Java使用RSA加密算法对内容进行加密

什么是RSA加密算法

RSA是一种典型的非对称性加密算法,具体介绍可参考阮一峰的日志 RSA算法原理

下面是使用RSA算法对传输内容进行加密的一个简要Java案例,主要用到了三个类,大体实现如下:

对内容进行RSA加密和解密校验的类

import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

public class RSASignature {
    /** 
     * 签名算法 
     */  
    public static final String SIGN_ALGORITHMS = "SHA1withRSA"; 

    /** 
     * RSA签名 
     * @param content 待签名数据 
     * @param privateKey 商户私钥 
     * @param encode 字符集编码 
     * @return 签名值 
     */  
     public static String sign(String content, String privateKey, String encode)  
     {  
         try   
         {  
             PKCS8EncodedKeySpec priPKCS8    = new PKCS8EncodedKeySpec( Base64.decode(privateKey) );   

             KeyFactory keyf  = KeyFactory.getInstance("RSA");  
             PrivateKey priKey = keyf.generatePrivate(priPKCS8);  

             java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);  

             signature.initSign(priKey);
             signature.update( content.getBytes(encode)); 

             byte[] signed = signature.sign();  

             return Base64.encode(signed);  
         }  
         catch (Exception e)   
         {  
             e.printStackTrace();  
         }  

         return null;  
     }  

     public static String sign(String content, String privateKey)  
     {  
         try   
         {  
             PKCS8EncodedKeySpec priPKCS8    = new PKCS8EncodedKeySpec( Base64.decode(privateKey) );   
             KeyFactory keyf = KeyFactory.getInstance("RSA");  
             PrivateKey priKey = keyf.generatePrivate(priPKCS8);  
             java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);  
             signature.initSign(priKey); 
             signature.update( content.getBytes()); 
             byte[] signed = signature.sign();  
             return Base64.encode(signed);  
         }  
         catch (Exception e)   
         {  
             e.printStackTrace();  
         }  
         return null;  
     }  

     /** 
     * RSA验签名检查 
     * @param content 待签名数据 
     * @param sign 签名值 
     * @param publicKey 分配给开发商公钥 
     * @return 布尔值 
     */  
     public static boolean doCheck(String content, String sign, String publicKey)  
     {  
         try   
         {  
             KeyFactory keyFactory = KeyFactory.getInstance("RSA");  
             byte[] encodedKey = Base64.decode(publicKey);  
             PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));  

             java.security.Signature signature = java.security.Signature  
             .getInstance(SIGN_ALGORITHMS);  

             signature.initVerify(pubKey);  
             signature.update( content.getBytes() );  

             boolean bverify = signature.verify( Base64.decode(sign) );  
             return bverify;  

         }   
         catch (Exception e)   
         {  
             e.printStackTrace();  
         }  

         return false;  
     }  

}

Base64基础类

public class Base64 {
	static private final int     BASELENGTH           = 128;  
    static private final int     LOOKUPLENGTH         = 64;  
    static private final int     TWENTYFOURBITGROUP   = 24;  
    static private final int     EIGHTBIT             = 8;  
    static private final int     SIXTEENBIT           = 16;  
    static private final int     FOURBYTE             = 4;  
    static private final int     SIGN                 = -128;  
    static private final char    PAD                  = '=';  
    static private final boolean fDebug               = false;  
    static final private byte[]  base64Alphabet       = new byte[BASELENGTH];  
    static final private char[]  lookUpBase64Alphabet = new char[LOOKUPLENGTH];  

    static {  
        for (int i = 0; i < BASELENGTH; ++i) {  
            base64Alphabet[i] = -1;  
        }  
        for (int i = 'Z'; i >= 'A'; i--) {  
            base64Alphabet[i] = (byte) (i - 'A');  
        }  
        for (int i = 'z'; i >= 'a'; i--) {  
            base64Alphabet[i] = (byte) (i - 'a' + 26);  
        }  

        for (int i = '9'; i >= '0'; i--) {  
            base64Alphabet[i] = (byte) (i - '0' + 52);  
        }  

