE_SIZE, "500MB");
|
||||
|
||||
SizeAndTimeBasedRollingPolicy<ILoggingEvent> rollingPolicy = new SizeAndTimeBasedRollingPolicy<>();
|
||||
rollingPolicy.setContext(context);
|
||||
rollingPolicy.setFileNamePattern(appenderLogDirectory + localServer + File.separator + appenderLogDirectorySub + File.separator + discriminatingValue + datePattern + ".log");
|
||||
rollingPolicy.setFileNamePattern(appenderLogDirectory + localServer + File.separator + appenderLogDirectorySub + File.separator + discriminatingValue + datePattern + ".%i.log");
|
||||
if (StringUtils.isNotBlank(sMaxFileSize)) {
|
||||
rollingPolicy.setMaxFileSize(FileSize.valueOf(sMaxFileSize));
|
||||
} else {
|
||||
rollingPolicy.setMaxFileSize(FileSize.valueOf("500MB"));
|
||||
}
|
||||
rollingPolicy.setParent(rollingFileAppender);
|
||||
rollingPolicy.setMaxHistory(maxBackupIndex);
|
||||
rollingPolicy.start();
|
||||
@@ -1044,17 +1052,25 @@ public class Logger implements LogKeys {
|
||||
appender = new RollingFileAppender<ILoggingEvent>();
|
||||
String localServer = EAIServerManager.getInstance().getLocalServerName();
|
||||
|
||||
TimeBasedRollingPolicy<ILoggingEvent> rollingPolicy = new TimeBasedRollingPolicy<ILoggingEvent>();
|
||||
String sMaxFileSize = pmanager.getProperty(appenderName, MAX_FILE_SIZE, "500MB");
|
||||
|
||||
SizeAndTimeBasedRollingPolicy<ILoggingEvent> rollingPolicy = new SizeAndTimeBasedRollingPolicy<ILoggingEvent>();
|
||||
if (StringUtils.isNotBlank(compressExt)){
|
||||
if (compressExt.startsWith(".")) {
|
||||
compressExt = compressExt.substring(1);
|
||||
|
||||
}
|
||||
rollingPolicy.setFileNamePattern( logDirectory + localServer + File.separator + logFile + datePattern + "." + compressExt);
|
||||
rollingPolicy.setFileNamePattern( logDirectory + localServer + File.separator + logFile + datePattern + ".%i." + compressExt);
|
||||
}else{
|
||||
rollingPolicy.setFileNamePattern( logDirectory + localServer + File.separator + logFile + datePattern);
|
||||
rollingPolicy.setFileNamePattern( logDirectory + localServer + File.separator + logFile + datePattern + ".%i.");
|
||||
}
|
||||
rollingPolicy.setContext( (LoggerContext) LoggerFactory.getILoggerFactory() );
|
||||
rollingPolicy.setParent(appender);
|
||||
if (StringUtils.isNotBlank(sMaxFileSize)) {
|
||||
rollingPolicy.setMaxFileSize(FileSize.valueOf(sMaxFileSize));
|
||||
} else {
|
||||
rollingPolicy.setMaxFileSize(FileSize.valueOf("500MB")); // 기본값
|
||||
}
|
||||
rollingPolicy.setMaxHistory(maxBackupIndex);
|
||||
rollingPolicy.start();
|
||||
|
||||
|
||||
@@ -644,26 +644,26 @@ public final class StringUtil {
|
||||
boolean isDBUtf8 = true;
|
||||
String[] chunks = null;
|
||||
|
||||
System.out.println("\n test string:" + test);
|
||||
System.out.println("utf-8 length = " + getBytesLength(test, true));
|
||||
System.out.println("ms949 length = " + getBytesLength(test, false));
|
||||
System.out.println("\n");
|
||||
// System.out.println("\n test string:" + test);
|
||||
// System.out.println("utf-8 length = " + getBytesLength(test, true));
|
||||
// System.out.println("ms949 length = " + getBytesLength(test, false));
|
||||
// System.out.println("\n");
