文章16 | 阅读 7022 | 点赞0
系统之间在进行交互的时候,我们经常会用到数字证书,数字证书可以帮我们验证身份等,下面我们就来看一下在java中如何使用数字证书。
我们先使用keytool工具生成密钥库并导出公钥证书。
第一步:生成keyStroe文件
执行如下命令:
keytool -genkey -validity 36000 -alias www.jianggujin.com -keyalg RSA -keystore test.keystore
该命令相关参数如下:
输入完后,我们需要按照提示完成后续信息的输入,这里面我们使用的密码为:123456
第二步:导出公钥证书
生成完密钥库后,我们就可以导出公钥文件了,执行如下命令:
keytool -export -keystore test.keystore -alias www.jianggujin.com -file test.cer -rfc
该命令相关参数如下:
完整操作过程如下:
经过这两步后,我们就有了密钥库和证书文件,和之前的加密解密工具类一样,我们再来编写一个用于操作数字证书的工具类:
package com.jianggujin.codec;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import javax.crypto.Cipher;
import com.jianggujin.codec.util.JCipherInputStream;
import com.jianggujin.codec.util.JCipherOutputStream;
import com.jianggujin.codec.util.JCodecException;
import com.jianggujin.codec.util.JCodecUtils;
/** * 数字证书 * * @author jianggujin * */
public class JCertificate {
public final static String X509 = "X.509";
/** * 密钥库枚举 * * @author jianggujin * */
public static enum JKeyStore {
JCEKS, JKS, DKS, PKCS11, PKCS12;
public String getName() {
return this.name();
}
}
/** * 获得{@link KeyStore} * * @param in * @param password * @param keyStore * @return */
public static KeyStore getKeyStore(InputStream in, char[] password, JKeyStore keyStore) {
return getKeyStore(in, password, keyStore.getName());
}
/** * 获得{@link KeyStore} * * @param in * @param password * @param keyStore * @return * @throws Exception */
public static KeyStore getKeyStore(InputStream in, char[] password, String keyStore) {
try {
KeyStore ks = KeyStore.getInstance(keyStore);
ks.load(in, password);
return ks;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 列出别名 * * @param keyStore * @return */
public static List<String> listAlias(KeyStore keyStore) {
try {
Enumeration<String> aliasEnum = keyStore.aliases();
List<String> aliases = new ArrayList<String>();
while (aliasEnum.hasMoreElements()) {
aliases.add(aliasEnum.nextElement());
}
return aliases;
} catch (KeyStoreException e) {
throw new JCodecException(e);
}
}
/** * 获得私钥 * * @param keyStore * @param alias * @param password * @return */
public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, char[] password) {
try {
PrivateKey key = (PrivateKey) keyStore.getKey(alias, password);
return key;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 获得私钥 * * @param in * @param alias * @param password * @param keyStore * @return */
public static PrivateKey getPrivateKey(InputStream in, String alias, char[] password, JKeyStore keyStore) {
return getPrivateKey(in, alias, password, keyStore.getName());
}
/** * 获得私钥 * * @param in * @param alias * @param password * @param keyStore * @return * @throws Exception */
public static PrivateKey getPrivateKey(InputStream in, String alias, char[] password, String keyStore) {
try {
KeyStore ks = getKeyStore(in, password, keyStore);
PrivateKey key = (PrivateKey) ks.getKey(alias, password);
return key;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 获得{@link Certificate} * * @param in * @return */
public static Certificate getCertificate(InputStream in) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
Certificate certificate = certificateFactory.generateCertificate(in);
return certificate;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 获得{@link Certificate} * * @param in * @param alias * @param password * @param keyStore * @return */
public static Certificate getCertificate(InputStream in, String alias, char[] password, JKeyStore keyStore) {
return getCertificate(in, alias, password, keyStore.getName());
}
/** * 获得{@link Certificate} * * @param in * @param alias * @param password * @param keyStore * @return */
public static Certificate getCertificate(InputStream in, String alias, char[] password, String keyStore) {
KeyStore ks = getKeyStore(in, password, keyStore);
return getCertificate(ks, alias);
}
/** * 获得{@link Certificate} * * @param keyStore * @param alias * @return */
public static Certificate getCertificate(KeyStore keyStore, String alias) {
try {
Certificate certificate = keyStore.getCertificate(alias);
return certificate;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 获得证书链 * * @param in * @param alias * @param password * @param keyStore * @return */
public static Certificate[] getCertificateChain(InputStream in, String alias, char[] password, JKeyStore keyStore) {
return getCertificateChain(in, alias, password, keyStore.getName());
}
/** * 获得证书链 * * @param in * @param alias * @param password * @param keyStore * @return */
public static Certificate[] getCertificateChain(InputStream in, String alias, char[] password, String keyStore) {
