本文中使用的Base64Utils.java可參考:http://www.cnblogs.com/shindo/p/6346618.html
證書制作方法可參考:http://www.cnblogs.com/shindo/p/6346971.html
===========================
工具類如下:CertificateUtils.java
package com.mes.util;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.crypto.Cipher;
/**
* <p>
* 數字簽名/加密解密工具包
* </p>
*
* @author TerryLau
* @date 2016-12-30
* @version 1.0
*/
@SuppressWarnings("unused")
public class CertificateUtils {
/**
* Java密鑰庫(Java 密鑰庫,JKS)KEY_STORE
*/
public static final String KEY_STORE = "JKS";
/**
* 數字證書類型
*/
public static final String X509 = "X.509";
/**
* 文件讀取緩沖區大小
*/
private static final int CACHE_SIZE = 2048;
/**
* 最大文件加密塊
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* 最大文件解密塊
*/
private static final int MAX_DECRYPT_BLOCK = 256;
/****************證書數據加密算法***************/
private static final String SHA1WithRSA = "SHA1WithRSA";
private final static String MD5withRSA = "MD5withRSA";
private static final String SHA224WithRSA = "SHA224WithRSA";
private static final String SHA256WithRSA = "SHA256WithRSA";
private static final String SHA384WithRSA = "SHA384WithRSA";
private static final String SHA512WithRSA = "SHA512WithRSA";
private static final String RSA = "RSA";
private static final String ECB = "ECB";
private static final String PCKCS1PADDING = "PCKCS1Padding";
/****************證書加密模式***************/
/**
* <p>
* 根據密鑰庫獲得私鑰
* </p>
*
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
private static PrivateKey getPrivateKey(String keyStorePath, String alias, String password) throws Exception {
KeyStore keyStore = getKeyStore(keyStorePath, password);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
return privateKey;
}
/**
* <p>
* 獲得密鑰庫
* </p>
*
* @param keyStorePath 密鑰庫存儲路徑
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
private static KeyStore getKeyStore(String keyStorePath, String password) throws Exception {
FileInputStream in = null;
try {
in = new FileInputStream(keyStorePath);
KeyStore keyStore = KeyStore.getInstance(KEY_STORE);
keyStore.load(in, password.toCharArray());
return keyStore;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 根據證書獲得公鑰
* </p>
*
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
private static PublicKey getPublicKey(String certificatePath) throws Exception {
Certificate certificate = getCertificate(certificatePath);
PublicKey publicKey = certificate.getPublicKey();
return publicKey;
}
/**
* <p>
* 獲得證書
* </p>
*
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
private static Certificate getCertificate(String certificatePath) throws Exception {
InputStream in = null;
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
in = new FileInputStream(certificatePath);
Certificate certificate = certificateFactory.generateCertificate(in);
return certificate;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 根據密鑰庫獲得證書
* </p>
*
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
private static Certificate getCertificate(String keyStorePath, String alias, String password) throws Exception {
KeyStore keyStore = getKeyStore(keyStorePath, password);
Certificate certificate = keyStore.getCertificate(alias);
return certificate;
}
/**
* <p>
* 私鑰加密
* </p>
*
* @param data 源數據
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password) throws Exception {
ByteArrayOutputStream out = null;
try {
// 取得私鑰
PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
int inputLen = data.length;
out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache = null;
int i = 0;
// 對數據分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
return encryptedData;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 文件私鑰加密
* </p>
* <p>
* 過大的文件可能會導致內存溢出
* </>
*
* @param filePath 文件路徑
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
public static byte[] encryptFileByPrivateKey(String filePath, String keyStorePath, String alias, String password) throws Exception {
byte[] data = fileToByte(filePath);
return encryptByPrivateKey(data, keyStorePath, alias, password);
}
/**
* <p>
* 文件加密
* </p>
*
* @param srcFilePath 源文件
* @param destFilePath 加密后文件
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @throws Exception
*/
