| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 |
- package com.malk.lianan.utils;
- import cn.hutool.core.codec.Base64;
- import com.malk.utils.UtilFile;
- import org.bouncycastle.jce.provider.BouncyCastleProvider;
- import org.jolokia.util.Base64Util;
- import java.io.IOException;
- import java.io.InputStream;
- import java.nio.file.Files;
- import java.nio.file.Paths;
- import java.security.KeyFactory;
- import java.security.PrivateKey;
- import java.security.PublicKey;
- import java.security.Signature;
- import java.security.cert.Certificate;
- import java.security.cert.CertificateFactory;
- import java.security.cert.X509Certificate;
- import java.security.spec.PKCS8EncodedKeySpec;
- import java.util.Objects;
- public class RsaUtil {
- private final static String KEY_RSA = "RSA";
- private final static String KEY_RSA_SIGNATURE = "SHA256WithRSA";
- private static BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
- private static final String SHA256WithRSA = "SHA256WithRSA";
- private static final String X509 = "X.509";
- public static String sign(byte[] data, String privateKey) {
- String str = "";
- try {
- // 解密由 base64 编码的私钥
- byte[] bytes = decryptBase64(privateKey);
- // 构造 PKCS8EncodedKeySpec 对象
- PKCS8EncodedKeySpec pkcs = new PKCS8EncodedKeySpec(bytes);
- // 指定的加密算法
- KeyFactory factory = KeyFactory.getInstance(KEY_RSA,bouncyCastleProvider);
- // 取私钥对象
- PrivateKey key = factory.generatePrivate(pkcs);
- // 用私钥对信息生成数字签名
- Signature signature =Signature.getInstance(KEY_RSA_SIGNATURE,bouncyCastleProvider);
- signature.initSign(key);
- signature.update(data);
- str = encryptBase64(signature.sign());
- } catch (Exception e) {
- e.printStackTrace();
- }
- return str;
- }
- //验签
- public static boolean verifySign(byte[] data, String sign, String certificatePath) throws Exception {
- // 获得证书
- // certificatePath 为 cer 证书文件绝对路径
- X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
- if (Objects.isNull(x509Certificate)) {
- return false;
- }
- // 获得公钥
- PublicKey publicKey = x509Certificate.getPublicKey();
- // 构建签名
- Signature signature = Signature.getInstance(SHA256WithRSA);
- signature.initVerify(publicKey);
- signature.update(data);
- return signature.verify(Base64Util.decode(sign));
- }
- private static Certificate getCertificate(String certificatePath) throws Exception {
- InputStream in = null;
- try {
- CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
- // in = Files.newInputStream(Paths.get(certificatePath));
- in = UtilFile.readPackageResource(certificatePath);
- return certificateFactory.generateCertificate(in);
- } catch (Exception e) {
- System.out.println(e.getMessage());
- } finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException e) {
- System.out.println(e.getMessage());
- }
- }
- }
- return null;
- }
- public static Certificate loadCertificate(String relativePathInResources) throws Exception {
- // 使用 ClassLoader 获取资源流(路径以 / 开头表示从 classpath 根目录开始)
- try (InputStream in = RsaUtil.class.getClassLoader().getResourceAsStream(relativePathInResources)) {
- if (in == null) {
- throw new IllegalArgumentException("Certificate not found in resources: " + relativePathInResources);
- }
- CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
- return certificateFactory.generateCertificate(in);
- }
- }
- public static byte[] decryptBase64(String key) throws Exception {
- return Base64.decode(key);
- }
- public static String encryptBase64(byte[] key) throws Exception {
- return new String(Base64.encode(key));
- }
- }
|