KeyStore ks = getKeyStore(in, password, keyStore);
return getCertificateChain(ks, alias);
}
/** * 获得证书链 * * @param keyStore * @param alias * @return */
public static Certificate[] getCertificateChain(KeyStore keyStore, String alias) {
try {
Certificate[] certificateChain = keyStore.getCertificateChain(alias);
return certificateChain;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 获得公钥 * * @param certificate * @return */
public static PublicKey getPublicKey(Certificate certificate) {
PublicKey key = certificate.getPublicKey();
return key;
}
/** * 获得公钥 * * @param in * @return */
public static PublicKey getPublicKey(InputStream in) {
Certificate certificate = getCertificate(in);
return getPublicKey(certificate);
}
/** * 获得公钥 * * @param in * @param alias * @param password * @param keyStore * @return */
public static PublicKey getPublicKey(InputStream in, String alias, char[] password, JKeyStore keyStore) {
return getPublicKey(in, alias, password, keyStore.getName());
}
/** * 获得公钥 * * @param in * @param alias * @param password * @param keyStore * @return */
public static PublicKey getPublicKey(InputStream in, String alias, char[] password, String keyStore) {
Certificate certificate = getCertificate(in, alias, password, keyStore);
return getPublicKey(certificate);
}
/** * 获得公钥 * * @param keyStore * @param alias * @return */
public static PublicKey getPublicKey(KeyStore keyStore, String alias) {
Certificate certificate = getCertificate(keyStore, alias);
return getPublicKey(certificate);
}
/** * 验证{@link Certificate}是否过期或无效 * * @param date * @param certificate * @return */
public static boolean verifyCertificate(Date date, Certificate certificate) {
X509Certificate x509Certificate = (X509Certificate) certificate;
try {
x509Certificate.checkValidity(date);
return true;
} catch (CertificateExpiredException e1) {
return false;
} catch (CertificateNotYetValidException e1) {
return false;
}
}
/** * 验证{@link Certificate}是否过期或无效 * * @param certificate * @return */
public static boolean verifyCertificate(Certificate certificate) {
return verifyCertificate(new Date(), certificate);
}
/** * 验证{@link Certificate}是否过期或无效 * * @param in * @return */
public static boolean verifyCertificate(InputStream in) {
Certificate certificate = getCertificate(in);
return verifyCertificate(certificate);
}
/** * 验证{@link Certificate}是否过期或无效 * * @param date * @param in * @return */
public static boolean verifyCertificate(Date date, InputStream in) {
Certificate certificate = getCertificate(in);
return verifyCertificate(date, certificate);
}
/** * 验证{@link Certificate}是否过期或无效 * * @param in * @param alias * @param password * @param keyStore * @return */
public static boolean verifyCertificate(InputStream in, String alias, char[] password, JKeyStore keyStore) {
return verifyCertificate(in, alias, password, keyStore.getName());
}
/** * 验证{@link Certificate}是否过期或无效 * * @param in * @param alias * @param password * @param keyStore * @return */
public static boolean verifyCertificate(InputStream in, String alias, char[] password, String keyStore) {
Certificate certificate = getCertificate(in, alias, password, keyStore);
return verifyCertificate(certificate);
}
/** * 验证{@link Certificate}是否过期或无效 * * @param date * @param in * @param alias * @param password * @param keyStore * @return */
public static boolean verifyCertificate(Date date, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return verifyCertificate(date, in, alias, password, keyStore.getName());
}
/** * 验证{@link Certificate}是否过期或无效 * * @param date * @param in * @param alias * @param password * @param keyStore * @return */
public static boolean verifyCertificate(Date date, InputStream in, String alias, char[] password, String keyStore) {
Certificate certificate = getCertificate(in, alias, password, keyStore);
return verifyCertificate(date, certificate);
}
/** * 验证{@link Certificate}是否过期或无效 * * @param keyStore * @param alias * @return */
public static boolean verifyCertificate(KeyStore keyStore, String alias) {
Certificate certificate = getCertificate(keyStore, alias);
return verifyCertificate(certificate);
}
/** * 验证{@link Certificate}是否过期或无效 * * @param date * @param keyStore * @param alias * @return */
public static boolean verifyCertificate(Date date, KeyStore keyStore, String alias) {
Certificate certificate = getCertificate(keyStore, alias);
return verifyCertificate(date, certificate);
}
/** * 签名 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] sign(byte[] data, InputStream in, String alias, char[] password, JKeyStore keyStore) {
return sign(data, in, alias, password, keyStore.getName());