|
||||
for(int len=6; len<9; len++) {
|
||||
System.out.println(String.format(">> chunk length=%d, isDBUtf8=%b",len, isDBUtf8));
|
||||
// System.out.println(String.format(">> chunk length=%d, isDBUtf8=%b",len, isDBUtf8));
|
||||
chunks = chunkStringArray(test,len,isDBUtf8);
|
||||
System.out.println("chunk = "+ chunkString(test,len,isDBUtf8));
|
||||
System.out.println("chunks[0] = "+ chunks[0]);
|
||||
System.out.println("chunks[1] = "+ chunks[1]);
|
||||
// System.out.println("chunk = "+ chunkString(test,len,isDBUtf8));
|
||||
// System.out.println("chunks[0] = "+ chunks[0]);
|
||||
// System.out.println("chunks[1] = "+ chunks[1]);
|
||||
}
|
||||
|
||||
System.out.println("\n");
|
||||
// System.out.println("\n");
|
||||
isDBUtf8 = false;
|
||||
for(int len=6; len<9; len++) {
|
||||
System.out.println(String.format(">> chunk length=%d, isDBUtf8=%b",len, isDBUtf8));
|
||||
// System.out.println(String.format(">> chunk length=%d, isDBUtf8=%b",len, isDBUtf8));
|
||||
chunks = chunkStringArray(test,len,isDBUtf8);
|
||||
System.out.println("chunk = "+ chunkString(test,len,isDBUtf8));
|
||||
System.out.println("chunks[0] = "+ chunks[0]);
|
||||
System.out.println("chunks[1] = "+ chunks[1]);
|
||||
// System.out.println("chunk = "+ chunkString(test,len,isDBUtf8));
|
||||
// System.out.println("chunks[0] = "+ chunks[0]);
|
||||
// System.out.println("chunks[1] = "+ chunks[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -229,27 +229,27 @@ public class TypeConversion
|
||||
short sInit = 730;
|
||||
byte[] bytes = TypeConversion.short2byte(sInit);
|
||||
short sLL = TypeConversion.parseShort(bytes,0);
|
||||
System.out.println("-----Message Old LL : " + sLL);
|
||||
System.out.println("-----Message bytes toString : " + bytes);
|
||||
// System.out.println("-----Message Old LL : " + sLL);
|
||||
// System.out.println("-----Message bytes toString : " + bytes);
|
||||
|
||||
short sNewLL = 152;
|
||||
bytes = TypeConversion.replaceShort(bytes, 0, sNewLL);
|
||||
|
||||
sNewLL = TypeConversion.parseShort(bytes,0);
|
||||
|
||||
System.out.println("-----Message New LL : " + sNewLL);
|
||||
System.out.println("-----Message bytes toString : " + bytes);
|
||||
// System.out.println("-----Message New LL : " + sNewLL);
|
||||
// System.out.println("-----Message bytes toString : " + bytes);
|
||||
|
||||
String strMsg = "DA F23456789012345678901234567890123456 ";
|
||||
short minusOne = -1;
|
||||
byte[] bytesMsg = strMsg.getBytes();
|
||||
bytesMsg = TypeConversion.replaceShort(bytesMsg, 47, minusOne);
|
||||
System.out.println("-----minusOne : [" + new String(bytesMsg)+"]");
|
||||
// System.out.println("-----minusOne : [" + new String(bytesMsg)+"]");
|
||||
short rtnMinusOne = TypeConversion.parseShort(bytesMsg, 47);
|
||||
System.out.println("-----minusOne : [" + rtnMinusOne+"]");
|
||||
// System.out.println("-----minusOne : [" + rtnMinusOne+"]");
|
||||
|
||||
bytesMsg = TypeConversion.replaceShort(bytesMsg, 0, sNewLL);
|
||||
System.out.println("-----minusOne : [" + new String(bytesMsg)+"]");
|
||||
// System.out.println("-----minusOne : [" + new String(bytesMsg)+"]");