public static void encryptFileByPrivateKey(String srcFilePath, String destFilePath, String keyStorePath, String alias, String password)
throws Exception {
FileInputStream in = null;
OutputStream out = null;
try {
// 取得私鑰
PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
File srcFile = new File(srcFilePath);
in = new FileInputStream(srcFile);
File destFile = new File(destFilePath);
if (!destFile.getParentFile().exists()) {
destFile.getParentFile().mkdirs();
}
destFile.createNewFile();
out = new FileOutputStream(destFile);
byte[] data = new byte[MAX_ENCRYPT_BLOCK];
// 創建加密塊
byte[] encryptedData = null;
while (in.read(data) != -1) {
encryptedData = cipher.doFinal(data);
out.write(encryptedData, 0, encryptedData.length);
out.flush();
}
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
}
/**
* <p>
* 文件加密成BASE64編碼的字符串
* </p>
*
* @param filePath 文件路徑
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
public static String encryptFileToBase64ByPrivateKey(String filePath, String keyStorePath, String alias, String password) throws Exception {
byte[] encryptedData = encryptFileByPrivateKey(filePath, keyStorePath, alias, password);
return Base64Util.encode(encryptedData);
}
/**
* <p>
* 私鑰解密
* </p>
*
* @param encryptedData 已加密數據
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] encryptedData, String keyStorePath, String alias, String password) throws Exception {
ByteArrayOutputStream out = null;
try {
// 取得私鑰
PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
int inputLen = encryptedData.length;
out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 對數據分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
return decryptedData;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 公鑰加密
* </p>
*
* @param data 源數據
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data, String certificatePath) throws Exception {
ByteArrayOutputStream out = null;
try {
// 取得公鑰
PublicKey publicKey = getPublicKey(certificatePath);
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
int inputLen = data.length;
out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 對數據分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
return encryptedData;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 公鑰解密
* </p>
*
* @param encryptedData 已加密數據
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] encryptedData, String certificatePath) throws Exception {
ByteArrayOutputStream out = null;
try {
PublicKey publicKey = getPublicKey(certificatePath);
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
int inputLen = encryptedData.length;
out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 對數據分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
return decryptedData;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 文件解密
* </p>
*
* @param srcFilePath 源文件
* @param destFilePath 目標文件
* @param certificatePath 證書存儲路徑
* @throws Exception
*/
public static void decryptFileByPublicKey(String srcFilePath, String destFilePath, String certificatePath) throws Exception {
FileInputStream in = null;
OutputStream out = null;
try {
PublicKey publicKey = getPublicKey(certificatePath);
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
File srcFile = new File(srcFilePath);
in = new FileInputStream(srcFile);
File destFile = new File(destFilePath);
if (!destFile.getParentFile().exists()) {
destFile.getParentFile().mkdirs();
}
destFile.createNewFile();
out = new FileOutputStream(destFile);
byte[] data = new byte[MAX_DECRYPT_BLOCK];
byte[] decryptedData; // 解密塊
while (in.read(data) != -1) {
decryptedData = cipher.doFinal(data);
out.write(decryptedData, 0, decryptedData.length);
out.flush();
}
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
}
/**
* <p>
* 生成數據簽名
* </p>
*
* @param data 源數據
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
public static byte[] sign(byte[] data, String keyStorePath, String alias, String password) throws Exception {
// 獲得證書
// X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password);
// 獲取私鑰
KeyStore keyStore = getKeyStore(keyStorePath, password);
// 取得私鑰
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
// 構建簽名
// Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
Signature signature = Signature.getInstance(SHA1WithRSA);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}