}
/** * 签名 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] sign(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
// 获得证书
Certificate certificate = getCertificate(in, alias, password, keyStore);
// 取得私钥
PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
return sign(data, certificate, privateKey);
}
/** * 签名 * * @param data * @param keyStore * @param alias * @param password * @return */
public static byte[] sign(byte[] data, KeyStore keyStore, String alias, char[] password) {
// 获得证书
Certificate certificate = getCertificate(keyStore, alias);
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
return sign(data, certificate, privateKey);
}
/** * 签名 * * @param data * @param certificate * @param privateKey * @return */
public static byte[] sign(byte[] data, Certificate certificate, PrivateKey privateKey) {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) certificate;
return sign(data, privateKey, x509Certificate.getSigAlgName());
}
/** * 签名 * * @param data * @param privateKey * @param signatureAlgorithm * @return */
public static byte[] sign(byte[] data, PrivateKey privateKey, String signatureAlgorithm) {
return JCodecUtils.sign(data, privateKey, signatureAlgorithm);
}
/** * 验签 * * @param data * @param sign * @param in * @return */
public static boolean verify(byte[] data, byte[] sign, InputStream in) {
// 获得证书
Certificate certificate = getCertificate(in);
return verify(data, sign, certificate);
}
/** * 验签 * * @param data * @param sign * @param certificate * @return */
public static boolean verify(byte[] data, byte[] sign, Certificate certificate) {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) certificate;
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
return verify(data, sign, publicKey, x509Certificate.getSigAlgName());
}
/** * 验签 * * @param data * @param sign * @param publicKey * @param signatureAlgorithm * @return */
public static boolean verify(byte[] data, byte[] sign, PublicKey publicKey, String signatureAlgorithm) {
return JCodecUtils.verify(data, sign, publicKey, signatureAlgorithm);
}
/** * 验签 * * @param data * @param sign * @param keyStore * @param alias * @return */
public static boolean verify(byte[] data, byte[] sign, KeyStore keyStore, String alias) {
Certificate certificate = getCertificate(keyStore, alias);
return verify(data, sign, certificate);
}
/** * 验签,遍历密钥库中的所有公钥 * * @param data * @param sign * @param keyStore * @return */
public static boolean verify(byte[] data, byte[] sign, KeyStore keyStore) {
try {
Enumeration<String> aliasEnum = keyStore.aliases();
while (aliasEnum.hasMoreElements()) {
if (verify(data, sign, keyStore.getCertificate(aliasEnum.nextElement())))
return true;
}
} catch (KeyStoreException e) {
throw new JCodecException(e);
}
return false;
}
/** * 私钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] encryptByPrivate(byte[] data, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return encryptByPrivate(data, in, alias, password, keyStore.getName());
}
/** * 私钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] encryptByPrivate(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
return encrypt(data, privateKey);
}
/** * 私钥加密 * * @param data * @param keyStore * @param alias * @param password * @return */
public static byte[] encryptByPrivate(byte[] data, KeyStore keyStore, String alias, char[] password) {
PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
return encrypt(data, privateKey);
}
/** * 私钥加密 * * @param data * @param privateKey * @return */
public static byte[] encrypt(byte[] data, PrivateKey privateKey) {
Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
return JCodecUtils.doFinal(data, cipher);
}
public static OutputStream wrapByPrivate(OutputStream out, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return wrapByPrivate(out, in, alias, password, keyStore.getName());
}
public static OutputStream wrapByPrivate(OutputStream out, InputStream in, String alias, char[] password,
String keyStore) {
PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
return wrap(out, privateKey);
}
public static OutputStream wrapByPrivate(OutputStream out, KeyStore keyStore, String alias, char[] password) {
PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
return wrap(out, privateKey);
}
public static OutputStream wrap(OutputStream out, PrivateKey privateKey) {
Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
return new JCipherOutputStream(cipher, out);
}
/** * 公钥加密 * * @param data * @param certificate * @return */
public static byte[] encrypt(byte[] data, Certificate certificate) {
PublicKey publicKey = certificate.getPublicKey();