        base64Alphabet['+'] = 62;  
        base64Alphabet['/'] = 63;  

        for (int i = 0; i <= 25; i++) {  
            lookUpBase64Alphabet[i] = (char) ('A' + i);  
        }  

        for (int i = 26, j = 0; i <= 51; i++, j++) {  
            lookUpBase64Alphabet[i] = (char) ('a' + j);  
        }  

        for (int i = 52, j = 0; i <= 61; i++, j++) {  
            lookUpBase64Alphabet[i] = (char) ('0' + j);  
        }  
        lookUpBase64Alphabet[62] = (char) '+';  
        lookUpBase64Alphabet[63] = (char) '/';  

    }  

    private static boolean isWhiteSpace(char octect) {  
        return (octect == 0x20 || octect == 0xd || octect == 0xa || octect == 0x9);  
    }  

    private static boolean isPad(char octect) {  
        return (octect == PAD);  
    }  

    private static boolean isData(char octect) {  
        return (octect < BASELENGTH && base64Alphabet[octect] != -1);  
    }  

    /** 
     * Encodes hex octects into Base64 
     * 
     * @param binaryData Array containing binaryData 
     * @return Encoded Base64 array 
     */  
    public static String encode(byte[] binaryData) {  

        if (binaryData == null) {  
            return null;  
        }  

        int lengthDataBits = binaryData.length * EIGHTBIT;  
        if (lengthDataBits == 0) {  
            return "";  
        }  

        int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;  
        int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP;  
        int numberQuartet = fewerThan24bits != 0 ? numberTriplets + 1 : numberTriplets;  
        char encodedData[] = null;  

        encodedData = new char[numberQuartet * 4];  

        byte k = 0, l = 0, b1 = 0, b2 = 0, b3 = 0;  

        int encodedIndex = 0;  
        int dataIndex = 0;  
        if (fDebug) {  
            System.out.println("number of triplets = " + numberTriplets);  
        }  

        for (int i = 0; i < numberTriplets; i++) {  
            b1 = binaryData[dataIndex++];  
            b2 = binaryData[dataIndex++];  
            b3 = binaryData[dataIndex++];  

            if (fDebug) {  
                System.out.println("b1= " + b1 + ", b2= " + b2 + ", b3= " + b3);  
            }  

            l = (byte) (b2 & 0x0f);  
            k = (byte) (b1 & 0x03);  

            byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0);  
            byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0);  
            byte val3 = ((b3 & SIGN) == 0) ? (byte) (b3 >> 6) : (byte) ((b3) >> 6 ^ 0xfc);  

            if (fDebug) {  
                System.out.println("val2 = " + val2);  
                System.out.println("k4   = " + (k << 4));  
                System.out.println("vak  = " + (val2 | (k << 4)));  
            }  

            encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];  
            encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];  
            encodedData[encodedIndex++] = lookUpBase64Alphabet[(l << 2) | val3];  
            encodedData[encodedIndex++] = lookUpBase64Alphabet[b3 & 0x3f];  
        }  

        // form integral number of 6-bit groups  
        if (fewerThan24bits == EIGHTBIT) {  
            b1 = binaryData[dataIndex];  
            k = (byte) (b1 & 0x03);  
            if (fDebug) {  
                System.out.println("b1=" + b1);  
                System.out.println("b1<<2 = " + (b1 >> 2));  
            }  
            byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0);  
            encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];  
            encodedData[encodedIndex++] = lookUpBase64Alphabet[k << 4];  
            encodedData[encodedIndex++] = PAD;  
            encodedData[encodedIndex++] = PAD;  
        } else if (fewerThan24bits == SIXTEENBIT) {  
            b1 = binaryData[dataIndex];  
            b2 = binaryData[dataIndex + 1];  
            l = (byte) (b2 & 0x0f);  
            k = (byte) (b1 & 0x03);  

            byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0);  
            byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0);  

            encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];  
            encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];  
            encodedData[encodedIndex++] = lookUpBase64Alphabet[l << 2];  
            encodedData[encodedIndex++] = PAD;  
        }  

