RSA公钥加密,私钥签名工具类

package *;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;

public class RSAUtils {

/**
 * 数字签名，密钥算法
 */
private static final String RSA_KEY_ALGORITHM = "RSA";

/**
 * 数字签名签名/验证算法
 */
private static final String SIGNATURE_ALGORITHM = "SHA1WithRSA";

/**
 * RSA密钥长度，RSA算法的默认密钥长度是1024密钥长度必须是64的倍数，在512到65536位之间
 */
private static final int KEY_SIZE = 2048;

/**
 * 字符集编码
 */
public static final String CHARSET = "UTF-8";

public static Map<String, String> createKeys() {
	// 为RSA算法创建一个KeyPairGenerator对象
	KeyPairGenerator kpg;
	try {
		kpg = KeyPairGenerator.getInstance(RSA_KEY_ALGORITHM);
	} catch (NoSuchAlgorithmException e) {
		throw new IllegalArgumentException("No such algorithm-->[" + RSA_KEY_ALGORITHM + "]");
	}

	// 初始化KeyPairGenerator对象,密钥长度
	kpg.initialize(KEY_SIZE);
	// 生成密匙对
	KeyPair keyPair = kpg.generateKeyPair();
	// 得到公钥
	Key publicKey = keyPair.getPublic();
	String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded());
	// 得到私钥
	Key privateKey = keyPair.getPrivate();
	String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded());
	Map<String, String> keyPairMap = new HashMap<String, String>();
	keyPairMap.put("publicKey", publicKeyStr);
	keyPairMap.put("privateKey", privateKeyStr);

	return keyPairMap;
}

/**
 * 得到公钥
 * 
 * @param publicKey 密钥字符串（经过base64编码）
 * @throws Exception
 */
public static RSAPublicKey getPublicKey(String publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
	// 通过X509编码的Key指令获得公钥对象
	KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
	X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));
	RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
	return key;
}

/**
 * 得到私钥
 * 
 * @param privateKey 密钥字符串（经过base64编码）
 * @throws Exception
 */
public static RSAPrivateKey getPrivateKey(String privateKey)
		throws NoSuchAlgorithmException, InvalidKeySpecException {
	// 通过PKCS#8编码的Key指令获得私钥对象
	KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
	PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));
	RSAPrivateKey key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);
	return key;
}

/**
 * 公钥加密
 * 
 * @param data
 * @param publicKey
 * @return
 * @throws InvalidKeySpecException
 * @throws NoSuchAlgorithmException
 */
public static String publicEncrypt(String data, String publickeys) throws Exception {
	RSAPublicKey publicKey = getPublicKey(publickeys);
	try {
		// 默认RSA/None/PKCS1Padding填充方式,每次加密生成密文不一致
		Cipher cipher = Cipher.getInstance(RSA_KEY_ALGORITHM);
//		// 指定"RSA/None/NoPadding", "BC"填充方式,每次加密生成密文一致
//		Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//		Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC");
		cipher.init(Cipher.ENCRYPT_MODE, publicKey);
		return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET),
				publicKey.getModulus().bitLength()));
	} catch (Exception e) {
		throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e);
	}
}

/**
 * 私钥解密
 * 
 * @param data
 * @param privateKey
 * @return
 */

public static String privateDecrypt(String data, String privateKeys) throws Exception {
	RSAPrivateKey privateKey = getPrivateKey(privateKeys);
	try {
		Cipher cipher = Cipher.getInstance(RSA_KEY_ALGORITHM);
		cipher.init(Cipher.DECRYPT_MODE, privateKey);
		return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data),
				privateKey.getModulus().bitLength()), CHARSET);
	} catch (Exception e) {
		throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);
	}
}

/**
 * 私钥加密
 * 
 * @param data
 * @param privateKey
 * @return
 */

public static String privateEncrypt(String data, RSAPrivateKey privateKey) {
	try {
		Cipher cipher = Cipher.getInstance(RSA_KEY_ALGORITHM);
		cipher.init(Cipher.ENCRYPT_MODE, privateKey);
		return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET),
				privateKey.getModulus().bitLength()));
	} catch (Exception e) {
		throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e);
	}
}

