JAVA加密解密之数字证书

x33g5p2x  于2021-12-25 转载在 其他  
字(27.0k)|赞(0)|评价(0)|浏览(385)

系统之间在进行交互的时候,我们经常会用到数字证书,数字证书可以帮我们验证身份等,下面我们就来看一下在java中如何使用数字证书。
我们先使用keytool工具生成密钥库并导出公钥证书。
第一步:生成keyStroe文件
执行如下命令:
keytool -genkey -validity 36000 -alias www.jianggujin.com -keyalg RSA -keystore test.keystore

该命令相关参数如下:

输入完后,我们需要按照提示完成后续信息的输入,这里面我们使用的密码为:123456

第二步:导出公钥证书
生成完密钥库后,我们就可以导出公钥文件了,执行如下命令:
keytool -export -keystore test.keystore -alias www.jianggujin.com -file test.cer -rfc

该命令相关参数如下:

完整操作过程如下:

经过这两步后,我们就有了密钥库和证书文件,和之前的加密解密工具类一样,我们再来编写一个用于操作数字证书的工具类:

package com.jianggujin.codec;

import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;

import javax.crypto.Cipher;

import com.jianggujin.codec.util.JCipherInputStream;
import com.jianggujin.codec.util.JCipherOutputStream;
import com.jianggujin.codec.util.JCodecException;
import com.jianggujin.codec.util.JCodecUtils;

/** * 数字证书 * * @author jianggujin * */
public class JCertificate {
   public final static String X509 = "X.509";

   /** * 密钥库枚举 * * @author jianggujin * */
   public static enum JKeyStore {

      JCEKS, JKS, DKS, PKCS11, PKCS12;

      public String getName() {
         return this.name();
      }
   }

   /** * 获得{@link KeyStore} * * @param in * @param password * @param keyStore * @return */
   public static KeyStore getKeyStore(InputStream in, char[] password, JKeyStore keyStore) {
      return getKeyStore(in, password, keyStore.getName());
   }

   /** * 获得{@link KeyStore} * * @param in * @param password * @param keyStore * @return * @throws Exception */
   public static KeyStore getKeyStore(InputStream in, char[] password, String keyStore) {
      try {
         KeyStore ks = KeyStore.getInstance(keyStore);
         ks.load(in, password);
         return ks;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 列出别名 * * @param keyStore * @return */
   public static List<String> listAlias(KeyStore keyStore) {
      try {
         Enumeration<String> aliasEnum = keyStore.aliases();
         List<String> aliases = new ArrayList<String>();
         while (aliasEnum.hasMoreElements()) {
            aliases.add(aliasEnum.nextElement());
         }
         return aliases;
      } catch (KeyStoreException e) {
         throw new JCodecException(e);
      }
   }

   /** * 获得私钥 * * @param keyStore * @param alias * @param password * @return */
   public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, char[] password) {
      try {
         PrivateKey key = (PrivateKey) keyStore.getKey(alias, password);
         return key;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 获得私钥 * * @param in * @param alias * @param password * @param keyStore * @return */
   public static PrivateKey getPrivateKey(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getPrivateKey(in, alias, password, keyStore.getName());
   }

   /** * 获得私钥 * * @param in * @param alias * @param password * @param keyStore * @return * @throws Exception */
   public static PrivateKey getPrivateKey(InputStream in, String alias, char[] password, String keyStore) {
      try {
         KeyStore ks = getKeyStore(in, password, keyStore);
         PrivateKey key = (PrivateKey) ks.getKey(alias, password);
         return key;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 获得{@link Certificate} * * @param in * @return */
   public static Certificate getCertificate(InputStream in) {
      try {
         CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
         Certificate certificate = certificateFactory.generateCertificate(in);
         return certificate;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 获得{@link Certificate} * * @param in * @param alias * @param password * @param keyStore * @return */
   public static Certificate getCertificate(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getCertificate(in, alias, password, keyStore.getName());
   }

   /** * 获得{@link Certificate} * * @param in * @param alias * @param password * @param keyStore * @return */
   public static Certificate getCertificate(InputStream in, String alias, char[] password, String keyStore) {
      KeyStore ks = getKeyStore(in, password, keyStore);
      return getCertificate(ks, alias);
   }

