package com.runsun.bfc.protocol;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**类名:RSACoder <br/>
* 功能:RSA签名和验签的工具类<br/>
* 详细: <br/>
* 作者: Tliu <br/>
* 日期:2015年12月3日 <br/>
*/
public class RSACoder {
/*密钥长度*/
public final static int KEY_SIZE = 1024;
/*签名字符集*/
public final static String CHARSET = "UTF-8";
/*数字签名密钥算法*/
public static final String KEY_ALGORITHM = "RSA";
/*公钥文件名*/
public static final String PUBLIC_KEY = "bfcPub.key";
/*私钥文件名*/
public static final String PRIVATE_KEY = "bfcPri.key";
/*数字签名验证算法*/
public static final String SIGN_ALGORITHM = "SHA256withRSA";
/*日志输出*/
public static Log log = LogFactory.getLog(RSACoder.class);
/**
* @详细 生成签名内容
* @param data 等签名的消息字符串
* @param privateKey 私钥字符串
* @return
*/
public static String sign(String data, String privateKey){
byte[] dataByte = null;
String signMsg = null;
try {
dataByte = data.getBytes(CHARSET);
byte[] priKey = Base64.decodeBase64(privateKey);
signMsg = sign(dataByte, priKey);
} catch (Exception ex){
ex.printStackTrace();
log.error(ex);
}
return signMsg;
}
/**
* @详细 验证签名
* @param data 待验签的字符串
* @param publicKey 公钥字符串
* @param sign 签名内容
* @return
*/
public static boolean verify(String data, String publicKey, String sign){
boolean rs = false;
try {
byte[] dataByte = data.getBytes(CHARSET);
byte[] pubKey = Base64.decodeBase64(publicKey);
byte[] signByte = Hex.decodeHex(sign.toCharArray());
rs = verify(dataByte, pubKey, signByte);
} catch (Exception ex){
ex.printStackTrace();
log.error(ex);
}
return rs;
}
private static boolean verify(byte[] data, byte[] publicKey, byte[] sign)throws Exception{
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey pubKey = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(SIGN_ALGORITHM);
signature.initVerify(pubKey);
signature.update(data);
return signature.verify(sign);
}
private static String sign(byte[] data, byte[] privateKey) throws Exception{
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey priKey = keyFactory.generatePrivate(keySpec);
Signature signature = Signature.getInstance(SIGN_ALGORITHM);
signature.initSign(priKey);
signature.update(data);
// 生成签名的字节数组
byte[] sign = signature.sign();
// 转换成16进制的字符串输出
return Hex.encodeHexString(sign).toUpperCase();
}
/**
* @详细 从文件中读取密钥字符串
* @param filePath 文件路径
* @return
* @throws Exception
*/
public static String loadKey(InputStream in) {
try {
return IOUtils.toString(in, CHARSET);
} catch (Exception ex){
log.error("读取RSA密钥文件出错。");
}
return "";
}
/**
* @详细 生成密钥对
* @param filePath 密钥文件保存的路径
* @throws Exception
*/
public static void initKey(String filePath) throws Exception{
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(KEY_SIZE);
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey)keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey)keyPair.getPrivate();
// 得到公钥字符串
String publicKeyString = Base64.encodeBase64String(publicKey.getEncoded());
// 得到私钥字符串
String privateKeyString = Base64.encodeBase64String(privateKey.getEncoded());
// 将密钥对写入到文件
BufferedWriter pubbw = new BufferedWriter(new FileWriter(filePath + "/" + PUBLIC_KEY));
BufferedWriter pribw = new BufferedWriter(new FileWriter(filePath + "/" + PRIVATE_KEY));
log.info(PUBLIC_KEY +"\n" + publicKeyString);
log.info(PRIVATE_KEY +"\n" + privateKeyString);
pubbw.write(publicKeyString);
pribw.write(privateKeyString);
pubbw.flush();
pubbw.close();
pribw.flush();
pribw.close();
}
public static void main(String[] args) throws Exception {
initKey("c:\\tmp");
String data = "这个一段RSA签名的内容。";
String privateKey = loadKey(new FileInputStream("c:\\tmp\\" + PRIVATE_KEY));
String sign = sign(data, privateKey);
log.info("签名内容:\n" + sign);
String publicKey = loadKey(new FileInputStream("c:\\tmp\\" + PUBLIC_KEY));
boolean rs = verify(data, publicKey, sign);
log.info("验签状态:" + rs);
}
}
转载于:https://my.oschina.net/liu13430/blog/541159