return encrypt(data, publicKey);
}
/** * 公钥加密 * * @param data * @param in * @return */
public static byte[] encryptByPublic(byte[] data, InputStream in) {
PublicKey publicKey = getPublicKey(in);
return encrypt(data, publicKey);
}
/** * 公钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] encryptByPublic(byte[] data, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return encryptByPublic(data, in, alias, password, keyStore.getName());
}
/** * 公钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] encryptByPublic(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
return encrypt(data, publicKey);
}
/** * 公钥加密 * * @param data * @param keyStore * @param alias * @return */
public static byte[] encryptByPublic(byte[] data, KeyStore keyStore, String alias) {
PublicKey publicKey = getPublicKey(keyStore, alias);
return encrypt(data, publicKey);
}
/** * 公钥加密 * * @param data * @param publicKey * @return */
public static byte[] encrypt(byte[] data, PublicKey publicKey) {
Cipher cipher = getCipher(publicKey, Cipher.ENCRYPT_MODE);
return JCodecUtils.doFinal(data, cipher);
}
public static OutputStream wrap(OutputStream out, Certificate certificate) {
PublicKey publicKey = certificate.getPublicKey();
return wrap(out, publicKey);
}
public static OutputStream wrapByPublic(OutputStream out, InputStream in) {
PublicKey publicKey = getPublicKey(in);
return wrap(out, publicKey);
}
public static OutputStream wrapByPublic(OutputStream out, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return wrapByPublic(out, in, alias, password, keyStore.getName());
}
public static OutputStream wrapByPublic(OutputStream out, InputStream in, String alias, char[] password,
String keyStore) {
PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
return wrap(out, publicKey);
}
public static OutputStream wrapByPublic(OutputStream out, KeyStore keyStore, String alias) {
PublicKey publicKey = getPublicKey(keyStore, alias);
return wrap(out, publicKey);
}
public static OutputStream wrap(OutputStream out, PublicKey publicKey) {
Cipher cipher = getCipher(publicKey, Cipher.ENCRYPT_MODE);
return new JCipherOutputStream(cipher, out);
}
/** * 私钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] decryptByPrivate(byte[] data, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return decryptByPrivate(data, in, alias, password, keyStore.getName());
}
/** * 私钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] decryptByPrivate(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
return decrypt(data, privateKey);
}
/** * 私钥解密 * * @param data * @param keyStore * @param alias * @param password * @return */
public static byte[] decryptByPrivate(byte[] data, KeyStore keyStore, String alias, char[] password) {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
return decrypt(data, privateKey);
}
/** * 私钥解密 * * @param data * @param privateKey * @return */
public static byte[] decrypt(byte[] data, PrivateKey privateKey) {
Cipher cipher = getCipher(privateKey, Cipher.DECRYPT_MODE);
return JCodecUtils.doFinal(data, cipher);
}
public static InputStream wrapByPrivate(InputStream sIn, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return wrapByPrivate(sIn, in, alias, password, keyStore.getName());
}
public static InputStream wrapByPrivate(InputStream sIn, InputStream in, String alias, char[] password,
String keyStore) {
PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
return wrap(sIn, privateKey);
}
public static InputStream wrapByPrivate(InputStream sIn, KeyStore keyStore, String alias, char[] password) {
PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
return wrap(sIn, privateKey);
}
public static InputStream wrap(InputStream sIn, PrivateKey privateKey) {
Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
return new JCipherInputStream(cipher, sIn);
}
/** * 公钥解密 * * @param data * @param certificate * @return */
public static byte[] decrypt(byte[] data, Certificate certificate) {
PublicKey publicKey = certificate.getPublicKey();
return decrypt(data, publicKey);
}
/** * 公钥解密 * * @param data * @param in * @return */
public static byte[] decryptByPublic(byte[] data, InputStream in) {
PublicKey publicKey = getPublicKey(in);
return decrypt(data, publicKey);
}
/** * 公钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] decryptByPublic(byte[] data, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return decryptByPublic(data, in, alias, password, keyStore.getName());
}
/** * 公钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
public static byte[] decryptByPublic(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