/**
* <p>
* 生成數據簽名並以BASE64編碼
* </p>
*
* @param data 源數據
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
public static String signToBase64(byte[] data, String keyStorePath, String alias, String password) throws Exception {
return Base64Util.encode(sign(data, keyStorePath, alias, password));
}
/**
* <p>
* 生成文件數據簽名(BASE64)
* </p>
* <p>
* 需要先將文件私鑰加密,再根據加密后的數據生成簽名(BASE64),適用於小文件
* </p>
*
* @param filePath 源文件
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
public static String signFileToBase64WithEncrypt(String filePath, String keyStorePath, String alias, String password) throws Exception {
byte[] encryptedData = encryptFileByPrivateKey(filePath, keyStorePath, alias, password);
return signToBase64(encryptedData, keyStorePath, alias, password);
}
/**
* <p>
* 生成文件簽名
* </p>
* <p>
* 注意:<br>
* 方法中使用了FileChannel,其巨大Bug就是不會釋放文件句柄,導致簽名的文件無法操作(移動或刪除等)<br>
* 該方法已被generateFileSign取代
* </p>
*
* @param filePath 文件路徑
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
* @throws Exception
*/
@Deprecated
public static byte[] signFile(String filePath, String keyStorePath, String alias, String password) throws Exception {
FileInputStream in = null;
FileChannel fileChannel = null;
try {
byte[] sign = null;
// 獲得證書
X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password);
// 獲取私鑰
KeyStore keyStore = getKeyStore(keyStorePath, password);
// 取得私鑰
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
// 構建簽名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initSign(privateKey);
File file = new File(filePath);
if (file.exists()) {
in = new FileInputStream(file);
fileChannel = in.getChannel();
MappedByteBuffer byteBuffer = fileChannel.map(FileChannel.MapMode.READ_ONLY, 0, file.length());
signature.update(byteBuffer);
sign = signature.sign();
}
return sign;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (fileChannel != null) {
try {
fileChannel.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 生成文件數字簽名
* </p>
*
* <p>
* <b>注意:</b><br>
* 生成簽名時update的byte數組大小和驗證簽名時的大小應相同,否則驗證無法通過
* </p>
*
* @param filePath
* @param keyStorePath
* @param alias
* @param password
* @return
* @throws Exception
*/
public static byte[] generateFileSign(String filePath, String keyStorePath, String alias, String password) throws Exception {
FileInputStream in = null;
try {
byte[] sign = null;
// 獲得證書
X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password);
// 獲取私鑰
KeyStore keyStore = getKeyStore(keyStorePath, password);
// 取得私鑰
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
// 構建簽名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initSign(privateKey);
File file = new File(filePath);
if (file.exists()) {
in = new FileInputStream(file);
byte[] cache = new byte[CACHE_SIZE];
int nRead = 0;
while ((nRead = in.read(cache)) != -1) {
signature.update(cache, 0, nRead);
}
sign = signature.sign();
}
return sign;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 文件簽名成BASE64編碼字符串
* </p>
*
* @param filePath
* @param keyStorePath
* @param alias
* @param password
* @return
* @throws Exception
*/
public static String signFileToBase64(String filePath, String keyStorePath, String alias, String password) throws Exception {
return Base64Util.encode(generateFileSign(filePath, keyStorePath, alias, password));
}
/**
* <p>
* 驗證簽名
* </p>
*
* @param data 已加密數據
* @param sign 數據簽名[BASE64]
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
public static boolean verifySign(byte[] data, String sign, String certificatePath) throws Exception {
// 獲得證書
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 獲得公鑰
PublicKey publicKey = x509Certificate.getPublicKey();
// 構建簽名
// Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
Signature signature = Signature.getInstance(SHA1WithRSA);
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(Base64Util.decode(sign));
}
/**
* <p>
* 校驗文件完整性
* </p>
* <p>
* 鑒於FileChannel存在的巨大Bug,該方法已停用,被validateFileSign取代
* </p>
*
* @param filePath 文件路徑
* @param sign 數據簽名[BASE64]
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
@Deprecated
public static boolean verifyFileSign(String filePath, String sign, String certificatePath) throws Exception {
FileInputStream in = null;
FileChannel fileChannel = null;
