RSA密钥生成
生成一个别名为test的私钥和证书,需要按提示输入私钥密码和证书信息,
keytool -genkey -keystore test.p12 -alias test -keyalg RSA -keysize 1024 -storetype pkcs12
导出公钥证书
keytool -export -alias test -keystore test.p12 -file test.crt
@Component
public class RSAEncrypt {
private static Logger logger = LoggerFactory.getLogger(RSAEncrypt.class);
private static RSAEncrypt rsaEncrypt;
@PostConstruct
private void initPro() throws Exception {
rsaEncrypt = this;
rsaEncrypt.hbpayConfig = this.hbpayConfig;
RSAEncrypt.init();
}
/**
* 初始化证书
* @throws Exception
*/
private static void init() throws Exception {
getPrivateKey();
getPublicKey();
}
@Autowired
private HBpayConfig hbpayConfig;
private static PrivateKey privateKey;
private static PublicKey publicKey;
// 从keystore文件中提取私钥 filename:D:\certs\test.p12
private static PrivateKey getPrivateKey() {
if(rsaEncrypt.privateKey == null){
BufferedInputStream bufferedInputStream = null;
try {
FileInputStream is = new FileInputStream(rsaEncrypt.hbpayConfig.getPrivateKeyPath());
bufferedInputStream = new BufferedInputStream(is);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
char[] passwd = rsaEncrypt.hbpayConfig.getPrivateKeyPwd().toCharArray();
keystore.load(bufferedInputStream, passwd);
rsaEncrypt.privateKey = (PrivateKey) keystore.getKey(rsaEncrypt.hbpayConfig.getPrivateKeyAlias(), passwd);
return rsaEncrypt.privateKey;
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} finally {
try {
if(bufferedInputStream != null){
bufferedInputStream.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
return null;
}else{
return rsaEncrypt.privateKey;
}
}
// 签名
private static String sign(PrivateKey privateKey, String message) throws Exception {
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(privateKey);
sign.update(message.getBytes("UTF-8"));
return new String(Base64.getEncoder().encodeToString(sign.sign()));
}
// 验签 读取公钥 ,公钥和包提供filename:D:\certs\test.crt
private static PublicKey getPublicKey() throws Exception {
if(rsaEncrypt.publicKey == null){
BufferedInputStream bufferedInputStream = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream inStream = new FileInputStream(rsaEncrypt.hbpayConfig.getPublicKeyPath());
bufferedInputStream = new BufferedInputStream(inStream);
Certificate cert = cf.generateCertificate(bufferedInputStream);
rsaEncrypt.publicKey = cert.getPublicKey();
return rsaEncrypt.publicKey;
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} finally {
try {
if(bufferedInputStream != null){
bufferedInputStream.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
return null;
}
return rsaEncrypt.publicKey;
}
// 验签
public static boolean verify(String message, String signature) throws Exception {
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initVerify(rsaEncrypt.publicKey);
sign.update(message.getBytes("UTF-8"));
return sign.verify(Base64.getDecoder().decode(signature));
}
// 请求报文 签名 message=body
public static String getSign(String message) {
logger.info("签名数据:{}",message);
String sign = null;
try {
sign = sign(rsaEncrypt.privateKey, message);
} catch (Exception e) {
e.printStackTrace();
}
return sign;
}
// 请求报文 签名 map=body
public String getSignByMap(LinkedHashMap<String, String> header, LinkedHashMap<String, String> body) {
String sign = null;
StringBuilder message = new StringBuilder();
for (Map.Entry<String, String> entry : header.entrySet()) {
String value = entry.getValue();
message.append(value);
}
for (Map.Entry<String, String> entry : body.entrySet()) {
String value = entry.getValue();
message.append(value);
}
try {
sign = sign(rsaEncrypt.privateKey, message.toString());
} catch (Exception e) {
e.printStackTrace();
}
return sign;
}
}