加解密工具类(含keystore导出pfx)
java代码如下:
package sign; import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration; import javax.crypto.Cipher; @SuppressWarnings({ "rawtypes", "unused" })
public class UtilTools { private static final String PKCS12 = "PKCS12";
private static final String CHARSET = "utf-8";
private final static String CertType = "X.509";
public final static String TrustStoreType = "JKS";
private static final String SHA1WithRSA = "SHA1WithRSA";
private final static String MD5withRSA = "MD5withRSA";
private static final String SHA224WithRSA = "SHA224WithRSA";
private static final String SHA256WithRSA = "SHA256WithRSA";
private static final String SHA384WithRSA = "SHA384WithRSA";
private static final String SHA512WithRSA = "SHA512WithRSA";
private static final String RSA = "RSA";
private static final String ECB = "ECB";
private static final String PCKCS1PADDING = "PCKCS1Padding"; /**
* generate the signature
*
* @param source
* @param pfxPath
* @param password
* @return
* @throws Exception
*/
public static String generateSignature(String source, String pfxPath, String password) throws Exception {
byte[] signature = null;
PrivateKey privateKey = getPrivateKeyInstance(pfxPath, password);
Signature sig = Signature.getInstance(SHA1WithRSA);
sig.initSign(privateKey);
sig.update(source.getBytes(CHARSET));
signature = sig.sign();
return Base64Util.encode(signature);
} /**
* check the signature
*
* @param datasource
* @param sign
* @param certificatePath
* @return
* @throws Exception
*/
public static boolean checkSignature(String datasource, String sign, String certificatePath) throws Exception {
try {
X509Certificate x509Certificate = (X509Certificate) getInstance(certificatePath);
Signature signature = Signature.getInstance(SHA1WithRSA);
signature.initVerify(x509Certificate);
signature.update(datasource.getBytes(CHARSET));
return signature.verify(Base64Util.decode(sign));
} catch (Exception e) {
System.out.println(e.getMessage());
}
return false;
} /**
* 加载私钥
*
* @param strPfx
* @param strPassword
* @return
*/
private static PrivateKey getPrivateKeyInstance(String strPfx, String strPassword) throws Exception {
FileInputStream fis = null;
try {
KeyStore ks = KeyStore.getInstance(PKCS12);
fis = new FileInputStream(strPfx);
char[] chars = null;
if ((strPassword == null) || strPassword.trim().equals("")) {
chars = null;
} else {
chars = strPassword.toCharArray();
}
ks.load(fis, chars);
fis.close();
Enumeration enumas = ks.aliases();
String keyAlias = null;
if (enumas.hasMoreElements()) {
keyAlias = (String) enumas.nextElement();
}
return (PrivateKey) ks.getKey(keyAlias, chars);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
} /**
* 获得证书
*
* @param certificatePath
* @return
*/
private static Certificate getInstance(String certificatePath) throws Exception {
InputStream is = null;
try {
is = new FileInputStream(certificatePath);
CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType);
return certificateFactory.generateCertificate(is);
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
} /**
* 将pfx或p12的文件转为keystore
*
* @param pfxFile 原文件路径及名称
* @param pfxPsw 密码
* @param keyStoreFile 生成的文件名和路径
*/
public static void coverTokeyStore(String pfxFile, String pfxPsw, String keyStoreFile) throws Exception {
KeyStore inputKeyStore = null;
FileInputStream input = null;
FileOutputStream output = null;
String keyAlias = "";
try {
inputKeyStore = KeyStore.getInstance(PKCS12);
input = new FileInputStream(pfxFile);
char[] password = null; if ((pfxPsw == null) || pfxPsw.trim().equals("")) {
password = null;
} else {
password = pfxPsw.toCharArray();
}
inputKeyStore.load(input, password);
KeyStore outputKeyStore = KeyStore.getInstance(TrustStoreType);
outputKeyStore.load(null, pfxPsw.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, password);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain);
}
}
output = new FileOutputStream(keyStoreFile);
outputKeyStore.store(output, password);
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (output != null) {
try {
output.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
} /**
* 将keystore转为pfx
*
* @param keyStoreFile 生成的文件名和路径
* @param pfxPsw 密码
* @param pfxFile 原文件路径及名称
*/
public static void coverToPfx(String keyStoreFile, String pfxPsw, String pfxFile) throws Exception {
KeyStore inputKeyStore = null;
FileInputStream input = null;
FileOutputStream output = null;
String keyAlias = "";
try {
inputKeyStore = KeyStore.getInstance(TrustStoreType);
input = new FileInputStream(keyStoreFile);
char[] password = null;
if ((pfxPsw == null) || pfxPsw.trim().equals("")) {
password = null;
} else {
password = pfxPsw.toCharArray();
}
inputKeyStore.load(input, password);
KeyStore outputKeyStore = KeyStore.getInstance(PKCS12);
outputKeyStore.load(null, pfxPsw.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, password);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, pfxPsw.toCharArray(), certChain);
}
}
output = new FileOutputStream(pfxFile);
outputKeyStore.store(output, password);
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (output != null) {
try {
output.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
} /**
* 使用公钥 进行 非对称加密数据
* @param certPath
* @param dataSource
* @return
* @throws Exception
*/
public static String certEncode(String certPath, String dataSource) throws Exception {
InputStream input = null;
try {
byte[] plainText = dataSource.getBytes(CHARSET);
// 证书格式为x509
CertificateFactory certificateFactory = CertificateFactory.getInstance(CertType);
// 读取证书文件的输入流
input = new FileInputStream(certPath);
Certificate certificate = certificateFactory.generateCertificate(input);
// 支持:RSA/ECB/PCKCS1Padding
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey());
cipher.update(plainText);
byte[] signByte = cipher.doFinal();
String sign = Base64Util.encode(signByte);
return sign;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
} /**
* 使用私钥 进行非对称解密数据
* @param keyStorePath
* @param keyStorePass
* @param alias
* @param certPass
* @param decodeData
* @return
* @throws Exception
*/
public static String certDecode(String keyStorePath, String keyStorePass, String alias, String certPass, String decodeData) throws Exception {
InputStream input = null;
try {
// 密文数据Base64转换
byte[] cipherText = Base64Util.decode(decodeData);
// 提供密钥库类型
KeyStore keyStore = KeyStore.getInstance(TrustStoreType);
// 读取keystore文件的输入流
input = new FileInputStream(keyStorePath);
keyStore.load(input, keyStorePass.toCharArray());
// 加载证书
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, certPass.toCharArray());
// 支持:RSA/ECB/PCKCS1Padding
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
cipher.update(cipherText);
byte[] sourceByte = cipher.doFinal();
String source = new String(sourceByte, CHARSET);
return source;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (input != null) {
try {
input.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null; } }
加解密工具类(含keystore导出pfx)的更多相关文章
- RSA加解密工具类RSAUtils.java,实现公钥加密私钥解密和私钥解密公钥解密
package com.geostar.gfstack.cas.util; import org.apache.commons.codec.binary.Base64; import javax.cr ...
