saml 数字签名校验

private String publicKey;
44. private String privateKey;
45.
46. @Before
47. public void setUp() throws Exception {
48. Map<String, Object> keyMap = RSACoder.initKey();
49.
50. publicKey = RSACoder.getPublicKey(keyMap);
51. privateKey = RSACoder.getPrivateKey(keyMap);
52. System.err.println("公钥: \n\r" + publicKey);
53. System.err.println("私钥： \n\r" + privateKey);
54. }
55.
56. @Test
57. public void test() throws Exception {
58. System.err.println("公钥加密——私钥解密");
59. String inputStr = "abc";
60. byte[] data = inputStr.getBytes();
61. byte[] encodedData = RSACoder.encryptByPublicKey(data, publicKey);
62. byte[] decodedData = RSACoder.decryptByPrivateKey(encodedData, privateKey);
63.
64. String outputStr = new String(decodedData);
65. System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
66. assertEquals(inputStr, outputStr);
67.
68. }
69.
70. @Test
71. public void testSign() throws Exception {
72. System.err.println("私钥加密——公钥解密");
73. String inputStr = "sign";
74. byte[] data = inputStr.getBytes();
75. byte[] encodedData = RSACoder.encryptByPrivateKey(data, privateKey);
76. byte[] decodedData = RSACoder.decryptByPublicKey(encodedData, publicKey);
77.
78. String outputStr = new String(decodedData);
79. System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
80. assertEquals(inputStr, outputStr);
81.
82. System.err.println("私钥签名——公钥验证签名");
83. // 产生签名
84. String sign = RSACoder.sign(encodedData, privateKey);
85. System.err.println("签名:\r" + sign);
86.
87. // 验证签名
88. boolean status = RSACoder.verify(encodedData, publicKey, sign);
89. System.err.println("状态:\r" + status);
90. assertTrue(status);
91.
92. }
93.
94.}
95.
96.abstract class RSACoder extends Coder {
97. public static final String KEY_ALGORITHM = "RSA";
98. public static final String SIGNATURE_ALGORITHM = "MD5withRSA";
99.
100. private static final String PUBLIC_KEY = "RSAPublicKey";
101. private static final String PRIVATE_KEY = "RSAPrivateKey";
102.
103. /**
104. * 用私钥对信息生成数字签名
105. *
106. * @param data
107. * 加密数据
108. * @param privateKey
109. * 私钥
110. *
111. * @return
112. * @throws Exception
113. */
114. public static String sign(byte[] data, String privateKey) throws Exception {
115. // 解密由base64编码的私钥
116. byte[] keyBytes = decryptBASE64(privateKey);
117.
118. // 构造PKCS8EncodedKeySpec对象
119. PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
120.
121. // KEY_ALGORITHM 指定的加密算法
122. KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
123.
124. // 取私钥匙对象
125. PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
126.
127. // 用私钥对信息生成数字签名
128. Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
129. signature.initSign(priKey);
130. signature.update(data);
131.
132. return encryptBASE64(signature.sign());
133. }
134.
135. /**
136. * 校验数字签名
137. *
138. * @param data
139. * 加密数据
140. * @param publicKey
141. * 公钥
142. * @param sign
143. * 数字签名
144. *
145. * @return 校验成功返回true 失败返回false
146. * @throws Exception
147. *
148. */
149. public static boolean verify(byte[] data, String publicKey, String sign)
150. throws Exception {
151.
152. // 解密由base64编码的公钥
153. byte[] keyBytes = decryptBASE64(publicKey);
154.
155. // 构造X509EncodedKeySpec对象
156. X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
157.
158. // KEY_ALGORITHM 指定的加密算法
159. KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
160.
161. // 取公钥匙对象
162. PublicKey pubKey = keyFactory.generatePublic(keySpec);
163.
164. Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
165. signature.initVerify(pubKey);
166. signature.update(data);
167.
168. // 验证签名是否正常
169. return signature.verify(decryptBASE64(sign));
170. }
171.
172. /**
173. * 解密<br>
174. * 用私钥解密 http://www.5a520.cn http://www.feng123.com
175. *
176. * @param data
177. * @param key
178. * @return
179. * @throws Exception
180. */
181. public static byte[] decryptByPrivateKey(byte[] data, String key)
182. throws Exception {
183. // 对密钥解密
184. byte[] keyBytes = decryptBASE64(key);
185.
186. // 取得私钥
187. PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
188. KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
189. Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
190.
191. // 对数据解密
192. Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
193. cipher.init(Cipher.DECRYPT_MODE, privateKey);
194.
195. return cipher.doFinal(data);
196. }
197.
198. /**
199. * 解密<br>
200. * 用私钥解密
201. *
202. * @param data
203. * @param key
204. * @return
205. * @throws Exception
206. */
207. public static byte[] decryptByPublicKey(byte[] data, String key)
208. throws Exception {
209. // 对密钥解密
210. byte[] keyBytes = decryptBASE64(key);
211.
212. // 取得公钥
213. X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
214. KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
215. Key publicKey = keyFactory.generatePublic(x509KeySpec);
216.
217. // 对数据解密
218. Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
219. cipher.init(Cipher.DECRYPT_MODE, publicKey);
220.
221. return cipher.doFinal(data);
222. }
223.
224. /**
225. * 加密<br>
226. * 用公钥加密
227. *
228. * @param data
229. * @param key
230. * @return
231. * @throws Exception
232. */
233. public static byte[] encryptByPublicKey(byte[] data, String key)
234. throws Exception {
235. // 对公钥解密
236. byte[] keyBytes = decryptBASE64(key);
237.
238. // 取得公钥
239. X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
240. KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
241. Key publicKey = keyFactory.generatePublic(x509KeySpec);
242.
243. // 对数据加密
244. Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
245. cipher.init(Cipher.ENCRYPT_MODE, publicKey);
246.
247. return cipher.doFinal(data);
248. }
249.
250. /**
251. * 加密<br>
252. * 用私钥加密
253. *
254. * @param data
255. * @param key
256. * @return
257. * @throws Exception
258. */
259. public static byte[] encryptByPrivateKey(byte[] data, String key)
260. throws Exception {
261. // 对密钥解密
262. byte[] keyBytes = decryptBASE64(key);
263.
264. // 取得私钥
265. PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
266. KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
267. Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
268.
269. // 对数据加密
270. Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
271. cipher.init(Cipher.ENCRYPT_MODE, privateKey);
272.
273. return cipher.doFinal(data);
274. }
275.
276. /**
277. * 取得私钥
278. *
279. * @param keyMap
280. * @return
281. * @throws Exception
282. */
283. public static String getPrivateKey(Map<String, Object> keyMap)
284. throws Exception {
285. Key key = (Key) keyMap.get(PRIVATE_KEY);
286.
287. return encryptBASE64(key.getEncoded());
288. }
289.
290. /**
291. * 取得公钥
292. *
293. * @param keyMap
294. * @return
295. * @throws Exception
296. */
297. public static String getPublicKey(Map<String, Object> keyMap)
298. throws Exception {
299. Key key = (Key) keyMap.get(PUBLIC_KEY);
300.
301. return encryptBASE64(key.getEncoded());
302. }
303.
304. /**
305. * 初始化密钥
306. *
307. * @return
308. * @throws Exception
309. */
310. public static Map<String, Object> initKey() throws Exception {
311. KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
312. keyPairGen.initialize(1024);
313.
314. KeyPair keyPair = keyPairGen.generateKeyPair();
315.
316. // 公钥
317. RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
318.
319. // 私钥
320. RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
321.
322. Map<String, Object> keyMap = new HashMap<String, Object>(2);
323.
324. keyMap.put(PUBLIC_KEY, publicKey);
325. keyMap.put(PRIVATE_KEY, privateKey);
326. return keyMap;
327. }
328.}


