本文中使用的Base64Utils.java可参考:http://www.cnblogs.com/shindo/p/6346618.html
证书制作方法可参考:http://www.cnblogs.com/shindo/p/6346971.html
===========================
工具类如下:CertificateUtils.java
package com.mes.util;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.crypto.Cipher;
/**
*
* 数字签名/加密解密工具包
*
*
* @author TerryLau
* @date 2016-12-30
* @version 1.0
*/
@SuppressWarnings("unused")
public class CertificateUtils {
/**
* Java密钥库(Java 密钥库,JKS)KEY_STORE
*/
public static final String KEY_STORE = "JKS";
/**
* 数字证书类型
*/
public static final String X509 = "X.509";
/**
* 文件读取缓冲区大小
*/
private static final int CACHE_SIZE = 2048;
/**
* 最大文件加密块
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* 最大文件解密块
*/
private static final int MAX_DECRYPT_BLOCK = 256;
/****************证书数据加密算法***************/
private static final String SHA1WithRSA = "SHA1WithRSA";
private final static String MD5withRSA = "MD5withRSA";
private static final String SHA224WithRSA = "SHA224WithRSA";
private static final String SHA256WithRSA = "SHA256WithRSA";
private static final String SHA384WithRSA = "SHA384WithRSA";
private static final String SHA512WithRSA = "SHA512WithRSA";
private static final String RSA = "RSA";
private static final String ECB = "ECB";
private static final String PCKCS1PADDING = "PCKCS1Padding";
/****************证书加密模式***************/
/**
*
* 根据密钥库获得私钥
*
*
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static PrivateKey getPrivateKey(String keyStorePath, String alias, String password) throws Exception {
KeyStore keyStore = getKeyStore(keyStorePath, password);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
return privateKey;
}
/**
*
* 获得密钥库
*
*
* @param keyStorePath 密钥库存储路径
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static KeyStore getKeyStore(String keyStorePath, String password) throws Exception {
FileInputStream in = null;
try {
in = new FileInputStream(keyStorePath);
KeyStore keyStore = KeyStore.getInstance(KEY_STORE);
keyStore.load(in, password.toCharArray());
return keyStore;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
*
* 根据证书获得公钥
*
*
* @param certificatePath 证书存储路径
* @return
* @throws Exception
*/
private static PublicKey getPublicKey(String certificatePath) throws Exception {
Certificate certificate = getCertificate(certificatePath);
PublicKey publicKey = certificate.getPublicKey();
return publicKey;
}
/**
*
* 获得证书
*
*
* @param certificatePath 证书存储路径
* @return
* @throws Exception
*/
private static Certificate getCertificate(String certificatePath) throws Exception {
InputStream in = null;
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
in = new FileInputStream(certificatePath);
Certificate certificate = certificateFactory.generateCertificate(in);
return certificate;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
*
* 根据密钥库获得证书
*
*
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static Certificate getCertificate(String keyStorePath, String alias, String password) throws Exception {
KeyStore keyStore = getKeyStore(keyStorePath, password);
Certificate certificate = keyStore.getCertificate(alias);
return certificate;
}
/**
*
* 私钥加密
*
*
* @param data 源数据
* @param keyStorePath 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password) throws Exception {
ByteArrayOutputStream out = null;
try {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
int inputLen = data.length;
out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache = null;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
return encryptedData;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}