return decrypt(data, publicKey);
}
/** * 公钥解密 * * @param data * @param keyStore * @param alias * @return */
public static byte[] decryptByPublic(byte[] data, KeyStore keyStore, String alias) {
PublicKey publicKey = getPublicKey(keyStore, alias);
return decrypt(data, publicKey);
}
/** * 公钥解密 * * @param data * @param publicKey * @return */
public static byte[] decrypt(byte[] data, PublicKey publicKey) {
Cipher cipher = getCipher(publicKey, Cipher.DECRYPT_MODE);
return JCodecUtils.doFinal(data, cipher);
}
public static InputStream wrap(InputStream sIn, Certificate certificate) {
PublicKey publicKey = certificate.getPublicKey();
return wrap(sIn, publicKey);
}
public static InputStream wrapByPublic(InputStream sIn, InputStream in) {
PublicKey publicKey = getPublicKey(in);
return wrap(sIn, publicKey);
}
public static InputStream wrapByPublic(InputStream sIn, InputStream in, String alias, char[] password,
JKeyStore keyStore) {
return wrapByPublic(sIn, in, alias, password, keyStore.getName());
}
public static InputStream wrapByPublic(InputStream sIn, InputStream in, String alias, char[] password,
String keyStore) {
PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
return wrap(sIn, publicKey);
}
public static InputStream wrapByPublic(InputStream sIn, KeyStore keyStore, String alias) {
PublicKey publicKey = getPublicKey(keyStore, alias);
return wrap(sIn, publicKey);
}
public static InputStream wrap(InputStream sIn, PublicKey publicKey) {
Cipher cipher = getCipher(publicKey, Cipher.DECRYPT_MODE);
return new JCipherInputStream(cipher, sIn);
}
public static Cipher getCipher(Key key, int opmode) {
JCodecUtils.checkOpMode(opmode);
try {
Cipher cipher = Cipher.getInstance(key.getAlgorithm());
cipher.init(opmode, key);
return cipher;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 导出公钥证书 * * @param out * @param certificate * @param rfc */
public static void export(OutputStream out, Certificate certificate, boolean rfc) {
try {
byte[] encoded = certificate.getEncoded();
if (rfc) {
out.write("-----BEGIN CERTIFICATE-----\r\n".getBytes());
out.write(JBase64.getMimeEncoder().encode(encoded));
out.write("\r\n-----END CERTIFICATE-----\r\n".getBytes());
} else out.write(encoded);
out.flush();
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 将密钥库转换为指定类型的密钥库 * * @param srcKeyStore * @param target * @param password * @param alias * 导出指定别名的证书 * @return */
public static KeyStore convert(KeyStore srcKeyStore, JKeyStore target, char[] password, String... alias) {
return convert(srcKeyStore, target.getName(), password, alias);
}
/** * 将密钥库转换为指定类型的密钥库 * * @param srcKeyStore * @param target * @param password * @param alias * 导出指定别名的证书 * @return */
public static KeyStore convert(KeyStore srcKeyStore, String target, char[] password, String... alias) {
try {
KeyStore outputKeyStore = KeyStore.getInstance(target);
outputKeyStore.load(null, password);
if (alias.length == 0) {
Enumeration<String> enums = srcKeyStore.aliases();
while (enums.hasMoreElements()) {
String keyAlias = enums.nextElement();
copyKeyEntry(srcKeyStore, outputKeyStore, keyAlias, password);
}
} else {
for (String keyAlias : alias) {
copyKeyEntry(srcKeyStore, outputKeyStore, keyAlias, password);
}
}
return outputKeyStore;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 复制 * * @param src * @param target * @param alias * @param password * @throws UnrecoverableKeyException * @throws KeyStoreException * @throws NoSuchAlgorithmException */
public static void copyKeyEntry(KeyStore src, KeyStore target, String alias, char[] password)
throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
if (src.isKeyEntry(alias)) {
Key key = src.getKey(alias, password);
Certificate[] certChain = src.getCertificateChain(alias);
target.setKeyEntry(alias, key, password, certChain);
}
}
}
package com.jianggujin.codec.util;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
/** * 加解密工具 * * @author jianggujin * */
public class JCodecUtils {
/** * 获得私钥 * * @param privateKey * @param algorithm * @return */
public static PrivateKey getPrivateKey(byte[] privateKey, String algorithm) {
try {
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey);
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
return keyFactory.generatePrivate(pkcs8KeySpec);
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 获得公钥 * * @param publicKey * @param algorithm * @return */
public static PublicKey getPublicKey(byte[] publicKey, String algorithm) {
try {
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey);
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
return keyFactory.generatePublic(keySpec);