boolean result = false;
try {
// 獲得證書
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 獲得公鑰
PublicKey publicKey = x509Certificate.getPublicKey();
// 構建簽名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
File file = new File(filePath);
if (file.exists()) {
byte[] decodedSign = Base64Util.decode(sign);
in = new FileInputStream(file);
fileChannel = in.getChannel();
MappedByteBuffer byteBuffer = fileChannel.map(FileChannel.MapMode.READ_ONLY, 0, file.length());
signature.update(byteBuffer);
result = signature.verify(decodedSign);
}
return result;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (fileChannel != null) {
try {
fileChannel.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return result;
}
/**
* <p>
* 校驗文件簽名
* </p>
*
* @param filePath
* @param sign
* @param certificatePath
* @return
* @throws Exception
*/
public static boolean validateFileSign(String filePath, String sign, String certificatePath) throws Exception {
boolean result = false;
FileInputStream in = null;
try {
// 獲得證書
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 獲得公鑰
PublicKey publicKey = x509Certificate.getPublicKey();
// 構建簽名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
File file = new File(filePath);
if (file.exists()) {
byte[] decodedSign = Base64Util.decode(sign);
in = new FileInputStream(file);
byte[] cache = new byte[CACHE_SIZE];
int nRead = 0;
while ((nRead = in.read(cache)) != -1) {
signature.update(cache, 0, nRead);
}
result = signature.verify(decodedSign);
}
return result;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return result;
}
/**
* <p>
* BASE64解碼->簽名校驗
* </p>
*
* @param base64String BASE64編碼字符串
* @param sign 數據簽名[BASE64]
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
public static boolean verifyBase64Sign(String base64String, String sign, String certificatePath) throws Exception {
byte[] data = Base64Util.decode(base64String);
return verifySign(data, sign, certificatePath);
}
/**
* <p>
* BASE64解碼->公鑰解密-簽名校驗
* </p>
*
*
* @param base64String BASE64編碼字符串
* @param sign 數據簽名[BASE64]
* @param certificatePath 證書存儲路徑
* @return
* @throws Exception
*/
public static boolean verifyBase64SignWithDecrypt(String base64String, String sign, String certificatePath) throws Exception {
byte[] encryptedData = Base64Util.decode(base64String);
byte[] data = decryptByPublicKey(encryptedData, certificatePath);
return verifySign(data, sign, certificatePath);
}
/**
* <p>
* 文件公鑰解密->簽名校驗
* </p>
*
* @param encryptedFilePath 加密文件路徑
* @param sign 數字證書[BASE64]
* @param certificatePath
* @return
* @throws Exception
*/
public static boolean verifyFileSignWithDecrypt(String encryptedFilePath, String sign, String certificatePath) throws Exception {
byte[] encryptedData = fileToByte(encryptedFilePath);
byte[] data = decryptByPublicKey(encryptedData, certificatePath);
return verifySign(data, sign, certificatePath);
}
/**
* <p>
* 校驗證書當前是否有效
* </p>
*
* @param certificate 證書
* @return
*/
public static boolean verifyCertificate(Certificate certificate) {
return verifyCertificate(new Date(), certificate);
}
/**
* <p>
* 驗證證書是否過期或無效
* </p>
*
* @param date 日期
* @param certificate 證書
* @return
*/
public static boolean verifyCertificate(Date date, Certificate certificate) {
boolean isValid = true;
try {
X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity(date);
} catch (Exception e) {
isValid = false;
}
return isValid;
}
/**
* <p>
* 驗證數字證書是在給定的日期是否有效
* </p>
*
* @param date 日期
* @param certificatePath 證書存儲路徑
* @return
*/
public static boolean verifyCertificate(Date date, String certificatePath) {
Certificate certificate;
try {
certificate = getCertificate(certificatePath);
return verifyCertificate(certificate);
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* <p>
* 驗證數字證書是在給定的日期是否有效
* </p>
*
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
*/
public static boolean verifyCertificate(Date date, String keyStorePath, String alias, String password) {
Certificate certificate;
try {
certificate = getCertificate(keyStorePath, alias, password);
return verifyCertificate(certificate);
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* <p>
* 驗證數字證書當前是否有效
* </p>
*
* @param keyStorePath 密鑰庫存儲路徑
* @param alias 密鑰庫別名