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -129,8 +129,8 @@ public final class UUIDGenerator {
|
||||
// System.out.println(getGUID("user000001"));
|
||||
// System.out.println(new Integer("01"));
|
||||
seq = 99999999;
|
||||
System.out.println(getGUID("MCI"));
|
||||
System.out.println(getGUID("MCI"));
|
||||
// System.out.println(getGUID("MCI"));
|
||||
// System.out.println(getGUID("MCI"));
|
||||
long start = System.currentTimeMillis();
|
||||
for (int i = 0; i < 100000000; i++) {
|
||||
char[] seq = String.valueOf(i).toCharArray();
|
||||
@@ -139,14 +139,14 @@ public final class UUIDGenerator {
|
||||
System.arraycopy(seq, 0, formatSeq, destPos, seq.length);
|
||||
}
|
||||
long end = System.currentTimeMillis() - start;
|
||||
System.out.println("c1 time-" + end);
|
||||
// System.out.println("c1 time-" + end);
|
||||
|
||||
start = System.currentTimeMillis();
|
||||
for (int i = 0; i < 100000000; i++) {
|
||||
String formatSeq = StringUtils.leftPad(String.valueOf(i), 10, '0');
|
||||
}
|
||||
end = System.currentTimeMillis() - start;
|
||||
System.out.println("c2 time-" + end);
|
||||
// System.out.println("c2 time-" + end);
|
||||
|
||||
// System.out.println(formatSeq);
|
||||
}
|
||||
|
||||
@@ -49,8 +49,9 @@ public interface STDMessageKeys {
|
||||
public static final String OUTPUT_TYPE_ERR = "02";
|
||||
|
||||
//응답결과구분코드
|
||||
public static final String RESPONSE_TYPE_CODE_N = "0";//정상(normal)
|
||||
public static final String RESPONSE_TYPE_CODE_E = "1";//오류(error)
|
||||
public static final String RESPONSE_TYPE_CODE_N = "NR";//정상(normal)
|
||||
public static final String RESPONSE_TYPE_CODE_E = "ER";//오류(error)
|
||||
|
||||
public static final String RESPONSE_TYPE_CODE_C = "1";//대상시스템연결오류(connect fail)
|
||||
public static final String RESPONSE_TYPE_CODE_T = "1";//타임아웃(timeout)
|
||||
public static final String RESPONSE_TYPE_CODE_F = "1";//시스템오류(fatal)
|
||||
@@ -69,5 +70,8 @@ public interface STDMessageKeys {
|
||||
public static final String PUSH_DVSN_CD_B = "B";// 국단위
|
||||
public static final String PUSH_DVSN_CD_A = "A";// 전체
|
||||
|
||||
|
||||
public static final String SYS_OPRT_ENV_DVCD_ONLINE = "O"; //운영
|
||||
public static final String SYS_OPRT_ENV_DVCD_TESTSTAGE = "S"; //검증
|
||||
public static final String SYS_OPRT_ENV_DVCD_DEV = "D"; //테스트
|
||||
public static final String SYS_OPRT_ENV_DVCD_DR = "R"; //DR
|
||||
}
|
||||
|
||||
@@ -110,7 +110,7 @@ public class AESCipher
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
System.out.println(e.toString());
|
||||
// System.out.println(e.toString());
|
||||
}
|
||||
|
||||
return resultData;
|
||||
|
||||
@@ -0,0 +1,223 @@
|
||||
package com.kjbank.encrypt.exchange.crypto;
|
||||
|
||||
import com.nimbusds.jose.*;
|
||||
import com.nimbusds.jose.crypto.*;
|
||||
import com.nimbusds.jose.jwk.*;
|
||||
import com.nimbusds.jose.jwk.gen.*;
|
||||
import java.io.FileInputStream;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.interfaces.ECPublicKey;
|
||||
import java.security.KeyStore;
|
||||
import java.security.PrivateKey;
|
||||
|
||||
//공개키 관련 (RSA)
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.PublicKey;
|
||||
