CertificateUtils.java
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.crypto.Cipher;
/**
*
* 数字签名/加密解密工具包
*
*
* @author IceWee
* @date 2012-4-26
* @version 1.0
*/
public class CertificateUtils {
/**
* Java密钥库(Java 密钥库,JKS)KEY_STORE
*/
public static final String KEY_STORE = "JKS";
public static final String X509 = "X.509";
/**
* 文件读取缓冲区大小
*/
private static final int CACHE_SIZE = 2048;
/**
* 最大文件加密块
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* 最大文件解密块
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
*
* 根据密钥库获得私钥
*
*
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static PrivateKey getPrivateKey(String keyStorePath, String alias, String password)
throws Exception {
KeyStore keyStore = getKeyStore(keyStorePath, password);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
return privateKey;
}
/**
*
* 获得密钥库
*
*
* @param keyStorePath 密钥库存储路径
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static KeyStore getKeyStore(String keyStorePath, String password)
throws Exception {
FileInputStream in = new FileInputStream(keyStorePath);
KeyStore keyStore = KeyStore.getInstance(KEY_STORE);
keyStore.load(in, password.toCharArray());
in.close();
return keyStore;
}
/**
*
* 根据证书获得公钥
*
*
* @param certificatePath 证书存储路径
* @return
* @throws Exception
*/
private static PublicKey getPublicKey(String certificatePath)
throws Exception {
Certificate certificate = getCertificate(certificatePath);
PublicKey publicKey = certificate.getPublicKey();
return publicKey;
}
/**
*
* 获得证书
*
*
* @param certificatePath 证书存储路径
* @return
* @throws Exception
*/
private static Certificate getCertificate(String certificatePath)
throws Exception {
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
FileInputStream in = new FileInputStream(certificatePath);
Certificate certificate = certificateFactory.generateCertificate(in);
in.close();
return certificate;
}
/**
*
* 根据密钥库获得证书
*
*
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static Certificate getCertificate(String keyStorePath, String alias, String password)
throws Exception {
KeyStore keyStore = getKeyStore(keyStorePath, password);
Certificate certificate = keyStore.getCertificate(alias);
return certificate;
}
/**
*
* 私钥加密
*
*
* @param data 源数据
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password)
throws Exception {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}
/**
*
* 文件私钥加密
*
*
* 过大的文件可能会导致内存溢出
* >
*
* @param filePath 文件路径
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
public static byte[] encryptFileByPrivateKey(String filePath, String keyStorePath, String alias, String password)
throws Exception {
byte[] data = fileToByte(filePath);
return encryptByPrivateKey(data, keyStorePath, alias, password);
}
/**
*
* 文件加密
*
*
* @param srcFilePath 源文件
* @param destFilePath 加密后文件
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码<