/**
 * 公钥解密
 * 
 * @param data
 * @param publicKey
 * @return
 */

public static String publicDecrypt(String data, RSAPublicKey publicKey) {
	try {
		Cipher cipher = Cipher.getInstance(RSA_KEY_ALGORITHM);
		cipher.init(Cipher.DECRYPT_MODE, publicKey);
		return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data),
				publicKey.getModulus().bitLength()), CHARSET);
	} catch (Exception e) {
		throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);
	}
}

/**
 * RSA签名
 *
 * @param data   待签名数据
 * @param priKey 私钥
 * @return 签名
 * @throws Exception
 */
public static String sign(byte[] data, byte[] priKey) throws Exception {
	// 取得私钥
	PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKey);
	KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
	// 生成私钥
	PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
	// 实例化Signature
	Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
	// 初始化Signature
	signature.initSign(privateKey);
	// 更新
	signature.update(data);
	// 验证
	return Base64.encodeBase64String(signature.sign());
}

/**
 * RSA签名
 *
 * @param data   待签名数据
 * @param priKey 私钥
 * @return 签名
 * @throws Exception
 */
public static String sign(String data, String priKey) throws Exception {
	// 取得私钥
	PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(priKey));
	KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
	// 生成私钥
	PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
	// 实例化Signature
	Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
	// 初始化Signature
	signature.initSign(privateKey);
	// 更新
	signature.update(data.getByte());
	// 验证
	return Base64.encodeBase64String(signature.sign());
}

/**
 * RSA校验数字签名
 *
 * @param data   待校验数据
 * @param sign   数字签名
 * @param pubKey 公钥
 * @return boolean 校验成功返回true，失败返回false
 */
public static boolean verify(byte[] data, byte[] sign, byte[] pubKey) throws Exception {
	// 实例化密钥工厂
	KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
	// 初始化公钥
	X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKey);
	// 产生公钥
	PublicKey publicKey = keyFactory.generatePublic(x509KeySpec);
	// 实例化Signature
	Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
	// 初始化Signature
	signature.initVerify(publicKey);
	// 更新
	signature.update(data);
	// 验证
	return signature.verify(sign);
}

/**
 * RSA校验数字签名
 *
 * @param data   待校验数据
 * @param sign   数字签名
 * @param pubKey 公钥
 * @return boolean 校验成功返回true，失败返回false
 */
public static boolean verify(String data, String sign, String pubKey) throws Exception {
	// 实例化密钥工厂
	KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
	// 初始化公钥
	X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(pubKey));
	// 产生公钥
	PublicKey publicKey = keyFactory.generatePublic(x509KeySpec);
	// 实例化Signature
	Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
	// 初始化Signature
	signature.initVerify(publicKey);
	// 更新
	signature.update(data.getByte());
	// 验证
	return signature.verify(Base64.decodeBase64(sign));
}

private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize) {
	int maxBlock = 0;
	if (opmode == Cipher.DECRYPT_MODE) {
		maxBlock = keySize / 8;
	} else {
		maxBlock = keySize / 8 - 11;
	}
	ByteArrayOutputStream out = new ByteArrayOutputStream();
	int offSet = 0;
	byte[] buff;
	int i = 0;
	try {
		while (datas.length > offSet) {
			if (datas.length - offSet > maxBlock) {
				buff = cipher.doFinal(datas, offSet, maxBlock);
			} else {
				buff = cipher.doFinal(datas, offSet, datas.length - offSet);
			}
			out.write(buff, 0, buff.length);
			i++;
			offSet = i * maxBlock;
		}
	} catch (Exception e) {
		throw new RuntimeException("加解密阀值为[" + maxBlock + "]的数据时发生异常", e);
	}
	byte[] resultDatas = out.toByteArray();
	IOUtils.closeQuietly(out);
	return resultDatas;
}
}