|
||||
import com.nimbusds.jose.jwk.RSAKey;
|
||||
import com.nimbusds.jose.jwk.KeyUse;
|
||||
|
||||
import java.io.FileNotFoundException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
import java.security.Security;
|
||||
//import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
|
||||
public class ECDHESA256Cipher {
|
||||
|
||||
private ECKey myECKey;
|
||||
private ECKey receiverPublicJWK;
|
||||
private RSAKey receiverPublicRSAKey;
|
||||
private PublicKey pubKey;
|
||||
private JWEObject jweObject;
|
||||
|
||||
// 생성자: 수신자 키 쌍을 준비
|
||||
public ECDHESA256Cipher() throws Exception {
|
||||
this.myECKey = new ECKeyGenerator(Curve.P_256)
|
||||
.keyUse(KeyUse.ENCRYPTION)
|
||||
.keyID("receiver-key")
|
||||
.generate();
|
||||
|
||||
this.receiverPublicJWK = myECKey.toPublicJWK();
|
||||
}
|
||||
|
||||
|
||||
//생성자: 내 키쌍 로드용 생성자 (복호화할 때 필요)
|
||||
// 생성자: 키스토어에서 RSA 개인키/인증서 로드 (복호화용)
|
||||
public ECDHESA256Cipher(String keystorePath, String storePass, String keyAlias, String keyPass) throws Exception {
|
||||
KeyStore ks = KeyStore.getInstance("PKCS12");
|
||||
try (FileInputStream fis = new FileInputStream(keystorePath)) {
|
||||
ks.load(fis, storePass.toCharArray());
|
||||
|
||||
PrivateKey privateKey = (PrivateKey) ks.getKey(keyAlias, keyPass.toCharArray());
|
||||
X509Certificate cert = (X509Certificate) ks.getCertificate(keyAlias);
|
||||
|
||||
if (privateKey == null || cert == null) {
|
||||
throw new IllegalStateException("키스토어에서 개인키 또는 인증서를 로드하지 못했습니다.");
|
||||
}
|
||||
|
||||
this.pubKey = cert.getPublicKey();
|
||||
// System.out.println(pubKey.getAlgorithm()); // "RSA" 또는 "EC"
|
||||
|
||||
if ("RSA".equals(pubKey.getAlgorithm())) {
|
||||
RSAPublicKey rsaPub = (RSAPublicKey) cert.getPublicKey();
|
||||
this.receiverPublicRSAKey = new RSAKey.Builder(rsaPub)
|
||||
.privateKey(privateKey) // ★ 개인키 포함
|
||||
.keyUse(KeyUse.ENCRYPTION)
|
||||
.keyID(cert.getSerialNumber().toString())
|
||||
.build();
|
||||
} else if ("EC".equals(pubKey.getAlgorithm())) {
|
||||
ECPublicKey ecPub = (ECPublicKey) cert.getPublicKey();
|
||||
// EC 복호화를 위해서는 EC 개인키도 필요합니다.
|
||||
this.myECKey = new ECKey.Builder(Curve.P_256, ecPub)
|
||||
.privateKey(privateKey)
|
||||
.keyUse(KeyUse.ENCRYPTION)
|
||||
.keyID(cert.getSerialNumber().toString())
|
||||
.build();
|
||||
} else {
|
||||
throw new IllegalStateException("지원하지 않는 공개키 알고리즘: " + pubKey.getAlgorithm());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// 생성자: 상대방 인증서에서 공개키 로드
|
||||
public ECDHESA256Cipher(String certPath) throws Exception {
|
||||
//0. 개인키 새성
|
||||
//String certPath = "C:/imsi/mytestcert/signCert.der";
|
||||
String priPath = "C:/imsi/mytestcert/signPri.key";
|
||||
char[] password = "aaa1001".toCharArray();
|
||||
//Security.addProvider(new BouncyCastleProvider()); // bouncycastle 관련 일단 comment
|
||||
PrivateKey myPrivateKey1 = NPKILoader.loadPrivateKey(priPath, password, pubKey.getAlgorithm());
|
||||
|
||||
// 1. 인증서 로드
|
||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||
try (FileInputStream fis = new FileInputStream(certPath)) {
|
||||
X509Certificate cert = null;
|
||||
//인증서 묶음인 경우(PKCS#7 경우)
