importcom.alibaba.fastjson.JSONObject;importcom.alibaba.fastjson.parser.Feature;importcom.alibaba.fastjson.util.IOUtils;importorg.apache.commons.codec.binary.Base64;importjava.io.FileInputStream;importjava.io.FileNotFoundException;importjava.io.InputStream;importjava.net.URL;importjava.security.KeyStore;importjava.security.KeyStoreException;importjava.security.PrivateKey;importjava.security.Signature;importjava.security.cert.CertificateFactory;importjava.security.cert.X509Certificate;importjava.util.Map;importjava.util.TreeMap;/*** 主要包含签名、验签功能。
*
* Created by wuxinw on 2017/5/3.*/
public classSignUtil {public static final String PRIVATE_KEY_PATH = "zz.pfx";public static final String PUBLIC_KEY_PATH = "zz.cer";public static final String PRIVATE_KEY_PASSWD = "1231232";/*** 使用示例
*
*@paramargs
*@throwsFileNotFoundException
*@throwsKeyStoreException*/
public static void main(String[] args) throwsFileNotFoundException, KeyStoreException {
String body= "{\"id":\"1\", \"name":\"xiam\", \"year":\"2013\", \"old\":\"233\", \"hi\":\"hello\"}";
Map parse =(JSONObject) JSONObject.parse(body, Feature.OrderedField);
String signdata0= (String) parse.remove("signdata");
System.out.println("signdata0:" +signdata0);
String s=params2PlainText(parse);
System.out.println("加签原文:" +s);
System.out.println("加签:" +sign(parse));boolean b =verifySign(s, sign(parse));
System.out.println(b);
}/*** 签名
*
*@return
*/
public static String sign(Mapparams) {returnsign(params2PlainText(params));
}/*** 签名
*
*@paramplainText
*@return
*/
public staticString sign(String plainText) {try{
Signature sig= Signature.getInstance("SHA1WithRSA");
sig.initSign(getPrivateKey());
sig.update(plainText.getBytes());byte[] b =sig.sign();return newString(Base64.encodeBase64(b));
}catch(Exception e) {throw newRuntimeException(e);
}
}public static boolean verifySign(Mapparams, String signedText) {returnverifySign(params2PlainText(params), signedText);
}/*** 使用公钥验签
*
*@paramplainText
*@paramsignedText
*@return
*/
public static booleanverifySign(String plainText, String signedText) {try{
signedText= signedText.replaceAll(" ", "+");
Signature sig= Signature.getInstance("SHA1WithRSA");
X509Certificate certificate=loadCertificate();
sig.initVerify(certificate);
sig.update(plainText.getBytes());byte[] b =Base64.decodeBase64(signedText.getBytes());returnsig.verify(b);
}catch(Exception e) {throw newRuntimeException(e);
}
}/*** 获取私钥
*
*@return
*/
private staticPrivateKey getPrivateKey() {
String path= SignUtil.class.getClassLoader().getResource(PRIVATE_KEY_PATH).getPath();
KeyStore ks= null;
FileInputStream fis= null;try{
fis= newFileInputStream(path);
ks= KeyStore.getInstance("PKCS12");
ks.load(fis, PRIVATE_KEY_PASSWD.toCharArray());
fis.close();
String keyAlias= null;if(ks.aliases().hasMoreElements()) {
keyAlias=ks.aliases().nextElement();
}return(PrivateKey) ks.getKey(keyAlias, PRIVATE_KEY_PASSWD.toCharArray());
}catch(Exception e) {
e.printStackTrace();
}finally{
IOUtils.close(fis);
}return null;
}/*** 参数转为签名原文
*
*@paramparams
*@return
*/
private static String params2PlainText(Mapparams) {
TreeMap sortedParams = new TreeMap<>();
sortedParams.putAll(params);
StringBuilder plainText= newStringBuilder();for(String key : sortedParams.keySet()) {if (sortedParams.get(key) instanceof String || sortedParams.get(key) instanceofNumber) {
plainText.append("|").append(sortedParams.get(key));
}else{
plainText.append("|").append(JSONObject.toJSONString(sortedParams.get(key)));
}
}
plainText.deleteCharAt(0);returnplainText.toString();
}/*** 获取公钥
*
*@return*@throwsException*/
private static X509Certificate loadCertificate() throwsException {
CertificateFactory factory= CertificateFactory.getInstance("X.509");
URL path= SignUtil.class.getClassLoader().getResource(PUBLIC_KEY_PATH);
ClassLoader classLoader=Thread.currentThread()
.getContextClassLoader();
InputStream is= null;if (path != null)try{
is= newFileInputStream(path.getFile());
}catch(FileNotFoundException e) {
is=classLoader.getResourceAsStream(PUBLIC_KEY_PATH);
}else{
is= newFileInputStream(PUBLIC_KEY_PATH);
}
X509Certificate certificate=(X509Certificate) factory.generateCertificate(is);
is.close();returncertificate;
}
}