   /** * 获得{@link Certificate} * * @param keyStore * @param alias * @return */
   public static Certificate getCertificate(KeyStore keyStore, String alias) {
      try {
         Certificate certificate = keyStore.getCertificate(alias);
         return certificate;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 获得证书链 * * @param in * @param alias * @param password * @param keyStore * @return */
   public static Certificate[] getCertificateChain(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getCertificateChain(in, alias, password, keyStore.getName());
   }

   /** * 获得证书链 * * @param in * @param alias * @param password * @param keyStore * @return */
   public static Certificate[] getCertificateChain(InputStream in, String alias, char[] password, String keyStore) {
      KeyStore ks = getKeyStore(in, password, keyStore);
      return getCertificateChain(ks, alias);
   }

   /** * 获得证书链 * * @param keyStore * @param alias * @return */
   public static Certificate[] getCertificateChain(KeyStore keyStore, String alias) {
      try {
         Certificate[] certificateChain = keyStore.getCertificateChain(alias);
         return certificateChain;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 获得公钥 * * @param certificate * @return */
   public static PublicKey getPublicKey(Certificate certificate) {
      PublicKey key = certificate.getPublicKey();
      return key;
   }

   /** * 获得公钥 * * @param in * @return */
   public static PublicKey getPublicKey(InputStream in) {
      Certificate certificate = getCertificate(in);
      return getPublicKey(certificate);
   }

   /** * 获得公钥 * * @param in * @param alias * @param password * @param keyStore * @return */
   public static PublicKey getPublicKey(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getPublicKey(in, alias, password, keyStore.getName());
   }

   /** * 获得公钥 * * @param in * @param alias * @param password * @param keyStore * @return */
   public static PublicKey getPublicKey(InputStream in, String alias, char[] password, String keyStore) {
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      return getPublicKey(certificate);
   }

   /** * 获得公钥 * * @param keyStore * @param alias * @return */
   public static PublicKey getPublicKey(KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return getPublicKey(certificate);
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param date * @param certificate * @return */
   public static boolean verifyCertificate(Date date, Certificate certificate) {
      X509Certificate x509Certificate = (X509Certificate) certificate;
      try {
         x509Certificate.checkValidity(date);
         return true;
      } catch (CertificateExpiredException e1) {
         return false;
      } catch (CertificateNotYetValidException e1) {
         return false;
      }
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param certificate * @return */
   public static boolean verifyCertificate(Certificate certificate) {
      return verifyCertificate(new Date(), certificate);
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param in * @return */
   public static boolean verifyCertificate(InputStream in) {
      Certificate certificate = getCertificate(in);
      return verifyCertificate(certificate);
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param date * @param in * @return */
   public static boolean verifyCertificate(Date date, InputStream in) {
      Certificate certificate = getCertificate(in);
      return verifyCertificate(date, certificate);
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param in * @param alias * @param password * @param keyStore * @return */
   public static boolean verifyCertificate(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return verifyCertificate(in, alias, password, keyStore.getName());
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param in * @param alias * @param password * @param keyStore * @return */
   public static boolean verifyCertificate(InputStream in, String alias, char[] password, String keyStore) {
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      return verifyCertificate(certificate);
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param date * @param in * @param alias * @param password * @param keyStore * @return */
   public static boolean verifyCertificate(Date date, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return verifyCertificate(date, in, alias, password, keyStore.getName());
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param date * @param in * @param alias * @param password * @param keyStore * @return */
   public static boolean verifyCertificate(Date date, InputStream in, String alias, char[] password, String keyStore) {
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      return verifyCertificate(date, certificate);
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param keyStore * @param alias * @return */
   public static boolean verifyCertificate(KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return verifyCertificate(certificate);
   }

   /** * 验证{@link Certificate}是否过期或无效 * * @param date * @param keyStore * @param alias * @return */
   public static boolean verifyCertificate(Date date, KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return verifyCertificate(date, certificate);
   }

   /** * 签名 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] sign(byte[] data, InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return sign(data, in, alias, password, keyStore.getName());
   }

   /** * 签名 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] sign(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      // 获得证书
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      // 取得私钥
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return sign(data, certificate, privateKey);
   }

