java讀取證書(shū)公鑰的實(shí)現(xiàn)
使用javax.security.cert.X509Certificate進(jìn)行解析
URL url = Demo.class.getClassLoader().getResource('C000024.crt'); //證書(shū)路徑System.out.println('公鑰所在路徑:'+url.getFile());X509Certificate cert = X509Certificate.getInstance(new FileInputStream(url.getFile()));PublicKey publicKey = cert.getPublicKey();BASE64Encoder base64Encoder=new BASE64Encoder();String publicKeyString = base64Encoder.encode(publicKey.getEncoded());System.out.println('-----------------公鑰--------------------');System.out.println(publicKeyString);System.out.println('-----------------公鑰--------------------');方式2:
使用java.security.cert.X509Certificate進(jìn)行解析
URL url = Demo.class.getClassLoader().getResource('C000024.crt'); //證書(shū)路徑System.out.println('公鑰所在路徑:'+url.getFile());CertificateFactory cf = CertificateFactory.getInstance('X.509');X509Certificate cert = (X509Certificate)cf.generateCertificate(new FileInputStream(url.getFile()));PublicKey publicKey = cert.getPublicKey(); BASE64Encoder base64Encoder=new BASE64Encoder();String publicKeyString = base64Encoder.encode(publicKey.getEncoded());System.out.println('-----------------公鑰--------------------');System.out.println(publicKeyString);System.out.println('-----------------公鑰--------------------');
說(shuō)明:
因?yàn)橹蛔鍪纠瑳](méi)有進(jìn)行異常處理和流的釋放,方式1的代碼可能少點(diǎn),方式2需要強(qiáng)轉(zhuǎn),美觀上可能方式1更好看點(diǎn),但方式1的實(shí)質(zhì)還是調(diào)用的方式2,方式2內(nèi)部有實(shí)現(xiàn)緩存策略。更多可以參考下api文檔,文檔上有提供示例。
補(bǔ)充:JAVA生成RSA公鑰和私鑰及RSA對(duì)數(shù)據(jù)的加簽和驗(yàn)簽
背景:最近來(lái)到了新的公司,公司做的是保險(xiǎn)支付相關(guān)業(yè)務(wù),對(duì)接渠道的時(shí)候經(jīng)常會(huì)用到數(shù)據(jù)的加簽和驗(yàn)簽,初次涉及RSA加簽驗(yàn)簽,通過(guò)網(wǎng)站生成了RSA公鑰和私鑰,用私鑰將我要傳送的數(shù)據(jù)進(jìn)行了加簽,并將我的公鑰提供給了渠道方進(jìn)行驗(yàn)簽,結(jié)果在聯(lián)調(diào)的時(shí)候,驗(yàn)簽總是錯(cuò)誤,渠道方用自己的私鑰對(duì)數(shù)據(jù)加簽后再用自己的公鑰對(duì)數(shù)據(jù)進(jìn)行驗(yàn)簽卻能通過(guò),于是我也用自己的私鑰對(duì)數(shù)據(jù)進(jìn)行加簽后再用自己的公鑰對(duì)數(shù)據(jù)進(jìn)行驗(yàn)簽,結(jié)果讓我驚訝,居然沒(méi)有通過(guò)!
