加解密工具类(含keystore导出pfx)
java代码如下:
package sign; import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration; import javax.crypto.Cipher; @SuppressWarnings({ "rawtypes", "unused" })
public class UtilTools { private static final String PKCS12 = "PKCS12";
private static final String CHARSET = "utf-8";
private final static String CertType = "X.509";
public final static String TrustStoreType = "JKS";
private static final String SHA1WithRSA = "SHA1WithRSA";
private final static String MD5withRSA = "MD5withRSA";
private static final String SHA224WithRSA = "SHA224WithRSA";
private static final String SHA256WithRSA = "SHA256WithRSA";
private static final String SHA384WithRSA = "SHA384WithRSA";
private static final String SHA512WithRSA = "SHA512WithRSA";
private static final String RSA = "RSA";
private static final String ECB = "ECB";
private static final String PCKCS1PADDING = "PCKCS1Padding"; /**
* generate the signature
*
* @param source
* @param pfxPath
* @param password
* @return
* @throws Exception
*/
public static String generateSignature(String source, String pfxPath, String password) throws Exception {
byte[] signature = null;
PrivateKey privateKey = getPrivateKeyInstance(pfxPath, password);
Signature sig = Signature.getInstance(SHA1WithRSA);
sig.initSign(privateKey);
sig.update(source.getBytes(CHARSET));
signature = sig.sign();
return Base64Util.encode(signature);
} /**
* check the signature
*
* @param datasource
* @param sign
* @param certificatePath
* @return
* @throws Exception
*/
public static boolean checkSignature(String datasource, String sign, String certificatePath) throws Exception {
try {
X509Certificate x509Certificate = (X509Certificate) getInstance(certificatePath);
Signature signature = Signature.getInstance(SHA1WithRSA);
signature.initVerify(x509Certificate);
signature.update(datasource.getBytes(CHARSET));
return signature.verify(Base64Util.decode(sign));
} catch (Exception e) {
System.out.println(e.getMessage());
}
return false;
} /**
* 加载私钥
*
* @param strPfx
* @param strPassword
* @return
*/
private static PrivateKey getPrivateKeyInstance(String strPfx, String strPassword) throws Exception {
FileInputStream fis = null;
try {
KeyStore ks = KeyStore.getInstance(PKCS12);
fis = new FileInputStream(strPfx);
char[] chars = null;
if ((strPassword == null) || strPassword.trim().equals("")) {
chars = null;
} else {
chars = strPassword.toCharArray();
}
ks.load(fis, chars);
fis.close();
Enumeration enumas = ks.aliases();
String keyAlias = null;
if (enumas.hasMoreElements()) {
keyAlias = (String) enumas.nextElement();
}
return (PrivateKey) ks.getKey(keyAlias, chars);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
} /**
* 获得证书
*
* @param certificatePath
* @return
*/
private static Certificate getInstance(String certificatePath) throws Exception {
InputStream is = null;
try {
is = new FileInputStream(certificatePath);
CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType);
return certificateFactory.generateCertificate(is);
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
} /**
* 将pfx或p12的文件转为keystore
*
* @param pfxFile 原文件路径及名称
* @param pfxPsw 密码
* @param keyStoreFile 生成的文件名和路径
*/
public static void coverTokeyStore(String pfxFile, String pfxPsw, String keyStoreFile) throws Exception {
KeyStore inputKeyStore = null;
FileInputStream input = null;
FileOutputStream output = null;
String keyAlias = "";
try {
inputKeyStore = KeyStore.getInstance(PKCS12);
input = new FileInputStream(pfxFile);
char[] password = null; if ((pfxPsw == null) || pfxPsw.trim().equals("")) {
password = null;
} else {
password = pfxPsw.toCharArray();
}
inputKeyStore.load(input, password);
KeyStore outputKeyStore = KeyStore.getInstance(TrustStoreType);
outputKeyStore.load(null, pfxPsw.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, password);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain);
}
}
output = new FileOutputStream(keyStoreFile);
outputKeyStore.store(output, password);
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (output != null) {
try {
output.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
} /**
* 将keystore转为pfx
*
* @param keyStoreFile 生成的文件名和路径
* @param pfxPsw 密码
* @param pfxFile 原文件路径及名称
*/
public static void coverToPfx(String keyStoreFile, String pfxPsw, String pfxFile) throws Exception {
KeyStore inputKeyStore = null;
FileInputStream input = null;
FileOutputStream output = null;
String keyAlias = "";
try {
inputKeyStore = KeyStore.getInstance(TrustStoreType);
input = new FileInputStream(keyStoreFile);
char[] password = null;
if ((pfxPsw == null) || pfxPsw.trim().equals("")) {
password = null;
} else {
password = pfxPsw.toCharArray();
}
inputKeyStore.load(input, password);
KeyStore outputKeyStore = KeyStore.getInstance(PKCS12);
outputKeyStore.load(null, pfxPsw.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, password);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain);
}
}
output = new FileOutputStream(pfxFile);
outputKeyStore.store(output, password);
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (output != null) {
try {
output.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
} /**
* 使用公钥 进行 非对称加密数据
* @param certPath
* @param dataSource
* @return
* @throws Exception
*/
public static String certEncode(String certPath, String dataSource) throws Exception {
InputStream input = null;
try {
byte[] plainText = dataSource.getBytes(CHARSET);
// 证书格式为x509
CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType);
// 读取证书文件的输入流
input = new FileInputStream(certPath);
Certificate certificate = certificateFactory.generateCertificate(input);
// 支持:RSA/ECB/PCKCS1Padding
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey());
cipher.update(plainText);
byte[] signByte = cipher.doFinal();
String sign = Base64Util.encode(signByte);
return sign;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
} /**
* 使用私钥 进行非对称解密数据
* @param keyStorePath
* @param keyStorePass
* @param alias
* @param certPass
* @param decodeData
* @return
* @throws Exception
*/
public static String certDecode(String keyStorePath, String keyStorePass, String alias, String certPass, String decodeData) throws Exception {
InputStream input = null;
try {
// 密文数据Base64转换
byte[] cipherText = Base64Util.decode(decodeData);
// 提供密钥库类型
KeyStore keyStore = KeyStore.getInstance(TrustStoreType);
// 读取keystore文件的输入流
input = new FileInputStream(keyStorePath);
keyStore.load(input, keyStorePass.toCharArray());
// 加载证书
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, certPass.toCharArray());
// 支持:RSA/ECB/PCKCS1Padding
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
cipher.update(cipherText);
byte[] sourceByte = cipher.doFinal();
String source = new String(sourceByte, CHARSET);
return source;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null; } }
加解密工具类(含keystore导出pfx)的更多相关文章
- RSA加解密工具类RSAUtils.java,实现公钥加密私钥解密和私钥解密公钥解密
package com.geostar.gfstack.cas.util; import org.apache.commons.codec.binary.Base64; import javax.cr ...