- Java中的AES加解密工具类:AESUtils
本人手写已测试,大家可以参考使用 package com.mirana.frame.utils.encrypt; import com.mirana.frame.constants.SysConsta ...
- Java中的RSA加解密工具类:RSAUtils
本人手写已测试,大家可以参考使用 package com.mirana.frame.utils.encrypt; import com.mirana.frame.utils.log.LogUtils; ...
- DES加解密工具类
这两天在跟友商对接接口,在对外暴露接口的时候,因为友商不需要登录即可访问对于系统来说存在安全隐患,所以需要友商在调用接口的时候需要将数据加密,系统解密验证后才执行业务.所有的加密方式并不是万能的,只是 ...
- vue 核心加解密工具类 方法
1 /* base64 加解密 2 */ 3 export let Base64 = require('js-base64').Base64 4 5 /* md5 加解密 6 */ 7 export ...
- C# 加解密工具类
using System; using System.IO; using System.Security.Cryptography; using System.Text; namespace Clov ...
- Java 通过Xml导出Excel文件,Java Excel 导出工具类,Java导出Excel工具类
Java 通过Xml导出Excel文件,Java Excel 导出工具类,Java导出Excel工具类 ============================== ©Copyright 蕃薯耀 20 ...
- Base64加密解密工具类
使用Apache commons codec类Base64进行加密解密 maven依赖 <dependency> <groupId>commons-codec</grou ...
- XJar: Spring-Boot JAR 包加/解密工具,避免源码泄露以及反编译
XJar: Spring-Boot JAR 包加/解密工具,避免源码泄露以及反编译 <?xml version="1.0" encoding="UTF-8" ...
随机推荐
- AWT初步—Frame和 Panel
初识 AWT GUI 和 AWT GUI:Graphics User Interface 图形用户界面 AWT:Abstract Window Toolkit 抽象窗口工具集 之前的程 ...
- 异步陷阱之IO篇
很多教程和资料都强调流畅的用户体验需要异步来辅助,核心思想就是保证用户前端的交互永远有最高的优先级,让一切费时的逻辑通通放到后台,等到诸事完备,通知一下前端给个提示或者继续下一步.随着.NET发展,a ...
- Twitter基于R语言的时序数据突变检测(BreakoutDetection)
Twitter开源的时序数据突变检测(BreakoutDetection),基于无参的E-Divisive with Medians (EDM)算法,比传统的E-Divisive算法快3.5倍以上,并 ...
- 教你如何使用云服务器去搭建SS
注册云服务器 (首先推荐Vultr,注册链接:https://www.vultr.com/?ref=6962741,其他云服务商如阿里云HK,Linode等亦可使用,按需选择) 这里拿Vultr举例: ...
- Android 时间与日期操作类
获取本地日期与时间 public String getCalendar() { @SuppressLint("SimpleDateFormat") SimpleDateFormat ...
- 洗礼灵魂,修炼python(34)--面向对象编程(4)—继承
前面已经说到面向对象编程有封装,继承,多态三大特性,那么其中的继承则很重要,可以直接单独的拿出来解析 继承 1.什么是继承: 字面意是子女继承父母的家产或者特性等.而在编程里继承是指子类继承父类(基类 ...
- SQL易错总结1
SQL易错总结1 进阶 select语句.select * 查询所有不规范,写出要查的属性.distinct慎用,性能消耗很大 like 模糊查询 ,空值判断是 is null 单行函数:lower( ...
- nginx代理 upstream轮询
问题描述 我有2个Tomcat 一个端口开启(8021),一个端口未开启(8022),在nginx里用upstream模块进行代理 ,代理的负载算法采用的是默认的轮询算法,配置成功后,访问页面时并没 ...
- pb数据窗口之间的传参
问题描述: 通过一个窗口打开一个子窗口并传递指定参数查询详细信息 解决方法: 在前者窗体的user object下的itemchanged事件中,相应位置加入openwithparm函数 : op ...
- activiti获取可回退的节点
在处理流程回退时,需要获取某个节点当前可以回退到的节点,简单分析下: 1. 只支持回退到userTask. 2. 如果流程流转过某节点时生成了多个任务,从其中某一个任务回退到该节点后,不处理另外的任务 ...