加解密工具类(含keystore导出pfx)

java代码如下:

package sign;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

import javax.crypto.Cipher;

@SuppressWarnings({ "rawtypes", "unused" })
public class UtilTools {

    private static final String PKCS12 = "PKCS12";
    private static final String CHARSET = "utf-8";
    private final static String CertType = "X.509";
    public final static String TrustStoreType = "JKS";
    private static final String SHA1WithRSA = "SHA1WithRSA";
    private final static String MD5withRSA = "MD5withRSA";
    private static final String SHA224WithRSA = "SHA224WithRSA";
    private static final String SHA256WithRSA = "SHA256WithRSA";
    private static final String SHA384WithRSA = "SHA384WithRSA";
    private static final String SHA512WithRSA = "SHA512WithRSA";
    private static final String RSA = "RSA";
    private static final String ECB = "ECB";
    private static final String PCKCS1PADDING = "PCKCS1Padding";

    /**
     * generate the signature
     * 
     * @param source
     * @param pfxPath
     * @param password
     * @return
     * @throws Exception
     */
    public static String generateSignature(String source, String pfxPath, String password) throws Exception {
        byte[] signature = null;
        PrivateKey privateKey = getPrivateKeyInstance(pfxPath, password);
        Signature sig = Signature.getInstance(SHA1WithRSA);
        sig.initSign(privateKey);
        sig.update(source.getBytes(CHARSET));
        signature = sig.sign();
        return Base64Util.encode(signature);
    }

    /**
     * check the signature
     * 
     * @param datasource
     * @param sign
     * @param certificatePath
     * @return
     * @throws Exception
     */
    public static boolean checkSignature(String datasource, String sign, String certificatePath) throws Exception {
        try {
            X509Certificate x509Certificate = (X509Certificate) getInstance(certificatePath);
            Signature signature = Signature.getInstance(SHA1WithRSA);
            signature.initVerify(x509Certificate);
            signature.update(datasource.getBytes(CHARSET));
            return signature.verify(Base64Util.decode(sign));
        } catch (Exception e) {
            System.out.println(e.getMessage());
        }
        return false;
    }

    /**
     * 加载私钥
     * 
     * @param strPfx
     * @param strPassword
     * @return
     */
    private static PrivateKey getPrivateKeyInstance(String strPfx, String strPassword) throws Exception {
        FileInputStream fis = null;
        try {
            KeyStore ks = KeyStore.getInstance(PKCS12);
            fis = new FileInputStream(strPfx);
            char[] chars = null;
            if ((strPassword == null) || strPassword.trim().equals("")) {
                chars = null;
            } else {
                chars = strPassword.toCharArray();
            }
            ks.load(fis, chars);
            fis.close();
            Enumeration enumas = ks.aliases();
            String keyAlias = null;
            if (enumas.hasMoreElements()) {
                keyAlias = (String) enumas.nextElement();
            }
            return (PrivateKey) ks.getKey(keyAlias, chars);
        } finally {
            if (fis != null) {
                try {
                    fis.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
        }
    }

    /**
     * 获得证书
     * 
     * @param certificatePath
     * @return
     */
    private static Certificate getInstance(String certificatePath) throws Exception {
        InputStream is = null;
        try {
            is = new FileInputStream(certificatePath);
            CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType);
            return certificateFactory.generateCertificate(is);
        } catch (Exception e) {
            System.out.println(e.getMessage());
        } finally {
            if (is != null) {
                try {
                    is.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
        }
        return null;
    }

    /** 
     * 将pfx或p12的文件转为keystore
     * 
     * @param pfxFile 原文件路径及名称
     * @param pfxPsw 密码
     * @param keyStoreFile 生成的文件名和路径
     */
    public static void coverTokeyStore(String pfxFile, String pfxPsw, String keyStoreFile) throws Exception {
        KeyStore inputKeyStore = null;
        FileInputStream input = null;
        FileOutputStream output = null;
        String keyAlias = "";
        try {
            inputKeyStore = KeyStore.getInstance(PKCS12);
            input = new FileInputStream(pfxFile);
            char[] password = null;

            if ((pfxPsw == null) || pfxPsw.trim().equals("")) {
                password = null;
            } else {
                password = pfxPsw.toCharArray();
            }
            inputKeyStore.load(input, password);
            KeyStore outputKeyStore = KeyStore.getInstance(TrustStoreType);
            outputKeyStore.load(null, pfxPsw.toCharArray());
            Enumeration enums = inputKeyStore.aliases();
            while (enums.hasMoreElements()) {
                keyAlias = (String) enums.nextElement();

