1.業務場景,公司做理財業務,但是可能有第三方合作。與第三方合作獲得更多客戶流量。別人可以在第三方進行購買理財產品。那么怎么保證交易信息的安全性那,我們這里給出rsa加密實現原理。
2.工具類rsa:
公鑰私鑰的生成百度一下有在線生成的網站。
-
import java.security.KeyFactory;
-
import java.security.PrivateKey;
-
import java.security.PublicKey;
-
import java.security.Signature;
-
import java.security.spec.PKCS8EncodedKeySpec;
-
import java.security.spec.X509EncodedKeySpec;
-
-
import org.apache.commons.codec.binary.Base64;
-
import org.slf4j.Logger;
-
import org.slf4j.LoggerFactory;
-
-
import lombok.extern.slf4j.Slf4j;
-
-
/**
-
* 使用私鑰將明文進行簽名生成秘聞串與明文一起傳輸。對方收到數據后通過公鑰對明文與明文進行驗簽。
-
* 若驗簽通過就說明第一數據沒有被修改過;第二這些數據一定是持有私鑰的人發送的,因為私鑰自己持有,
-
* 這就起到了防止抵賴的作用。
-
*/
-
@Slf4j
-
public
class RSAUtil {
-
static Logger LOG = LoggerFactory.getLogger(RSAUtil.class);
-
-
private
static
final String SIGNATURE_ALGORITHM =
"SHA1withRSA";
//簽名算法
-
private
static
final String KEY_ALGORITHM =
"RSA";
//加密算法RSA
-
-
/**
-
* 公鑰驗簽
-
*
-
* @param text 原字符串
-
* @param sign 簽名結果
-
* @param publicKey 公鑰
-
* @return 驗簽結果
-
*/
-
public static boolean verify(String text, String sign, String publicKey) {
-
try {
-
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
-
PublicKey key = KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(
new X509EncodedKeySpec(Base64.decodeBase64(publicKey)));
-
signature.initVerify(key);
-
signature.update(text.getBytes());
-
return signature.verify(Base64.decodeBase64(sign));
-
}
catch (Exception e) {
-
LOG.error(
"驗簽失敗:text={},sign={}", text, sign, e);
-
}
-
return
false;
-
}
-
-
/**
-
* 簽名字符串
-
*
-
* @param text 需要簽名的字符串
-
* @param privateKey 私鑰(BASE64編碼)
-
* @return 簽名結果(BASE64編碼)
-
*/
-
public static String sign(String text, String privateKey) {
-
byte[] keyBytes = Base64.decodeBase64(privateKey);
-
PKCS8EncodedKeySpec pkcs8KeySpec =
new PKCS8EncodedKeySpec(keyBytes);
-
try {
-
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
-
PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
-
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
-
signature.initSign(privateK);
-
signature.update(text.getBytes());
-
byte[] result = signature.sign();
-
return Base64.encodeBase64String(result);
-
}
catch (Exception e) {
-
LOG.error(
"簽名失敗,text={}", text, e);
-
}
-
return
null;
-
}
-
-
private
static
final String publicKey =
"aaaaaaaaa" ;
-
private
static
final String privateKey =
"bbbbbbbbb";
-
-
public static void main(String[] args) {
-
String text =
"hello world";
-
String sign = RSAUtil.sign(text, privateKey);
-
log.info(sign);
-
boolean verify = RSAUtil.verify(text, sign, publicKey);
-
log.info(
"result: {}",verify);
-
}
-
}
3.對數據進行加密之前,首先要保證數據的順序一致性,順序不一致可能會導致生成的密文不同。我們這里默認采用拼音排序。
-
import com.fasterxml.jackson.annotation.JsonInclude;
-
import com.fasterxml.jackson.annotation.JsonPropertyOrder;
-
import com.happylaishop.admin.util.JsonUtil;
-
-
/**
-
* 簽名明文,字典即拼音進行排序
-
*/
-
@JsonInclude(JsonInclude.Include.NON_NULL)
-
@JsonPropertyOrder(alphabetic =
true)
-
public
interface SignText {
-
default String toText(){
-
return JsonUtil.obj2String(
this);
-
}
-
}
4.采用AOP進行校驗。請求方法中前三個參數是string, string SignText的我們進行攔截校驗。
authId表示認證對象id,雙方約定好。
sign 表示密文簽名
text 傳輸的數據
-
import org.aspectj.lang.annotation.Aspect;
-
import org.aspectj.lang.annotation.Before;
-
import org.springframework.beans.factory.annotation.Autowired;
-
import org.springframework.stereotype.Component;
-
import org.springframework.util.Assert;
-
-
import xxx.util.RSAUtil;
-
-
/**
-
* 驗簽aop
-
*/
-
@Component
-
@Aspect
-
public
class SignAop {
-
-
@Autowired
-
private SignService signService;
-
-
@Before(value =
"execution(* com.happylaishop.admin.controller.*.*(..)) && args(authId,sign,text,..)")
-
public void verify(String authId,String sign,SignText text){
-
/**根據認證id獲取對應的公鑰*/
-
String publicKey = signService.getPublicKey(authId);
-
//拿到公鑰之后驗簽,若驗簽通過,執行后續業務邏輯,否則報異常
-
Assert.isTrue(RSAUtil.verify(text.toText(),sign,publicKey),
"驗簽失敗");
-
}
-
}
-
import org.springframework.stereotype.Service;
-
-
import java.util.HashMap;
-
import java.util.Map;
-
-
/**
-
* 簽名服務
-
*/
-
@Service
-
public
class SignService {
-
static Map<String,String> PUBLIC_KEYS =
new HashMap<>();
-
static {
-
PUBLIC_KEYS.put(
"1000",
"aaaaaaaa");
-
}
-
-
/**
-
* 根據授權編號獲取公鑰
-
* @param authId
-
* @return
-
*/
-
public String getPublicKey(String authId){
-
return PUBLIC_KEYS.get(authId);
-
}
-
}
我們這里給出一個傳輸數據,訂單對象;
-
import java.math.BigDecimal;
-
import java.util.Date;
-
-
import com.fasterxml.jackson.annotation.JsonFormat;
-
-
import lombok.Getter;
-
import lombok.Setter;
-
import lombok.ToString;
-
import lombok.extern.slf4j.Slf4j;
-
-
@Getter
-
@Setter
-
@ToString
-
public
class OrderParam implements SignText{
-
-
private String chanId;
-
-
private String chanUserId;
-
-
private String productId;
-
-
private BigDecimal amount;
-
-
private String outerOrderId;
-
-
private String memo;
-
-
@JsonFormat(pattern =
"YYYY-MM-DD HH:mm:ss")
-
private Date createAt;
-
-
public static void main(String[] args) {
-
OrderParam order =
new OrderParam();
-
order.setAmount(
new BigDecimal(
"100"));
-
order.setChanId(
"1000");
-
order.setChanUserId(
"1000");
-
order.setProductId(
"1");
-
SignText signText = order;
-
String text = signText.toText();
-
System.out.println(text);
-
}
-
}