package com.pingan.rbpfundval.util;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SignUtil {
private static final Logger logger = LoggerFactory.getLogger(SignUtil.class);
public static PrivateKey privateKey = null;
public static PublicKey publicKey = null;
public static String algorithm ="SHA256withRSA";
public static Base64.Encoder encoder = Base64.getEncoder();
public static Base64.Decoder decoder = Base64.getDecoder();
//public static String privateKeyPath = "/app/rbpp/java/stg-rbpaa-private.key";
public static String privateKeyName = "";
//public static String publicKeyPath = "/app/rbpp/java/stg-rbpaa-public.key";
public static String publicKeyPath = "/app/rbpp/java/fundvaluation/stg-fundval-public.key";
/**
* RSA签名
*/
public static String signByRSA(String contentTxt) {
// private key
String privateKeyPath = FileUtil.basicPath + privateKeyName;
logger.info("privateKeyPath: "+privateKeyPath);
try {
String privateKeyStr = FileUtil.getTxtFile(privateKeyPath);
//将Base64编码后的私钥转换成PrivateKey对象
privateKey= string2PrivateKey(privateKeyStr);
Signature stool = Signature.getInstance(algorithm);
stool.initSign(privateKey);
stool.update(contentTxt.getBytes());
byte[] signByte = stool.sign();
String signStr = encoder.encodeToString(signByte);
//System.out.println("signStr: "+signStr);
return signStr;
} catch (Exception e) {
logger.error("sign failure", e);
return null;
}
}
/**
* RSA验签
*/
public static boolean verifyByRSA(String content, String signature) {
// public key
// Object obj2 = FileUtil.readFileByInputStream(publicKeyPath);
// publicKey = (PublicKey) obj2;
try {
String publicKeyStr = FileUtil.getTxtFile(publicKeyPath);
//将Base64编码后的公钥转换成PublicKey对象
publicKey = string2PublicKey(publicKeyStr);
Signature stool = Signature.getInstance(algorithm);
stool.initVerify(publicKey);
stool.update(content.getBytes());
boolean bResult = stool.verify(decoder.decode((signature.getBytes())));
System.out.println("bResult: "+bResult);
return bResult;
} catch (Exception e) {
System.out.println(e.getMessage());
logger.error("verify sign failure", e);
return false;
}
}
//将Base64编码后的私钥转换成PrivateKey对象
public static PrivateKey string2PrivateKey(String priStr) throws Exception{
byte[] keyBytes = base642Byte(priStr);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
return privateKey;
}
//将Base64编码后的公钥转换成PublicKey对象
public static PublicKey string2PublicKey(String pubStr) throws Exception{
byte[] keyBytes = base642Byte(pubStr);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(keySpec);
return publicKey;
}
public static byte[] base642Byte(String base64Key) throws IOException{
Base64.Decoder decoder = Base64.getDecoder();
return decoder.decode(base64Key);
}
}
转载于:https://blog.51cto.com/7952376/2366315