|
||||
Collection<? extends Certificate> certs = cf.generateCertificates(fis);
|
||||
for (Certificate c : certs) {
|
||||
if (c instanceof X509Certificate) {
|
||||
cert = (X509Certificate) c;
|
||||
// System.out.println("Subject: " + cert.getSubjectDN());
|
||||
}
|
||||
}
|
||||
|
||||
if (cert == null) {
|
||||
throw new IllegalStateException("인증서를 찾을 수 없습니다.");
|
||||
}
|
||||
|
||||
// 공개키 저장 및 알고리즘 확인
|
||||
this.pubKey = cert.getPublicKey();
|
||||
// System.out.println(pubKey.getAlgorithm()); // "RSA" 또는 "EC"
|
||||
|
||||
KeyStore ks = KeyStore.getInstance("PKCS12");
|
||||
|
||||
if ("RSA".equals(pubKey.getAlgorithm())) {
|
||||
//PrivateKey myPrivateKey = (PrivateKey) ks.getKey(keyAlias, keyPass.toCharArray());
|
||||
//PrivateKey myPrivateKey = (PrivateKey) ks.getKey("mykey", "key1234".toCharArray());
|
||||
PrivateKey myPrivateKey = NPKILoader.loadPrivateKey(priPath, password, pubKey.getAlgorithm());
|
||||
// System.out.println("PrivateKey Alg: " + myPrivateKey.getAlgorithm());
|
||||
|
||||
RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey();
|
||||
this.receiverPublicRSAKey = new RSAKey.Builder(publicKey)
|
||||
.privateKey(myPrivateKey) //개인키 포함
|
||||
.keyUse(KeyUse.ENCRYPTION)
|
||||
.keyID(cert.getSerialNumber().toString())
|
||||
.build();
|
||||
} else if ("EC".equals(pubKey.getAlgorithm())) {
|
||||
ECPublicKey ecPub = (ECPublicKey) cert.getPublicKey();
|
||||
this.receiverPublicJWK = new ECKey.Builder(Curve.P_256, ecPub)
|
||||
.keyUse(KeyUse.ENCRYPTION)
|
||||
.keyID(cert.getSerialNumber().toString())
|
||||
.build();
|
||||
} else {
|
||||
throw new IllegalStateException("지원하지 않는 공개키 알고리즘: " + pubKey.getAlgorithm());
|
||||
}
|
||||
|
||||
} catch (FileNotFoundException e) {
|
||||
System.err.println("인증서 파일을 찾을 수 없습니다: " + e.getMessage());
|
||||
} catch (CertificateException e) {
|
||||
System.err.println("인증서 파싱 오류: " + e.getMessage());
|
||||
} catch (IOException e) {
|
||||
System.err.println("파일 읽기 오류: " + e.getMessage());
|
||||
} catch (ClassCastException e) {
|
||||
System.err.println("X509Certificate 형변환 오류: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
// 암호화 메서드
|
||||
public String encrypt(String jsonPayload) throws Exception {
|
||||
if (receiverPublicJWK == null && receiverPublicRSAKey == null ) {
|
||||
throw new IllegalStateException("상대방 공개키가 초기화되지 않았습니다.");
|
||||
}
|
||||
|
||||
if (receiverPublicJWK != null && KeyType.EC.equals(receiverPublicJWK.getKeyType())) {
|
||||
JWEHeader header = new JWEHeader.Builder(JWEAlgorithm.ECDH_ES_A256KW, EncryptionMethod.A256GCM)
|
||||
.contentType("application/json")
|
||||
.keyID(receiverPublicJWK.getKeyID())
|
||||
.build();
|
||||
|
||||
this.jweObject = new JWEObject(header, new Payload(jsonPayload));
|
||||
|
||||
JWEEncrypter encrypter = new ECDHEncrypter(receiverPublicJWK);
|
||||
jweObject.encrypt(encrypter);
|
||||
|
||||
} else if (receiverPublicRSAKey != null && "RSA".equals(receiverPublicRSAKey.getKeyType().getValue())) {
|
||||
JWEHeader header = new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A256GCM)
|
||||
.contentType("application/json")
|
||||
.keyID(receiverPublicRSAKey.getKeyID())
