證書簽名
package test; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Base64; import java.util.Enumeration; /** * 私鑰簽名,公鑰驗簽 * @author jinzhm * */ public class SignUtil { private static String CHARSET_ENCODING = "UTF-8"; private static String ALGORITHM = "SHA256withRSA"; /** * 簽名 * @param srcData * @param privateKeyPath * @param privateKeyPwd * @return */ public static String sign(String srcData, String privateKeyPath, String privateKeyPwd){ if(srcData==null || privateKeyPath==null || privateKeyPwd==null){ return ""; } try { // 獲取證書的私鑰 PrivateKey key = readPrivate(privateKeyPath, privateKeyPwd); // 進行簽名服務 Signature signature = Signature.getInstance(ALGORITHM); signature.initSign(key); signature.update(srcData.getBytes(CHARSET_ENCODING)); byte[] signedData = signature.sign(); return Base64.getEncoder().encodeToString(signedData); } catch (Exception e) { e.printStackTrace(); } return ""; } /** * 驗簽 * @param srcData * @param signedData * @param publicKeyPath * @return */ public static boolean verify(String srcData, String signedData, String publicKeyPath){ if(srcData==null || signedData==null || publicKeyPath==null){ return false; } try { PublicKey publicKey = readPublic(publicKeyPath); Signature sign = Signature.getInstance(ALGORITHM); sign.initVerify(publicKey); sign.update(srcData.getBytes(CHARSET_ENCODING)); return sign.verify(Base64.getDecoder().decode(signedData)); } catch (Exception e) { e.printStackTrace(); } return false; } /** * 讀取公鑰 * @param publicKeyPath * @return */ private static PublicKey readPublic(String publicKeyPath){ if(publicKeyPath==null){ return null; } PublicKey pk = null; FileInputStream bais = null; try { CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509"); bais = new FileInputStream(publicKeyPath); X509Certificate cert = (X509Certificate)certificatefactory.generateCertificate(bais); pk = cert.getPublicKey(); } catch (CertificateException e) { e.printStackTrace(); } catch (FileNotFoundException e) { e.printStackTrace(); } finally{ if(bais != null){ try { bais.close(); } catch (IOException e) { e.printStackTrace(); } } } return pk; } /** * 讀取私鑰 * @param path * @return */ private static PrivateKey readPrivate(String privateKeyPath, String privateKeyPwd){ if(privateKeyPath==null || privateKeyPwd==null){ return null; } InputStream stream = null; try { // 獲取JKS 服務器私有證書的私鑰,取得標准的JKS的 KeyStore實例 KeyStore store = KeyStore.getInstance("JKS"); stream = new FileInputStream(new File(privateKeyPath)); // jks文件密碼,根據實際情況修改 store.load(stream, privateKeyPwd.toCharArray()); // 獲取jks證書別名 Enumeration en = store.aliases(); String pName = null; while (en.hasMoreElements()) { String n = (String) en.nextElement(); if (store.isKeyEntry(n)) { pName = n; } } // 獲取證書的私鑰 PrivateKey key = (PrivateKey) store.getKey(pName, privateKeyPwd.toCharArray()); return key; } catch (Exception e) { e.printStackTrace(); } finally { if(stream != null){ try { stream.close(); } catch (IOException e) { e.printStackTrace(); } } } return null; } }