        return new String(encodedData);  
    }  

    /** 
     * Decodes Base64 data into octects 
     * 
     * @param encoded string containing Base64 data 
     * @return Array containind decoded data. 
     */  
    public static byte[] decode(String encoded) {  

        if (encoded == null) {  
            return null;  
        }  

        char[] base64Data = encoded.toCharArray();  
        // remove white spaces  
        int len = removeWhiteSpace(base64Data);  

        if (len % FOURBYTE != 0) {  
            return null;//should be divisible by four  
        }  

        int numberQuadruple = (len / FOURBYTE);  

        if (numberQuadruple == 0) {  
            return new byte[0];  
        }  

        byte decodedData[] = null;  
        byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;  
        char d1 = 0, d2 = 0, d3 = 0, d4 = 0;  

        int i = 0;  
        int encodedIndex = 0;  
        int dataIndex = 0;  
        decodedData = new byte[(numberQuadruple) * 3];  

        for (; i < numberQuadruple - 1; i++) {  

            if (!isData((d1 = base64Data[dataIndex++])) || !isData((d2 = base64Data[dataIndex++]))  
                || !isData((d3 = base64Data[dataIndex++]))  
                || !isData((d4 = base64Data[dataIndex++]))) {  
                return null;  
            }//if found "no data" just return null  

            b1 = base64Alphabet[d1];  
            b2 = base64Alphabet[d2];  
            b3 = base64Alphabet[d3];  
            b4 = base64Alphabet[d4];  

            decodedData[encodedIndex++] = (byte) (b1 << 2 | b2 >> 4);  
            decodedData[encodedIndex++] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));  
            decodedData[encodedIndex++] = (byte) (b3 << 6 | b4);  
        }  

        if (!isData((d1 = base64Data[dataIndex++])) || !isData((d2 = base64Data[dataIndex++]))) {  
            return null;//if found "no data" just return null  
        }  

        b1 = base64Alphabet[d1];  
        b2 = base64Alphabet[d2];  

        d3 = base64Data[dataIndex++];  
        d4 = base64Data[dataIndex++];  
        if (!isData((d3)) || !isData((d4))) {//Check if they are PAD characters  
            if (isPad(d3) && isPad(d4)) {  
                if ((b2 & 0xf) != 0)//last 4 bits should be zero  
                {  
                    return null;  
                }  
                byte[] tmp = new byte[i * 3 + 1];  
                System.arraycopy(decodedData, 0, tmp, 0, i * 3);  
                tmp[encodedIndex] = (byte) (b1 << 2 | b2 >> 4);  
                return tmp;  
            } else if (!isPad(d3) && isPad(d4)) {  
                b3 = base64Alphabet[d3];  
                if ((b3 & 0x3) != 0)//last 2 bits should be zero  
                {  
                    return null;  
                }  
                byte[] tmp = new byte[i * 3 + 2];  
                System.arraycopy(decodedData, 0, tmp, 0, i * 3);  
                tmp[encodedIndex++] = (byte) (b1 << 2 | b2 >> 4);  
                tmp[encodedIndex] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));  
                return tmp;  
            } else {  
                return null;  
            }  
        } else { //No PAD e.g 3cQl  
            b3 = base64Alphabet[d3];  
            b4 = base64Alphabet[d4];  
            decodedData[encodedIndex++] = (byte) (b1 << 2 | b2 >> 4);  
            decodedData[encodedIndex++] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));  
            decodedData[encodedIndex++] = (byte) (b3 << 6 | b4);  

        }  

        return decodedData;  
    }  

    /** 
     * remove WhiteSpace from MIME containing encoded Base64 data. 
     * 
     * @param data  the byte array of base64 data (with WS) 
     * @return      the new length 
     */  
    private static int removeWhiteSpace(char[] data) {  
        if (data == null) {  
            return 0;  
        }  

        // count characters that's not whitespace  
        int newSize = 0;  
        int len = data.length;  
        for (int i = 0; i < len; i++) {  
            if (!isWhiteSpace(data[i])) {  
                data[newSize++] = data[i];  
            }  
        }  
        return newSize;  
    }  
}

