importjava.io.FileInputStream;importjava.security.KeyStore;importjava.security.PrivateKey;importjava.security.PublicKey;importjava.security.Signature;importjava.security.cert.Certificate;importjava.security.cert.CertificateFactory;importjava.security.cert.X509Certificate;importjavax.crypto.Cipher;public classCertificateCoder {public static final String CERT_TYPE="X.509";/*** 获取私匙
*@paramkeyStorePath
*@parampwd
*@paramalias
*@returnPrivateKey 私匙
*@throwsException*/
private static PrivateKey getPrivateKey(String keyStorePath,String pwd,String alias) throwsException{
KeyStore ks=getKeyStore(keyStorePath, pwd);return(PrivateKey)ks.getKey(alias, pwd.toCharArray());
}/***
*@paramkeyStorePath
*@parampwd
*@returnkeyStore 密匙库
*@throwsException*/
private static KeyStore getKeyStore(String keyStorePath,String pwd) throwsException{
KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream in=newFileInputStream(keyStorePath);
ks.load(in,pwd.toCharArray());
in.close();returnks;
}/***
*@paramcertificatePath
*@returnCertificate 证书
*@throwsException*/
private static Certificate getCertificate(String certificatePath) throwsException{
CertificateFactory factory=CertificateFactory.getInstance(CERT_TYPE);
FileInputStream in=newFileInputStream(certificatePath);
Certificate certificate=factory.generateCertificate(in);
in.close();returncertificate;
}/*** 通过证书返回公匙
*@paramcertificatePath
*@returnPublickey 返回公匙
*@throwsException*/
private static PublicKey getPublicKeyByCertificate(String certificatePath) throwsException{
Certificate certificate=getCertificate(certificatePath);returncertificate.getPublicKey();
}/***
*@paramkeyStorePath
*@paramalias
*@parampwd
*@returnCertificate 证书
*@throwsException*/
private static Certificate getCertificate(String keyStorePath,String alias,String pwd) throwsException{
KeyStore ks=getKeyStore(keyStorePath, pwd);//获取证书
returnks.getCertificate(alias);
}/*** 私匙加密
*@paramdata
*@paramkeyStorePath
*@paramalias
*@parampwd
*@returnbyte[] 被私匙加密的数据
*@throwsException*/
public static byte[] encryptByPrivateKey(byte[] data,String keyStorePath,String alias,String pwd) throwsException{
PrivateKey privateKey=getPrivateKey(keyStorePath, pwd, alias);//对数据进行加密
Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);returncipher.doFinal(data);
}/*** 私匙解密
*@paramdata
*@paramkeyStorePath
*@paramalias
*@parampwd
*@returnbyte[] 私匙解密的数据
*@throwsException*/
public static byte[] decryptByPrivateKey(byte[] data,String keyStorePath,String alias,String pwd) throwsException{
PrivateKey privateKey=getPrivateKey(keyStorePath, pwd, alias);
Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(cipher.DECRYPT_MODE, privateKey);returncipher.doFinal(data);
}/*** 公匙加密
*@paramdata
*@paramcerPath
*@returnbyte[] 被公匙加密的数据
*@throwsException*/
public static byte[] encryptByPublicKey(byte[] data,String cerPath) throwsException{//获取公匙
PublicKey publicKey=getPublicKeyByCertificate(cerPath);
System.out.println(publicKey.getAlgorithm());
Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);returncipher.doFinal(data);
}/*** 公匙解密
*@paramdata
*@paramcerPath
*@return*@throwsException*/
public static byte[] decryptByPublicKey(byte[] data,String cerPath) throwsException{
PublicKey publicKey=getPublicKeyByCertificate(cerPath);
Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);returncipher.doFinal(data);
}/*** 签名
*@paramsign
*@paramkeyStorePath
*@parampwd
*@paramalias
*@return*@throwsException*/
public static byte[] sign(byte[] sign,String keyStorePath,String pwd,String alias) throwsException{//获取证书
X509Certificate x509=(X509Certificate)getCertificate(keyStorePath, alias, pwd);//构建签名,由证书指定签名算法
Signature sa=Signature.getInstance(x509.getSigAlgName());//获取私匙
PrivateKey privateKey=getPrivateKey(keyStorePath, pwd, alias);
sa.initSign(privateKey);
sa.update(sign);returnsa.sign();
}/*** 验证签名
*@paramdata
*@paramsign
*@paramcerPath
*@return*@throwsException*/
public static boolean verify(byte[] data,byte[] sign,String cerPath) throwsException{
X509Certificate x509=(X509Certificate)getCertificate(cerPath);
Signature sa=Signature.getInstance(x509.getSigAlgName());
sa.initVerify(x509);
sa.update(data);returnsa.verify(sign);
}
}