加解密工具类(含keystore导出pfx)
java代码如下:
package sign; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.security.Key; import java.security.KeyStore; import java.security.PrivateKey; import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Enumeration; import javax.crypto.Cipher; @SuppressWarnings({ "rawtypes", "unused" }) public class UtilTools { private static final String PKCS12 = "PKCS12"; private static final String CHARSET = "utf-8"; private final static String CertType = "X.509"; public final static String TrustStoreType = "JKS"; private static final String SHA1WithRSA = "SHA1WithRSA"; private final static String MD5withRSA = "MD5withRSA"; private static final String SHA224WithRSA = "SHA224WithRSA"; private static final String SHA256WithRSA = "SHA256WithRSA"; private static final String SHA384WithRSA = "SHA384WithRSA"; private static final String SHA512WithRSA = "SHA512WithRSA"; private static final String RSA = "RSA"; private static final String ECB = "ECB"; private static final String PCKCS1PADDING = "PCKCS1Padding"; /** * generate the signature * * @param source * @param pfxPath * @param password * @return * @throws Exception */ public static String generateSignature(String source, String pfxPath, String password) throws Exception { byte[] signature = null; PrivateKey privateKey = getPrivateKeyInstance(pfxPath, password); Signature sig = Signature.getInstance(SHA1WithRSA); sig.initSign(privateKey); sig.update(source.getBytes(CHARSET)); signature = sig.sign(); return Base64Util.encode(signature); } /** * check the signature * * @param datasource * @param sign * @param certificatePath * @return * @throws Exception */ public static boolean checkSignature(String datasource, String sign, String certificatePath) throws Exception { try { X509Certificate x509Certificate = (X509Certificate) getInstance(certificatePath); Signature signature = Signature.getInstance(SHA1WithRSA); signature.initVerify(x509Certificate); signature.update(datasource.getBytes(CHARSET)); return signature.verify(Base64Util.decode(sign)); } catch (Exception e) { System.out.println(e.getMessage()); } return false; } /** * 加载私钥 * * @param strPfx * @param strPassword * @return */ private static PrivateKey getPrivateKeyInstance(String strPfx, String strPassword) throws Exception { FileInputStream fis = null; try { KeyStore ks = KeyStore.getInstance(PKCS12); fis = new FileInputStream(strPfx); char[] chars = null; if ((strPassword == null) || strPassword.trim().equals("")) { chars = null; } else { chars = strPassword.toCharArray(); } ks.load(fis, chars); fis.close(); Enumeration enumas = ks.aliases(); String keyAlias = null; if (enumas.hasMoreElements()) { keyAlias = (String) enumas.nextElement(); } return (PrivateKey) ks.getKey(keyAlias, chars); } finally { if (fis != null) { try { fis.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } } } /** * 获得证书 * * @param certificatePath * @return */ private static Certificate getInstance(String certificatePath) throws Exception { InputStream is = null; try { is = new FileInputStream(certificatePath); CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType); return certificateFactory.generateCertificate(is); } catch (Exception e) { System.out.println(e.getMessage()); } finally { if (is != null) { try { is.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } } return null; } /** * 将pfx或p12的文件转为keystore * * @param pfxFile 原文件路径及名称 * @param pfxPsw 密码 * @param keyStoreFile 生成的文件名和路径 */ public static void coverTokeyStore(String pfxFile, String pfxPsw, String keyStoreFile) throws Exception { KeyStore inputKeyStore = null; FileInputStream input = null; FileOutputStream output = null; String keyAlias = ""; try { inputKeyStore = KeyStore.getInstance(PKCS12); input = new FileInputStream(pfxFile); char[] password = null; if ((pfxPsw == null) || pfxPsw.trim().equals("")) { password = null; } else { password = pfxPsw.toCharArray(); } inputKeyStore.load(input, password); KeyStore outputKeyStore = KeyStore.getInstance(TrustStoreType); outputKeyStore.load(null, pfxPsw.toCharArray()); Enumeration enums = inputKeyStore.aliases(); while (enums.hasMoreElements()) { keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) { Key key = inputKeyStore.getKey(keyAlias, password); Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias); outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain); } } output = new FileOutputStream(keyStoreFile); outputKeyStore.store(output, password); } catch (Exception e) { System.out.println(e.getMessage()); } finally { if (input != null) { try { input.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } if (output != null) { try { output.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } } } /** * 将keystore转为pfx * * @param keyStoreFile 生成的文件名和路径 * @param pfxPsw 密码 * @param pfxFile 原文件路径及名称 */ public static void coverToPfx(String keyStoreFile, String pfxPsw, String pfxFile) throws Exception { KeyStore inputKeyStore = null; FileInputStream input = null; FileOutputStream output = null; String keyAlias = ""; try { inputKeyStore = KeyStore.getInstance(TrustStoreType); input = new FileInputStream(keyStoreFile); char[] password = null; if ((pfxPsw == null) || pfxPsw.trim().equals("")) { password = null; } else { password = pfxPsw.toCharArray(); } inputKeyStore.load(input, password); KeyStore outputKeyStore = KeyStore.getInstance(PKCS12); outputKeyStore.load(null, pfxPsw.toCharArray()); Enumeration enums = inputKeyStore.aliases(); while (enums.hasMoreElements()) { keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) { Key key = inputKeyStore.getKey(keyAlias, password); Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias); outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain); } } output = new FileOutputStream(pfxFile); outputKeyStore.store(output, password); } catch (Exception e) { System.out.println(e.getMessage()); } finally { if (input != null) { try { input.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } if (output != null) { try { output.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } } } /** * 使用公钥 进行 非对称加密数据 * @param certPath * @param dataSource * @return * @throws Exception */ public static String certEncode(String certPath, String dataSource) throws Exception { InputStream input = null; try { byte[] plainText = dataSource.getBytes(CHARSET); // 证书格式为x509 CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType); // 读取证书文件的输入流 input = new FileInputStream(certPath); Certificate certificate = certificateFactory.generateCertificate(input); // 支持:RSA/ECB/PCKCS1Padding Cipher cipher = Cipher.getInstance(RSA); cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey()); cipher.update(plainText); byte[] signByte = cipher.doFinal(); String sign = Base64Util.encode(signByte); return sign; } catch (Exception e) { System.out.println(e.getMessage()); } finally { if (input != null) { try { input.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } } return null; } /** * 使用私钥 进行非对称解密数据 * @param keyStorePath * @param keyStorePass * @param alias * @param certPass * @param decodeData * @return * @throws Exception */ public static String certDecode(String keyStorePath, String keyStorePass, String alias, String certPass, String decodeData) throws Exception { InputStream input = null; try { // 密文数据Base64转换 byte[] cipherText = Base64Util.decode(decodeData); // 提供密钥库类型 KeyStore keyStore = KeyStore.getInstance(TrustStoreType); // 读取keystore文件的输入流 input = new FileInputStream(keyStorePath); keyStore.load(input, keyStorePass.toCharArray()); // 加载证书 PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, certPass.toCharArray()); // 支持:RSA/ECB/PCKCS1Padding Cipher cipher = Cipher.getInstance(RSA); cipher.init(Cipher.DECRYPT_MODE, privateKey); cipher.update(cipherText); byte[] sourceByte = cipher.doFinal(); String source = new String(sourceByte, CHARSET); return source; } catch (Exception e) { System.out.println(e.getMessage()); } finally { if (input != null) { try { input.close(); } catch (IOException e) { System.out.println(e.getMessage()); } } } return null; } }