在过滤器的Request中对加签的请求进行验签,在Response中对返回的参数加签。

import java.nio.charset.Charset;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import com.alibaba.fastjson.JSONObject;

public class ChannelSignature implements ServletChannelInterceptor{

	private final static Logger logger = (Logger) LoggerFactory.getLogger(ChannelSignature.class);

	private static final String DEFAULT_CHARSET = "UTF-8";

	/是否签名验签,true:验签 ,false:不进行验签/
	private boolean verifySignFlag;

	/私钥路径/
	@Value("${privateKey}")
	private String privateKey;

	/公钥路径/
	@Value("${publicKey}")
	private String publicKey;

	@Override
	public void onRequest(ChannelContext<HttpServletRequest, HttpServletResponse> channelContext, ContextEx contextEx)
			throws FcsiException{
		if(!verifySignFlag){logger.debug("don't need verif");return;}
		Object object = channelContext.getRequestPayload();
		String json = new String((byte[])object,Charset.forName(DEFAULT_CHARSET));
		JSONObject jsonObject = JSONObject.parseObject(json);
		String requestParamStr = jsonObject.getString("requestData");
		String vSign = jsonObject.getString("sign");
		logger.debug("verif sign begin ... ... requestParamStr:{}   signStr:{}",requestParamStr,vSign);

		Boolean verifResult = RSASignature.doCheck(requestParamStr, vSign, publicKey);
		if(!verifResult){throw new SignatureException(MsgConstants.IFP_230002,"验签异常");}
		logger.debug("verif sign end ... ...    signResult:{}",verifResult);
	}

	@Override
	public void onResponse(ChannelContext<HttpServletRequest, HttpServletResponse> channelContext, ContextEx contextEx,
			Throwable ex) {
		JSONObject jsonObject = null;
		if(ex instanceof SignatureException ){jsonObject = getSignatureExceptionRespData(ex); sign(channelContext,jsonObject);return;}
		Object object = channelContext.getResponsePalyload();
		if(null == object){logger.debug("responsePalyload is null");return;}
		String json = new String((byte[])object,Charset.forName("UTF8"));
		jsonObject = JSONObject.parseObject(json);
		sign(channelContext,jsonObject);
	}

	/**
	 * 对响应数据进行签名,并将响应结果放至ResponsePayload
	 * @param channelContext
	 * @param jsonObject
	 */
	private void sign(ChannelContext<HttpServletRequest, HttpServletResponse> channelContext, JSONObject jsonObject) {
		String responseParamStr = jsonObject.getString("responseData");
		logger.debug("generate sign begin ... ... signParamStr:{}",responseParamStr);
		String sign=RSASignature.sign(responseParamStr,privateKey); //对原始报文进行签名
		logger.debug("generate sign end ... ... signStr:{}",sign);
		jsonObject.put("sign", sign);  String str = jsonObject.toString();
		channelContext.setResponsePayload((Object)str.getBytes(Charset.forName(DEFAULT_CHARSET)));
	}

	/**
	 * 组装签名异常响应数据
	 * @param ex
	 * @return
	 */
	private JSONObject getSignatureExceptionRespData(Throwable ex) {
		String code = ((SignatureException) ex).getCode();
	    String defaultMessage = ((SignatureException) ex).getMessage();
	    String[]  errMessageStr= defaultMessage.split("]"); String msg = errMessageStr[1];
	    JSONObject jsonObject = new JSONObject();jsonObject.put("code", code); jsonObject.put("msg", msg);
	    JSONObject respJsonObject = new JSONObject(); respJsonObject.put("responseData", jsonObject);
		return respJsonObject;
	}

	public boolean isVerifySignFlag() {
		return verifySignFlag;
	}

	public void setVerifySignFlag(boolean verifySignFlag) {
		this.verifySignFlag = verifySignFlag;
	}

}
posted @ 2017-09-11 00:12  ironass  阅读(5008)  评论(0编辑  收藏  举报