证书签名
package test;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Enumeration;
/**
* 私钥签名,公钥验签
* @author jinzhm
*
*/
public class SignUtil {
private static String CHARSET_ENCODING = "UTF-8";
private static String ALGORITHM = "SHA256withRSA";
/**
* 签名
* @param srcData
* @param privateKeyPath
* @param privateKeyPwd
* @return
*/
public static String sign(String srcData, String privateKeyPath, String privateKeyPwd){
if(srcData==null || privateKeyPath==null || privateKeyPwd==null){
return "";
}
try {
// 获取证书的私钥
PrivateKey key = readPrivate(privateKeyPath, privateKeyPwd);
// 进行签名服务
Signature signature = Signature.getInstance(ALGORITHM);
signature.initSign(key);
signature.update(srcData.getBytes(CHARSET_ENCODING));
byte[] signedData = signature.sign();
return Base64.getEncoder().encodeToString(signedData);
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
/**
* 验签
* @param srcData
* @param signedData
* @param publicKeyPath
* @return
*/
public static boolean verify(String srcData, String signedData, String publicKeyPath){
if(srcData==null || signedData==null || publicKeyPath==null){
return false;
}
try {
PublicKey publicKey = readPublic(publicKeyPath);
Signature sign = Signature.getInstance(ALGORITHM);
sign.initVerify(publicKey);
sign.update(srcData.getBytes(CHARSET_ENCODING));
return sign.verify(Base64.getDecoder().decode(signedData));
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
/**
* 读取公钥
* @param publicKeyPath
* @return
*/
private static PublicKey readPublic(String publicKeyPath){
if(publicKeyPath==null){
return null;
}
PublicKey pk = null;
FileInputStream bais = null;
try {
CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
bais = new FileInputStream(publicKeyPath);
X509Certificate cert = (X509Certificate)certificatefactory.generateCertificate(bais);
pk = cert.getPublicKey();
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} finally{
if(bais != null){
try {
bais.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return pk;
}
/**
* 读取私钥
* @param path
* @return
*/
private static PrivateKey readPrivate(String privateKeyPath, String privateKeyPwd){
if(privateKeyPath==null || privateKeyPwd==null){
return null;
}
InputStream stream = null;
try {
// 获取JKS 服务器私有证书的私钥,取得标准的JKS的 KeyStore实例
KeyStore store = KeyStore.getInstance("JKS");
stream = new FileInputStream(new File(privateKeyPath));
// jks文件密码,根据实际情况修改
store.load(stream, privateKeyPwd.toCharArray());
// 获取jks证书别名
Enumeration en = store.aliases();
String pName = null;
while (en.hasMoreElements()) {
String n = (String) en.nextElement();
if (store.isKeyEntry(n)) {
pName = n;
}
}
// 获取证书的私钥
PrivateKey key = (PrivateKey) store.getKey(pName,
privateKeyPwd.toCharArray());
return key;
} catch (Exception e) {
e.printStackTrace();
} finally {
if(stream != null){
try {
stream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return null;
}
}
来源:oschina
链接:https://my.oschina.net/u/4381494/blog/3603250