到了這里,產(chǎn)生錯(cuò)誤的原因基本上已經(jīng)一目了然了,我通過(guò)網(wǎng)站生成的公私鑰是無(wú)法配對(duì)的,這當(dāng)中可能涉及到了網(wǎng)站生成公私鑰的時(shí)候已經(jīng)對(duì)公私鑰進(jìn)行了處理,比如說(shuō)PKCS8的處理,所以決定自己用Java來(lái)生成RSA公鑰和私鑰進(jìn)行驗(yàn)證測(cè)試,文檔寫(xiě)出來(lái)了,測(cè)試結(jié)果自然已經(jīng)知道了,是通過(guò)的。
以下為完整的驗(yàn)簽過(guò)程:啟動(dòng)類:ZhongbaohuiApplication.java
package com.test.zhongbaohui; import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplicationpublic class ZhongbaohuiApplication { public static void main(String[] args) { SpringApplication.run(ZhongbaohuiApplication.class, args); }}
請(qǐng)求Controller:RequestController.java
package com.test.zhongbaohui.controller; import com.alibaba.fastjson.JSONObject;import com.test.zhongbaohui.utils.RSASignUtils;import lombok.extern.slf4j.Slf4j;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.web.bind.annotation.PostMapping;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.util.HashMap;import java.util.Map; /** * @program: zhongbaohui * @package: com.test.zhongbaohui.controller * @description: * @auther: chengjunyu * @createDate: 2019/12/6 22:05 */@RestController@RequestMapping(value='/test')@Slf4jpublic class RequestController { @Autowired private ResponseController responseController; @PostMapping('/getJsonObject') private String getJsonObject(HttpServletRequest request, HttpServletResponse response) { JSONObject jsonObject = new JSONObject(); jsonObject.put('signType', 'RSA'); jsonObject.put('enterpriseId', '201975538583911110'); jsonObject.put('nonce', 'b0eed33073664f5fa983c5b774dbd4b6'); jsonObject.put('timestamp', '2019-12-07 01:19:25'); Map<String, Object> map = new HashMap<>(); map.put('bankCode', '其他'); map.put('batchNo', '201975538583911110b1084fa29f6c'); map.put('bankCardNumber', '6217856100077026406'); map.put('paymentNote', '傭金發(fā)放'); map.put('idCardNumber', '320123199103104650'); map.put('mobile', '15365176555'); map.put('bankName', '中國(guó)銀行'); map.put('outEnterpriseOrderNo', 'T20191207011545663692017'); map.put('realPayment', '1.00'); map.put('serviceId', '201968613430727001'); map.put('userName', '程俊予'); jsonObject.put('data', map); //私鑰內(nèi)容 String privateKey = 'MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgFnOID56YNquwenrgnW1Ud+GBcSFojPOY00+TYq/qHVaprGPeuKlAcBebkyj4+G3H4t7e1DTOblQtZk/yi+2VcbDnhHQl3UVdkLkVMRXXCBPBJtjSo3RMMJFC6OCiKfzhujhhio7MJWWrMYLtAgMBAAECgYBplZud/CZv1KLzIA5bdbF2yk36FYoc3hl3iXLeiyp91NGc6hqhFSEyXPhvrZP0aAym9IC824Bjq4Gg7pkkHzYT3IGDCqqyodBYcdof8Jsk9t0G0Ll7G1dlQwl9R6+SAvauF5RUbwz5Byos6cnFbybfqAdRUdF96yH0Hw0QF1u8XQJBAPrpHvZpeOZNSY/M1wlJZv5gV1OoI9s+PZgJQHgWbT7FaiPDkZiAa7B6hGNBgUa7m4vEzGJNAOHxhdl1QMtlTjMCQQD3VInIf9EjKZn7LNcPQsl1AkXbwuXjtMceeuX43lcdapgQ+4Y6G5QU3fhwZxwsdZnUbLqJWzFgXw/F2E2DxopfAkBxGErgfsID7KpPquDySqel2P8DsjIXTIKu2Ny6REGRnaIt5KTnvFrN/StXIduHamC+K0KEvHi9XwQZ9IP0KgGJAkEA3hUzzywuP3OYhzhhN5vRx1YuIkGkKU3nSdAy9b+323seZoljooOm+QHDljKP0sAaS+sBqFqRQKa7Q/yQxdWd4wJBAIUXethFnMr3U9FetKHmWKwOPh23EHM0xPdVzMcb24WwK7QAXCMo71ugG6qqmBA+wYCrjPwbMu5XysB5+d5ZNC0='; String sign = RSASignUtils.sign(jsonObject, privateKey); log.info('驗(yàn)簽sign為:{}', sign); jsonObject.put('sign', sign); String message = responseController.returnMsg(jsonObject.toJSONString()); return message; }}
響應(yīng)Controller:ResponseController.java