                System.out.println("alias=[" + keyAlias + "]");

                if (inputKeyStore.isKeyEntry(keyAlias)) {
                    Key key = inputKeyStore.getKey(keyAlias, password);
                    Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
                    outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain);
                }
            }
            output = new FileOutputStream(keyStoreFile);
            outputKeyStore.store(output, password);
        } catch (Exception e) {
            System.out.println(e.getMessage());
        } finally {
            if (input != null) {
                try {
                    input.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
            if (output != null) {
                try {
                    output.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
        }
    }

    /** 
     * 将keystore转为pfx
     * 
     * @param keyStoreFile 生成的文件名和路径
     * @param pfxPsw 密码
     * @param pfxFile 原文件路径及名称
     */
    public static void coverToPfx(String keyStoreFile, String pfxPsw, String pfxFile) throws Exception {
        KeyStore inputKeyStore = null;
        FileInputStream input = null;
        FileOutputStream output = null;
        String keyAlias = "";
        try {
            inputKeyStore = KeyStore.getInstance(TrustStoreType);
            input = new FileInputStream(keyStoreFile);
            char[] password = null;
            if ((pfxPsw == null) || pfxPsw.trim().equals("")) {
                password = null;
            } else {
                password = pfxPsw.toCharArray();
            }
            inputKeyStore.load(input, password);
            KeyStore outputKeyStore = KeyStore.getInstance(PKCS12);
            outputKeyStore.load(null, pfxPsw.toCharArray());
            Enumeration enums = inputKeyStore.aliases();
            while (enums.hasMoreElements()) {
                keyAlias = (String) enums.nextElement();
                System.out.println("alias=[" + keyAlias + "]");
                if (inputKeyStore.isKeyEntry(keyAlias)) {
                    Key key = inputKeyStore.getKey(keyAlias, password);
                    Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
                    outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain);
                }
            }
            output = new FileOutputStream(pfxFile);
            outputKeyStore.store(output, password);
        } catch (Exception e) {
            System.out.println(e.getMessage());
        } finally {
            if (input != null) {
                try {
                    input.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
            if (output != null) {
                try {
                    output.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
        }
    }

    /**
     * 使用公钥 进行 非对称加密数据
     * @param certPath
     * @param dataSource
     * @return
     * @throws Exception
     */
    public static String certEncode(String certPath, String dataSource) throws Exception {
        InputStream input = null;
        try {
            byte[] plainText = dataSource.getBytes(CHARSET);
            // 证书格式为x509
            CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType);
            // 读取证书文件的输入流
            input = new FileInputStream(certPath);
            Certificate certificate = certificateFactory.generateCertificate(input);
            // 支持:RSA/ECB/PCKCS1Padding
            Cipher cipher = Cipher.getInstance(RSA);
            cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey());
            cipher.update(plainText);
            byte[] signByte = cipher.doFinal();
            String sign = Base64Util.encode(signByte);
            return sign;
        } catch (Exception e) {
            System.out.println(e.getMessage());
        } finally {
            if (input != null) {
                try {
                    input.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
        }
        return null;
    }

    /**
     * 使用私钥 进行非对称解密数据
     * @param keyStorePath
     * @param keyStorePass
     * @param alias
     * @param certPass
     * @param decodeData
     * @return
     * @throws Exception
     */
    public static String certDecode(String keyStorePath, String keyStorePass, String alias, String certPass, String decodeData) throws Exception {
        InputStream input = null;
        try {
            // 密文数据Base64转换
            byte[] cipherText = Base64Util.decode(decodeData);
            // 提供密钥库类型
            KeyStore keyStore = KeyStore.getInstance(TrustStoreType);
            // 读取keystore文件的输入流
            input = new FileInputStream(keyStorePath);
            keyStore.load(input, keyStorePass.toCharArray());
            // 加载证书
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, certPass.toCharArray());
            // 支持:RSA/ECB/PCKCS1Padding
            Cipher cipher = Cipher.getInstance(RSA);
            cipher.init(Cipher.DECRYPT_MODE, privateKey);
            cipher.update(cipherText);
            byte[] sourceByte = cipher.doFinal();
            String source = new String(sourceByte, CHARSET);
            return source;
        } catch (Exception e) {
            System.out.println(e.getMessage());
        } finally {
            if (input != null) {
                try {
                    input.close();
                } catch (IOException e) {
                    System.out.println(e.getMessage());
                }
            }
        }
        return null;

    }

}

  

 

posted @ 2017-01-25 10:12  shindoyang  阅读(3095)  评论(0编辑  收藏  举报