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 检查加解密操作模式 * * @param opmode */
public static void checkOpMode(int opmode) {
if (opmode != Cipher.ENCRYPT_MODE && opmode != Cipher.DECRYPT_MODE)
throw new IllegalArgumentException("opmode invalid");
}
/** * 签名 * * @param data * @param privateKey * @param signatureAlgorithm * @return */
public static byte[] sign(byte[] data, PrivateKey privateKey, String signatureAlgorithm) {
try {
Signature signature = Signature.getInstance(signatureAlgorithm);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 验签 * * @param data * @param sign * @param publicKey * @param signatureAlgorithm * @return */
public static boolean verify(byte[] data, byte[] sign, PublicKey publicKey, String signatureAlgorithm) {
try {
Signature signature = Signature.getInstance(signatureAlgorithm);
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 按单部分操作加密或解密数据,或者结束一个多部分操作 * * @param data * @param cipher * @return */
public static byte[] doFinal(byte[] data, Cipher cipher) {
try {
return cipher.doFinal(data);
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 初始化密钥 * * @param algorithm * @param keySize * @return */
public static KeyPair initKey(String algorithm, int keySize) {
try {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(algorithm);
keyPairGen.initialize(keySize);
return keyPairGen.generateKeyPair();
} catch (Exception e) {
throw new JCodecException(e);
}
}
/** * 初始化密钥 * * @param algorithm * @return */
public static SecretKey initKey(String algorithm) {
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithm);
SecretKey secretKey = keyGenerator.generateKey();
return secretKey;
} catch (Exception e) {
throw new JCodecException(e);
}
}
}
编写测试工具类,使用我们刚才生成的密钥库和证书文件进行测试:
package com.jianggujin.codec.test;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import org.junit.Test;
import com.jianggujin.codec.JBase64;
import com.jianggujin.codec.JCertificate;
import com.jianggujin.codec.JCertificate.JKeyStore;
public class CertificateTest {
@Test
public void encode() throws Exception {
SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
char[] password = "123456".toCharArray();
String alias = "www.jianggujin.com";
String certificatePath = "test.cer";
String keyStorePath = "test.pfx";
byte[] data = "jianggujin".getBytes();
KeyStore keyStore = JCertificate.getKeyStore(getClass().getResourceAsStream(keyStorePath), password,
JKeyStore.JKS);
X509Certificate certificate = (X509Certificate) JCertificate
.getCertificate(getClass().getResourceAsStream(certificatePath));
PrivateKey privateKey = JCertificate.getPrivateKey(keyStore, alias, password);
PublicKey publicKey = JCertificate.getPublicKey(certificate);
System.out.println("是否有效:" + JCertificate.verifyCertificate(certificate));
System.out.println("使用者:" + certificate.getSubjectDN().getName());
System.out.println("版本:" + certificate.getVersion());
System.out.println("序列号:" + certificate.getSerialNumber().toString(16));
System.out.println("签名算法:" + certificate.getSigAlgName());
System.out.println("证书类型:" + certificate.getType());
System.out.println("颁发者:" + certificate.getIssuerDN().getName());
System.out.println(
"有效期:" + format.format(certificate.getNotBefore()) + "到" + format.format(certificate.getNotAfter()));
byte[] signResult = JCertificate.sign(data, keyStore, alias, password);
System.out.println("签名:" + JBase64.getEncoder().encodeToString(signResult, "UTF-8"));
System.out.println("证书验签:" + JCertificate.verify(data, signResult, certificate));
System.out.println("密钥库验签:" + JCertificate.verify(data, signResult, keyStore));
byte[] result = JCertificate.encrypt(data, privateKey);
System.out.println("私钥加密:" + JBase64.getEncoder().encodeToString(result, "UTF-8"));
System.out.println("公钥解密:" + new String(JCertificate.decrypt(result, publicKey)));
result = JCertificate.encrypt(data, publicKey);
System.out.println("公钥加密:" + JBase64.getEncoder().encodeToString(result, "UTF-8"));
System.out.println("私钥解密:" + new String(JCertificate.decrypt(result, privateKey)));
}
public void convert() throws Exception {
char[] password = "123456".toCharArray();
String keyStorePath = "test.keystore";
KeyStore keyStore = JCertificate.getKeyStore(getClass().getResourceAsStream(keyStorePath), password,
JKeyStore.JKS);
KeyStore target = JCertificate.convert(keyStore, JKeyStore.PKCS12, password);
for (String alias : JCertificate.listAlias(target)) {
System.out.println(alias);
}
target.store(new FileOutputStream("test.pfx"), password);
}
}
版权说明 : 本文为转载文章, 版权归原作者所有 版权申明
原文链接 : https://blog.csdn.net/jianggujin/article/details/53486725
内容来源于网络,如有侵权,请联系作者删除!