   /** * 签名 * * @param data * @param keyStore * @param alias * @param password * @return */
   public static byte[] sign(byte[] data, KeyStore keyStore, String alias, char[] password) {
      // 获得证书
      Certificate certificate = getCertificate(keyStore, alias);
      // 取得私钥
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return sign(data, certificate, privateKey);
   }

   /** * 签名 * * @param data * @param certificate * @param privateKey * @return */
   public static byte[] sign(byte[] data, Certificate certificate, PrivateKey privateKey) {
      // 获得证书
      X509Certificate x509Certificate = (X509Certificate) certificate;
      return sign(data, privateKey, x509Certificate.getSigAlgName());
   }

   /** * 签名 * * @param data * @param privateKey * @param signatureAlgorithm * @return */
   public static byte[] sign(byte[] data, PrivateKey privateKey, String signatureAlgorithm) {
      return JCodecUtils.sign(data, privateKey, signatureAlgorithm);
   }

   /** * 验签 * * @param data * @param sign * @param in * @return */
   public static boolean verify(byte[] data, byte[] sign, InputStream in) {
      // 获得证书
      Certificate certificate = getCertificate(in);

      return verify(data, sign, certificate);
   }

   /** * 验签 * * @param data * @param sign * @param certificate * @return */
   public static boolean verify(byte[] data, byte[] sign, Certificate certificate) {
      // 获得证书
      X509Certificate x509Certificate = (X509Certificate) certificate;
      // 获得公钥
      PublicKey publicKey = x509Certificate.getPublicKey();
      return verify(data, sign, publicKey, x509Certificate.getSigAlgName());
   }

   /** * 验签 * * @param data * @param sign * @param publicKey * @param signatureAlgorithm * @return */
   public static boolean verify(byte[] data, byte[] sign, PublicKey publicKey, String signatureAlgorithm) {
      return JCodecUtils.verify(data, sign, publicKey, signatureAlgorithm);
   }

   /** * 验签 * * @param data * @param sign * @param keyStore * @param alias * @return */
   public static boolean verify(byte[] data, byte[] sign, KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return verify(data, sign, certificate);
   }

   /** * 验签,遍历密钥库中的所有公钥 * * @param data * @param sign * @param keyStore * @return */
   public static boolean verify(byte[] data, byte[] sign, KeyStore keyStore) {
      try {
         Enumeration<String> aliasEnum = keyStore.aliases();
         while (aliasEnum.hasMoreElements()) {
            if (verify(data, sign, keyStore.getCertificate(aliasEnum.nextElement())))
               return true;
         }
      } catch (KeyStoreException e) {
         throw new JCodecException(e);
      }
      return false;
   }

   /** * 私钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] encryptByPrivate(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return encryptByPrivate(data, in, alias, password, keyStore.getName());
   }

   /** * 私钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] encryptByPrivate(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return encrypt(data, privateKey);
   }

   /** * 私钥加密 * * @param data * @param keyStore * @param alias * @param password * @return */
   public static byte[] encryptByPrivate(byte[] data, KeyStore keyStore, String alias, char[] password) {
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return encrypt(data, privateKey);
   }

   /** * 私钥加密 * * @param data * @param privateKey * @return */
   public static byte[] encrypt(byte[] data, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static OutputStream wrapByPrivate(OutputStream out, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPrivate(out, in, alias, password, keyStore.getName());
   }

   public static OutputStream wrapByPrivate(OutputStream out, InputStream in, String alias, char[] password,
         String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return wrap(out, privateKey);
   }

   public static OutputStream wrapByPrivate(OutputStream out, KeyStore keyStore, String alias, char[] password) {
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return wrap(out, privateKey);
   }

   public static OutputStream wrap(OutputStream out, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
      return new JCipherOutputStream(cipher, out);
   }

   /** * 公钥加密 * * @param data * @param certificate * @return */
   public static byte[] encrypt(byte[] data, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return encrypt(data, publicKey);
   }

   /** * 公钥加密 * * @param data * @param in * @return */
   public static byte[] encryptByPublic(byte[] data, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return encrypt(data, publicKey);
   }

   /** * 公钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] encryptByPublic(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return encryptByPublic(data, in, alias, password, keyStore.getName());
   }