- Java中的AES加解密工具类:AESUtils
本人手写已测试,大家可以参考使用 package com.mirana.frame.utils.encrypt; import com.mirana.frame.constants.SysConsta ...
- Java中的RSA加解密工具类:RSAUtils
本人手写已测试,大家可以参考使用 package com.mirana.frame.utils.encrypt; import com.mirana.frame.utils.log.LogUtils; ...
- DES加解密工具类
这两天在跟友商对接接口,在对外暴露接口的时候,因为友商不需要登录即可访问对于系统来说存在安全隐患,所以需要友商在调用接口的时候需要将数据加密,系统解密验证后才执行业务.所有的加密方式并不是万能的,只是 ...
- vue 核心加解密工具类 方法
1 /* base64 加解密 2 */ 3 export let Base64 = require('js-base64').Base64 4 5 /* md5 加解密 6 */ 7 export ...
- C# 加解密工具类
using System; using System.IO; using System.Security.Cryptography; using System.Text; namespace Clov ...
- Java 通过Xml导出Excel文件,Java Excel 导出工具类,Java导出Excel工具类
Java 通过Xml导出Excel文件,Java Excel 导出工具类,Java导出Excel工具类 ============================== ©Copyright 蕃薯耀 20 ...
- Base64加密解密工具类
使用Apache commons codec类Base64进行加密解密 maven依赖 <dependency> <groupId>commons-codec</grou ...
- XJar: Spring-Boot JAR 包加/解密工具,避免源码泄露以及反编译
XJar: Spring-Boot JAR 包加/解密工具,避免源码泄露以及反编译 <?xml version="1.0" encoding="UTF-8" ...
随机推荐
- react的生命周期需要知道的。
有关React生命周期: 1.组件生命周期的执行次数是什么样子的??? 只执行一次: constructor.componentWillMount.componentDidMount 执行多次:ren ...
- IDEA项目搭建七——使用Feign简化消费者端操作
一.简介 我们可以看到上一篇文章的消费者这边调用Service时比较麻烦,所以我们可以使用Feign来简化这部分操作,它底层也是使用Ribbon实现的只是Ribbon支持HTTP和TCP两种通信协议, ...
- 惊闻企业Web应用生成平台 活字格 V4.0 免费了,不单可视化设计器免费,服务器也免费!
官网消息: 针对活字格开发者,新版本完全免费!您可下载活字格 Web 应用生成平台 V4.0 Updated 1,方便的创建各类 Web 应用系统,任意部署,永不过期. 我之前学习过活字格,也曾经向用 ...
- cmake:善用find_package()提高效率暨查找JNI支持
cmake提供了很多实用的cmake-modules,通过find_package()命令调用这些modules,用于写CMakeLists.txt脚本时方便的查找依赖的库或其他编译相关的信息,善用这 ...
- XSS(跨站脚本攻击)漏洞解决方案
首先,简单介绍一下XSS定义: 一 . XSS介绍 XSS是跨站脚本攻击(Cross Site Scripting)的缩写.为了和层叠样式表CSS(Cascading Style Sheets)加以区 ...
- gnome extensions 推荐 (fedora 28 常用gnome 插件备份)
当我们进行重新安装系统(fedora 28)的时候,需要初始安装一些 gnome 插件,来进行完善我们的使用. 首先我们应该进行安装 gnome-tweak 工具来进行定制化系统. tweak 可以进 ...
- myeclipce项目导入eclipse中报错
1 找到新建页面所在的工程名字,然后左键选中,右键弹出功能菜单,选择Build Path,进入配置路径. 2 在java build path 页面的下选择Libraries栏目(默认选择),点击右侧 ...
- 从列表和实例来了解python迭代器
什么是迭代器?它是一个带状态的对象,在你调用next()方法的时候返回容器中的下一个值,任何实现了__iter__和__next__()(python2中实现next())方法的对象都是迭代器,__i ...
- Beta冲刺博客集合贴
Beta阶段第一次冲刺 Beta阶段第二次冲刺 Beta阶段第三次冲刺 Beta阶段第四次冲刺 Beta阶段第五次冲刺 Beta阶段总结博客
- Java7/8 中 HashMap 和 ConcurrentHashMap的对比和分析
大家可能平时用HashMap比较多,相对于ConcurrentHashMap 来说并不是很熟悉.ConcurrentHashMap 是 JDK 1.5 添加的新集合,用来保证线程安全性,提升 Map ...