package com.test.zhongbaohui.controller; import com.alibaba.fastjson.JSON;import com.alibaba.fastjson.JSONObject;import com.test.zhongbaohui.utils.RSASignUtils;import lombok.extern.slf4j.Slf4j;import org.springframework.web.bind.annotation.PostMapping;import org.springframework.web.bind.annotation.RestController; /** * @program: zhongbaohui * @package: com.test.zhongbaohui.controller * @description: * @auther: chengjunyu * @createDate: 2019/12/7 20:46 */@RestController@Slf4jpublic class ResponseController { @PostMapping('/returnMsg') public String returnMsg(String message) { JSONObject jsonObject = JSONObject.parseObject(message); log.info('接受請(qǐng)求內(nèi)容為:{}', jsonObject.toJSONString()); String sign = jsonObject.getString('sign'); jsonObject.remove('sign'); String publicKey = 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5gn/eAnLyf6xZziA+emDarsHp64J1tVHfhgXEhaIzzmNNPk2Kv6h1Wqaxj3ripQHAXm5Mo+Phtx+Le3tQ0zm5ULWZP8ovtlXGw54R0Jd1FXZC5FTEV1wgTwSbY0qN0TDCRQujgoin84bo4YYqOzCVlqzGC7QIDAQAB'; boolean flag = RSASignUtils.verify(jsonObject, publicKey, sign); JSONObject object = new JSONObject(); if(flag) { object.put('code', '200'); object.put('status', 'success'); object.put('message:', '驗(yàn)簽成功'); }else { object.put('code', '400'); object.put('status', 'failure'); object.put('message:', '驗(yàn)簽失敗'); } return object.toJSONString(); }}
RSA工具類:RSASignUtils.java
package com.test.zhongbaohui.utils; import com.alibaba.fastjson.JSONObject;import lombok.extern.slf4j.Slf4j;import org.apache.tomcat.util.codec.binary.Base64;import org.springframework.stereotype.Component;import sun.misc.BASE64Decoder;import sun.misc.BASE64Encoder; import java.io.IOException;import java.io.UnsupportedEncodingException;import java.security.*;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.InvalidKeySpecException;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map; /** * @program: zhongbaohui * @package: com.test.zhongbaohui.controller * @description: * @auther: chengjunyu * @createDate: 2019/12/6 23:03 */@Slf4j@Componentpublic class RSASignUtils { public static final String KEY_ALGORITHM = 'RSA'; private static final String PUBLIC_KEY = 'RSAPublicKey'; private static final String PRIVATE_KEY = 'RSAPrivateKey'; public static final String SIGNATURE_ALGORITHM='MD5withRSA'; public static final Integer RSA_KEY_SIZE = 1024; /* * @function: 使用字符串格式的私鑰為JSONObject格式的內(nèi)容加簽 * @param: [jsonObject, privateKey] * @return: java.lang.String * @auther: chengjunyu * @date: 2019/12/7 21:06 */ public static String sign(JSONObject jsonObject, String privateKey) { String signMsg = ''; String data = jsonObject.toString(); log.info('加簽對(duì)象內(nèi)容為:{}', data); try { byte[] keyBytes = decryptBASE64(privateKey); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance('RSA'); PrivateKey key = keyFactory.generatePrivate(keySpec); Signature signature = Signature.getInstance('MD5withRSA'); signature.initSign(key); signature.update(data.getBytes('ISO-8859-1')); signMsg = Base64.encodeBase64String(signature.sign()); } catch (Exception var8) { var8.printStackTrace(); } return signMsg; } /* * @function: 使用字符串格式的公鑰為JSONObject格式的內(nèi)容驗(yàn)簽 * @param: [jsonObject, publicKey, sign] * @return: boolean * @auther: chengjunyu * @date: 2019/12/8 14:56 */ public static boolean verify(JSONObject jsonObject, String publicKey, String sign) { String s = jsonObject.toJSONString(); log.info('s:{}',s); boolean rs = false; try { byte[] keyBytes = decryptBASE64(publicKey); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance('RSA'); PublicKey key = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance('MD5withRSA'); signature.initVerify(key); signature.update(s.getBytes('ISO-8859-1')); return signature.verify(Base64.decodeBase64(sign.getBytes())); } catch (Exception var9) { var9.printStackTrace(); return rs; } } /* * @function: 獲取PublicKey格式的公鑰,本例中未使用 * @param: [key] * @return: java.security.PublicKey * @auther: chengjunyu * @date: 2019/12/8 16:10 */ public static PublicKey getPublicKey(String key) { PublicKey publicKey = null; try { byte[] keyBytes = (new BASE64Decoder()).decodeBuffer(key); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); // RSA對(duì)稱加密算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取公鑰匙對(duì)象 publicKey = keyFactory.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } return publicKey; } /* * @function: 獲取PublicKey格式的私鑰,本例中未使用 * @param: [key] * @return: java.security.PrivateKey * @auther: chengjunyu * @date: 2019/12/8 16:10 */ public static PrivateKey getPrivateKey(String key) { PrivateKey privateKey = null; try { byte[] keyBytes = (new BASE64Decoder()).decodeBuffer(key); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); privateKey = keyFactory.generatePrivate(keySpec); } catch (IOException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (InvalidKeySpecException e) { e.printStackTrace(); } return privateKey; } /* * @function: 初始化公鑰和私鑰 * @param: [] * @return: java.util.Map<java.lang.String,java.lang.Object> * @auther: chengjunyu * @date: 2019/12/8 14:34 */ public static Map<String, Object> initKey() { KeyPairGenerator keyPairGen = null; try { keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } keyPairGen.initialize(RSA_KEY_SIZE); KeyPair keyPair = keyPairGen.generateKeyPair(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); Map<String, Object> keyMap = new HashMap<String, Object>(2); keyMap.put(PUBLIC_KEY, publicKey); keyMap.put(PRIVATE_KEY, privateKey); return keyMap; } //獲得公鑰字符串 public static String getPublicKeyStr(Map<String, Object> keyMap) { //獲得map中的公鑰對(duì)象 轉(zhuǎn)為key對(duì)象 Key key = (Key) keyMap.get(PUBLIC_KEY); //編碼返回字符串 return encryptBASE64(key.getEncoded()); } //獲得私鑰字符串 public static String getPrivateKeyStr(Map<String, Object> keyMap) { //獲得map中的私鑰對(duì)象 轉(zhuǎn)為key對(duì)象 Key key = (Key) keyMap.get(PRIVATE_KEY); //編碼返回字符串 return encryptBASE64(key.getEncoded()); } //編碼返回字符串 public static String encryptBASE64(byte[] key) { return (new BASE64Encoder()).encodeBuffer(key); } //解碼返回byte public static byte[] decryptBASE64(String key) { byte[] bytes = null; try { return (new BASE64Decoder()).decodeBuffer(key); } catch (IOException e) { return bytes; } } public static void main(String[] args) { Map<String, Object> keyMap = initKey(); String publicKey = getPublicKeyStr(keyMap); log.info('JAVA生成RSA公鑰:{}', publicKey); String privateKey = getPrivateKeyStr(keyMap); log.info('JAVA生成RSA私鑰:{}', privateKey); }}
注意:
本文中請(qǐng)求和響應(yīng)類中的私鑰和公鑰均是不完整的,在請(qǐng)求和響應(yīng)類中的私鑰和公鑰由RSASignUtils工具類生成后,再替代入請(qǐng)求和響應(yīng)類中,請(qǐng)求類中使用私鑰加簽,響應(yīng)類中使用公鑰驗(yàn)簽。
以上為個(gè)人經(jīng)驗(yàn),希望能給大家一個(gè)參考,也希望大家多多支持好吧啦網(wǎng)。如有錯(cuò)誤或未考慮完全的地方,望不吝賜教。
相關(guān)文章:
1. Nginx+php配置文件及原理解析2. 解決啟動(dòng)django,瀏覽器顯示“服務(wù)器拒絕訪問(wèn)”的問(wèn)題3. JSP數(shù)據(jù)交互實(shí)現(xiàn)過(guò)程解析4. css3溢出隱藏的方法5. python virtualenv和flask安裝沒(méi)有名為flask的模塊6. java中throws實(shí)例用法詳解7. CSS3實(shí)現(xiàn)動(dòng)態(tài)翻牌效果 仿百度貼吧3D翻牌一次動(dòng)畫(huà)特效8. Opencv+Python識(shí)別PCB板圖片的步驟9. ASP.NET MVC獲取多級(jí)類別組合下的產(chǎn)品10. 關(guān)于HTML5的img標(biāo)簽
網(wǎng)公網(wǎng)安備