|
||||
.build();
|
||||
|
||||
this.jweObject = new JWEObject(header, new Payload(jsonPayload));
|
||||
|
||||
JWEEncrypter encrypter = new RSAEncrypter(receiverPublicRSAKey);
|
||||
jweObject.encrypt(encrypter);
|
||||
}
|
||||
return jweObject.serialize();
|
||||
|
||||
}
|
||||
|
||||
// 복호화 메서드(상대방이 나한테 보낸것)
|
||||
public String decrypt(String jweString) throws Exception {
|
||||
if (myECKey == null && receiverPublicRSAKey == null) {
|
||||
throw new IllegalStateException("내 개인키 또는 RSA 키가 초기화되지 않았습니다.");
|
||||
}
|
||||
|
||||
JWEObject decryptedJWE = JWEObject.parse(jweString);
|
||||
|
||||
if (myECKey != null) {
|
||||
// EC 키로 복호화
|
||||
JWEDecrypter decrypter = new ECDHDecrypter(myECKey);
|
||||
decryptedJWE.decrypt(decrypter);
|
||||
|
||||
} else if (receiverPublicRSAKey != null && receiverPublicRSAKey.isPrivate()) {
|
||||
// RSA 키로 복호화
|
||||
JWEDecrypter decrypter = new RSADecrypter(receiverPublicRSAKey.toPrivateKey());
|
||||
decryptedJWE.decrypt(decrypter);
|
||||
} else {
|
||||
throw new IllegalStateException("복호화에 필요한 키가 준비되지 않았습니다. (EC 개인키 또는 RSA 개인키)");
|
||||
}
|
||||
|
||||
return decryptedJWE.getPayload().toString();
|
||||
}
|
||||
|
||||
// 상대방 공개키를 외부에 제공할 수 있도록 getter
|
||||
public ECKey getReceiverPublicJWK() {
|
||||
if (receiverPublicJWK == null) {
|
||||
throw new IllegalStateException("상대방 공개키가 초기화되지 않았습니다.");
|
||||
}
|
||||
return receiverPublicJWK;
|
||||
}
|
||||
|
||||
// 내 공개키를 상대방에게 제공할 수 있도록 getter
|
||||
public ECKey getMyPublicJWK() {
|
||||
if (myECKey == null) {
|
||||
throw new IllegalStateException("내 키쌍이 초기화되지 않았습니다.");
|
||||
}
|
||||
return myECKey.toPublicJWK();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,60 @@
|
||||
package com.kjbank.encrypt.exchange.crypto;
|
||||
|
||||
import java.io.FileInputStream;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.*;
|
||||
import java.security.cert.*;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import javax.crypto.*;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
|
||||
public class NPKILoader {
|
||||
|
||||
// 1) Provider 등록 (예: KISA SEED JCE, KSign 등)
|
||||
static {
|
||||
// 예시: Security.addProvider(new com.kisa.seed.KISASeedJCE());
|
||||
// 또는 Security.addProvider(new com.ksign.security.provider.KsignProvider());
|
||||
// 실제 사용하는 라이브러리 명으로 교체
|
||||
}
|
||||
|
||||
public static X509Certificate loadCert(String certDerPath) throws Exception {
|
||||
try (FileInputStream fis = new FileInputStream(certDerPath)) {
|
||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||
return (X509Certificate) cf.generateCertificate(fis);
|
||||
}
|
||||
}
|
||||
|
||||
public static PrivateKey loadPrivateKey(String priDerPath, char[] password, String keyAlg) throws Exception {
|
||||
// 암호화된 PKCS#8 (DER) 읽기
|
||||
byte[] enc = Files.readAllBytes(Paths.get(priDerPath));
|
||||
EncryptedPrivateKeyInfo encInfo = new EncryptedPrivateKeyInfo(enc);
|
||||
|
||||
// 알고리즘 확인 (OID → 알고리즘 이름 매핑 필요)
|
||||
String algName = encInfo.getAlgName(); // 일부 Provider는 빈 문자열을 반환할 수 있음
|
||||
AlgorithmParameters params = encInfo.getAlgParameters();
|
||||
|
||||