* @param password 密鑰庫密碼
* @return
*/
public static boolean verifyCertificate(String keyStorePath, String alias, String password) {
return verifyCertificate(new Date(), keyStorePath, alias, password);
}
/**
* <p>
* 驗證數字證書當前是否有效
* </p>
*
* @param certificatePath 證書存儲路徑
* @return
*/
public static boolean verifyCertificate(String certificatePath) {
return verifyCertificate(new Date(), certificatePath);
}
/**
* <p>
* 文件轉換為byte數組
* </p>
*
* @param filePath 文件路徑
* @return
* @throws Exception
*/
public static byte[] fileToByte(String filePath) throws Exception {
byte[] data = null;
FileInputStream in = null;
ByteArrayOutputStream out = null;
try {
File file = new File(filePath);
if (file.exists()) {
in = new FileInputStream(file);
out = new ByteArrayOutputStream(2048);
byte[] cache = new byte[CACHE_SIZE];
int nRead = 0;
while ((nRead = in.read(cache)) != -1) {
out.write(cache, 0, nRead);
out.flush();
}
data = out.toByteArray();
}
return data;
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
return null;
}
/**
* <p>
* 二進制數據寫文件
* </p>
*
* @param bytes 二進制數據
* @param filePath 文件生成目錄
*/
public static void byteArrayToFile(byte[] bytes, String filePath) throws Exception {
InputStream in = null;
OutputStream out = null;
try {
in = new ByteArrayInputStream(bytes);
File destFile = new File(filePath);
if (!destFile.getParentFile().exists()) {
destFile.getParentFile().mkdirs();
}
destFile.createNewFile();
out = new FileOutputStream(destFile);
byte[] cache = new byte[CACHE_SIZE];
int nRead = 0;
while ((nRead = in.read(cache)) != -1) {
out.write(cache, 0, nRead);
out.flush();
}
} catch (Exception e) {
System.out.println(e.getMessage());
} finally {
if (out != null) {
try {
out.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
if (in != null) {
try {
in.close();
} catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
}
/**
* <p>
* 字符串 轉 二進制數組
* </p>
*
* @param src 待轉換數據
* @param type 字符類型
* @return byte[]
* @throws Exception
*/
public static byte[] StringToByte(String src, String type) throws Exception {
try {
return src.getBytes(type);
} catch (UnsupportedEncodingException e) {
System.out.println(e.getMessage());
}
return null;
}
/**
* <p>
* 二進制數組 轉 字符串
* </p>
*
* @param src 待轉換二進制數組
* @param type 字符類型
* @return byte[]
* @throws Exception
*/
public static String ByteToString(byte[] src, String type) throws Exception {
try {
return new String(src, type);
} catch (Exception e) {
System.out.println(e.getMessage());
}
return null;
}
/**
* <p>
* 數據URLDecoder解碼
* </p>
*
* @param src 待轉換數據
* @param type 編碼類型
* @return String
* @throws Exception
*/
public static String decode(String src, String type) throws Exception {
try {
return URLDecoder.decode(src, type);
} catch (Exception e) {
System.out.println(e.getMessage());
}
return null;
}
/**
* <p>
* 數據URLEncoder編碼
* </p>
*
* @param src 待轉換數據
* @param type 編碼類型
* @return String
* @throws Exception
*/
public static String encode(String src, String type) throws Exception {
try {
return URLEncoder.encode(src, type);
} catch (Exception e) {
System.out.println(e.getMessage());
}
return null;
}
}
測試方法:
public static void main(String[] args) throws Exception {
String environment = "uat";
String data = "這是一條測試字符串!";
String keyStorePath = "D:/Citificate/testKey/test.keystore";
String alias = "*.test.com";
String password = "password";
String certificatePath = "D:/Citificate/testKey/test.cer";
// 私鑰簽名——公鑰驗證簽名
System.err.println("私鑰簽名——公鑰驗證簽名");
// 產生簽名
String sign = CertificateUtils.signToBase64(data.getBytes("utf-8"), keyStorePath, alias, password);
System.out.println("私鑰簽名:" + sign);
boolean status = CertificateUtils.verifySign(data.getBytes("utf-8"), sign, certificatePath);
System.err.println("公鑰驗簽結果:" + status);
// 公鑰加密——私鑰解密
System.out.println("\n公鑰加密——私鑰解密");
byte[] encrypt = CertificateUtils.encryptByPublicKey(data.getBytes("utf-8"), certificatePath);
String encode = Base64Util.encode(encrypt);
System.out.println("公鑰加密:" + encode);
// 下面是安卓加密后的結果,使用 Cipher.getInstance("RSA/None/PKCS1Padding")
byte[] decrypt = CertificateUtils.decryptByPrivateKey(Base64Util.decode(encode), keyStorePath, alias, password);
String outputStr = new String(decrypt);
System.out.println("解密后:" + outputStr);
}