示例2
【例：校验数字签名】

/**
* @(#) VerifySign.java
*/
import java.io.*;
import java.security.*;
import java.security.spec.*;
class VerifySign{
public static void main(String[] args){
if (args.length != 3){
System.out.println(
"Usage: VerifySign
");
System.out.println("Options:");
System.out.println(":The file name of the public key.");
System.out.println(": The file name that want to signature.");
System.out.println(": The file name containing signature data.");
System.out.println("Examples:");
System.out.println(" java Verifysign Publickey-my info.txt Sign-my");
System.exit(0);
}
try{
//从文件得到编码公钥字节
FileInputStream fileIn = new FileInputStream(args[0]);
//已编码的公钥字节
byte[] encodedpubkey = new byte[fileIn.available()];
fileIn.read(encodedpubkey);
fileIn.close();
//用编码公钥字节创建一个X509EncodedkeySpec对象
X509EncodedkeySpec pubkeySpec =
new X509ExcodedkeySpec(encodedpubkey);
//使用DSA算法创建一个keyFactory对象
keyFactory keyFactory = keyFactory.getInstance("DSA");
//用公钥规范生成一个公钥对象
PublicKey pubkey = keyFactory.generatePublic(pubkeySpec);
//从文件中得到数字签名
FileInputStream sigStream = new FileInputStream(args[2]);
Byte[] signature = new byte[sigStream.available()];
SigStream.read(signature);
SigStream.close();
//创建数字签名对象
Signature sigObj = Signature.getInstance("SHAlwithDSA");
//初始化Signature对象,以便用公钥检验
sigObj.initVerify(pubkey);
foleIn = new FoleInputStream(args[1]);
byte b;
while (fileIn.available() != 0){
b = (byte) fileIn.read();
sigObj.update(b);
};
fileIn.close();
Boolean verifies = sigObj.verify(signature);
System.out.puintln("sognature verifies:" + verifies);
}catch (Exception e) {System.err.puintln("" + e);
}
}
}