// 국내 OID 매핑: 1.2.410.200004.1.15 → PBEWithSHA1AndSEED (Provider에 따라 이름 다를 수 있음)
|
||||
if (algName == null || algName.isEmpty()) {
|
||||
String oid = encInfo.getAlgParameters().getAlgorithm(); // 일부 Provider는 여기서도 OID를 줍니다
|
||||
// 필요 시 강제 설정
|
||||
algName = "PBEWithSHA1AndSEED"; // 사용 중인 Provider 문서의 이름으로 맞추세요
|
||||
}
|
||||
|
||||
// PBE 키 생성
|
||||
SecretKeyFactory skf = SecretKeyFactory.getInstance(algName);
|
||||
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
|
||||
SecretKey pbeKey = skf.generateSecret(pbeKeySpec);
|
||||
|
||||
// 복호화
|
||||
Cipher cipher = Cipher.getInstance(algName);
|
||||
cipher.init(Cipher.DECRYPT_MODE, pbeKey, params);
|
||||
byte[] pkcs8 = cipher.doFinal(encInfo.getEncryptedData());
|
||||
|
||||
// PKCS#8 → PrivateKey
|
||||
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pkcs8);
|
||||
KeyFactory kf = KeyFactory.getInstance(keyAlg); // "RSA" 또는 "EC"
|
||||
return kf.generatePrivate(keySpec);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
package com.kjbank.encrypt.exchange.crypto;
|
||||
|
||||
import com.nimbusds.jose.*;
|
||||
import com.nimbusds.jose.crypto.*;
|
||||
import com.nimbusds.jose.util.StandardCharset;
|
||||
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.X509Certificate;
|
||||
import com.nimbusds.jose.crypto.RSAEncrypter;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
|
||||
public class RSAOAEP256Cipher {
|
||||
|
||||
// 암호화: 상대방 공개 인증서(RSA)로 암호화
|
||||
public static String encrypt(byte[] plaintext, X509Certificate recipientCert, String kidOptional) throws Exception {
|
||||
// 인증서에서 RSA 공개키 추출
|
||||
if (!"RSA".equalsIgnoreCase(recipientCert.getPublicKey().getAlgorithm())) {
|
||||
throw new IllegalArgumentException("Recipient certificate public key is not RSA");
|
||||
}
|
||||
RSAPublicKey recipientPublicKey = (RSAPublicKey) recipientCert.getPublicKey();
|
||||
|
||||
JWEHeader header = new JWEHeader.Builder(
|
||||
JWEAlgorithm.RSA_OAEP_256,
|
||||
EncryptionMethod.A256GCM
|
||||
)
|
||||
.contentType("application/octet-stream")
|
||||
.keyID(kidOptional)
|
||||
.build();
|
||||
|
||||
JWEObject jweObject = new JWEObject(header, new Payload(plaintext));
|
||||
JWEEncrypter encrypter = new RSAEncrypter(recipientPublicKey);
|
||||
jweObject.encrypt(encrypter);
|
||||
|
||||
return jweObject.serialize();
|
||||
}
|
||||
|
||||
// 복호화: 내 RSA 개인키로 복호화
|
||||
public static byte[] decrypt(String jweCompact, PrivateKey myPrivateKey) throws Exception {
|
||||
JWEObject jweObject = JWEObject.parse(jweCompact);
|
||||
JWEDecrypter decrypter = new RSADecrypter(myPrivateKey);
|
||||
jweObject.decrypt(decrypter);
|
||||
return jweObject.getPayload().toBytes();
|
||||
}
|
||||
|
||||
// 편의 함수
|
||||
public static String encryptText(String text, X509Certificate cert, String kidOptional) throws Exception {
|
||||
return encrypt(text.getBytes(StandardCharset.UTF_8), cert, kidOptional);
|
||||
}
|
||||
|
||||
public static String decryptToText(String jweCompact, PrivateKey myPrivateKey) throws Exception {
|
||||
return new String(decrypt(jweCompact, myPrivateKey), StandardCharset.UTF_8);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user