package com.szzs; import java.io.FileInputStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import javax.crypto.Cipher; public class CertificateCoder { // 類型證書X.509 public static final String CERT_TYPE = "X.509"; // 1.根據密鑰庫得到私鑰 private static PrivateKey getPrivateKeyByKeyStore(String keyStorePath,String alias, String password) throws Exception{ // 得到密鑰庫 KeyStore ks = getKeyStore(keyStorePath,password); // 根據別名和密碼獲取私鑰 PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password.toCharArray()); return privateKey; } // 2.根據證書獲取公鑰 private static PublicKey getPublicKeyByCertificate(String certificatePath) throws Exception { // 得到證書 Certificate certificate = getCertificate(certificatePath); // 得到證書公鑰 return certificate.getPublicKey(); } // 3.加載數字證書:certificatePath爲證書路徑 private static Certificate getCertificate(String certificatePath) throws Exception { // 實例化證書工廠 CertificateFactory certificateFactory = CertificateFactory.getInstance(CERT_TYPE); // 取得證書文件流 FileInputStream in = new FileInputStream(certificatePath); // 生成證書 Certificate certificate = certificateFactory.generateCertificate(in); //關閉證書文件流 in.close(); return certificate; } // 4.根據別名從密鑰庫得到數字證書 private static Certificate getCertificate(String keyStorePath, String alias, String password ) throws Exception { // 得到密鑰庫 KeyStore ks = getKeyStore(keyStorePath, password); // 得到證書 return ks.getCertificate(alias); } // 5.根據密鑰庫路徑得到KeyStore private static KeyStore getKeyStore(String keyStorepath, String password) throws Exception { // 實例化密鑰庫 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // 得到密鑰庫文件流 FileInputStream is = new FileInputStream(keyStorepath); // 加載密鑰庫 ks.load(is, password.toCharArray()); // 關閉密鑰庫文件流 is.close(); return ks; } // 6.私鑰加密 public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password) throws Exception { // 取得私鑰 PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath,alias,password); // 對數據加密 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal(data); } // 7.私鑰解密 public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password) throws Exception { // 取得私鑰 PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath,alias,password); // 對數據加密 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); } // 8.公鑰加密:返回加密後數據 public static byte[] encryptByPublicKey(byte[] data, String certificatePath) throws Exception { // 取得公鑰 PublicKey publicKey = getPublicKeyByCertificate(certificatePath); // 對數據加密 Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data); } // 9.公鑰解密 public static byte[] decryptByPublicKey(byte[] data, String certificatePath) throws Exception { // 取得私鑰 PublicKey publicKey = getPublicKeyByCertificate(certificatePath); // 對數據加密 Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); return cipher.doFinal(data); } // 10.獲取簽名 public static byte[] sign(byte[] sign, String keyStorePath, String alias, String password) throws Exception { // 根據密鑰庫路徑,密鑰庫別名,密碼得到證書 X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password); // 構建簽名,由證書指定簽名算法 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); // 得到私鑰 PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath, alias, password); // 初始化簽名,由私鑰構建 signature.initSign(privateKey); signature.update(sign); return signature.sign(); //返回簽名 } // 11.驗證簽名,簽名爲真返回ture public static boolean verify(byte[] data, byte[] sign, String certificatePath) throws Exception { // 得到證書 X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath); // 構建簽名,由證書指定簽名算法 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); // 由證書初始化簽名,實際是用了證書中的公鑰 signature.initVerify(x509Certificate); signature.update(data); return signature.verify(sign); } }
測試:java
package com.szzs; // 基於密鑰庫和數字證書的加密解密和簽名驗證操做 public class CertificateCoderTest { private String password = "123456"; private String alias = "www.zlex.org"; private String certficatePath = "D:/zlex.cer"; // 數字證書 private String keyStorePath = "D:/zlex.keystore"; // 密鑰庫 // 1.公鑰加密,私鑰解密 public void test1() throws Exception { System.out.println("公鑰加密--私鑰解密"); String inputStr = "數字證書"; byte[] data = inputStr.getBytes(); // 公鑰加密 byte[] encrypt = CertificateCoder.encryptByPublicKey(data, certficatePath); // 私鑰解密 byte[] decrypt = CertificateCoder.decryptByPrivateKey(data, keyStorePath, alias, password); String outputStr = new String(decrypt); System.err.println("加密前:\n" + inputStr); System.err.println("解密後:\n" + outputStr); // 驗證數據一致 // assertArrayEquals(data, decrypt); } // 2.私鑰加密,公鑰解密 public void test2() throws Exception { System.out.println("私鑰加密--公鑰解密"); String inputStr = "數字簽名"; byte[] data = inputStr.getBytes(); // 私鑰加密 byte[] encodedData = CertificateCoder.encryptByPrivateKey(data, keyStorePath, alias, password); // 公鑰解密 byte[] decodedData = CertificateCoder.decryptByPublicKey(data, certficatePath); String outputStr = new String(decodedData); System.err.println("加密前:\n" + inputStr); System.err.println("解密後:\n" + outputStr); // 驗證數據一致 // assertEquals(inputStr, outputStr); } // 3.簽名驗證 public void testSign() throws Exception { String inputStr = "簽名"; byte[] data = inputStr.getBytes(); System.out.println("私鑰簽名---公鑰驗證"); // 產生簽名 byte[] sign = CertificateCoder.sign(data, keyStorePath, alias, password); // System.err.println("簽名:\n" + Hex.encodeHexString(sign)); // 驗證簽名 boolean status = CertificateCoder.verify(data, sign, certficatePath); System.err.println("狀態:\n" + status); // 校驗 // assertTure(status); } }