   /** * 公钥加密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] encryptByPublic(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return encrypt(data, publicKey);
   }

   /** * 公钥加密 * * @param data * @param keyStore * @param alias * @return */
   public static byte[] encryptByPublic(byte[] data, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return encrypt(data, publicKey);
   }

   /** * 公钥加密 * * @param data * @param publicKey * @return */
   public static byte[] encrypt(byte[] data, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.ENCRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static OutputStream wrap(OutputStream out, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return wrap(out, publicKey);
   }

   public static OutputStream wrapByPublic(OutputStream out, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return wrap(out, publicKey);
   }

   public static OutputStream wrapByPublic(OutputStream out, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPublic(out, in, alias, password, keyStore.getName());
   }

   public static OutputStream wrapByPublic(OutputStream out, InputStream in, String alias, char[] password,
         String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return wrap(out, publicKey);
   }

   public static OutputStream wrapByPublic(OutputStream out, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return wrap(out, publicKey);
   }

   public static OutputStream wrap(OutputStream out, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.ENCRYPT_MODE);
      return new JCipherOutputStream(cipher, out);
   }

   /** * 私钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] decryptByPrivate(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return decryptByPrivate(data, in, alias, password, keyStore.getName());
   }

   /** * 私钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] decryptByPrivate(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return decrypt(data, privateKey);
   }

   /** * 私钥解密 * * @param data * @param keyStore * @param alias * @param password * @return */
   public static byte[] decryptByPrivate(byte[] data, KeyStore keyStore, String alias, char[] password) {
      // 取得私钥
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return decrypt(data, privateKey);
   }

   /** * 私钥解密 * * @param data * @param privateKey * @return */
   public static byte[] decrypt(byte[] data, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.DECRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static InputStream wrapByPrivate(InputStream sIn, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPrivate(sIn, in, alias, password, keyStore.getName());
   }

   public static InputStream wrapByPrivate(InputStream sIn, InputStream in, String alias, char[] password,
         String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return wrap(sIn, privateKey);
   }

   public static InputStream wrapByPrivate(InputStream sIn, KeyStore keyStore, String alias, char[] password) {
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return wrap(sIn, privateKey);
   }

   public static InputStream wrap(InputStream sIn, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
      return new JCipherInputStream(cipher, sIn);
   }

   /** * 公钥解密 * * @param data * @param certificate * @return */
   public static byte[] decrypt(byte[] data, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return decrypt(data, publicKey);
   }

   /** * 公钥解密 * * @param data * @param in * @return */
   public static byte[] decryptByPublic(byte[] data, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return decrypt(data, publicKey);
   }

   /** * 公钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] decryptByPublic(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return decryptByPublic(data, in, alias, password, keyStore.getName());
   }

   /** * 公钥解密 * * @param data * @param in * @param alias * @param password * @param keyStore * @return */
   public static byte[] decryptByPublic(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return decrypt(data, publicKey);
   }

   /** * 公钥解密 * * @param data * @param keyStore * @param alias * @return */
   public static byte[] decryptByPublic(byte[] data, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return decrypt(data, publicKey);
   }

   /** * 公钥解密 * * @param data * @param publicKey * @return */
   public static byte[] decrypt(byte[] data, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.DECRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static InputStream wrap(InputStream sIn, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return wrap(sIn, publicKey);
   }

   public static InputStream wrapByPublic(InputStream sIn, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return wrap(sIn, publicKey);
   }

   public static InputStream wrapByPublic(InputStream sIn, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPublic(sIn, in, alias, password, keyStore.getName());
   }

   public static InputStream wrapByPublic(InputStream sIn, InputStream in, String alias, char[] password,
         String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return wrap(sIn, publicKey);
   }

   public static InputStream wrapByPublic(InputStream sIn, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return wrap(sIn, publicKey);
   }

   public static InputStream wrap(InputStream sIn, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.DECRYPT_MODE);
      return new JCipherInputStream(cipher, sIn);
   }

   public static Cipher getCipher(Key key, int opmode) {
      JCodecUtils.checkOpMode(opmode);
      try {
         Cipher cipher = Cipher.getInstance(key.getAlgorithm());
         cipher.init(opmode, key);
         return cipher;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 导出公钥证书 * * @param out * @param certificate * @param rfc */
   public static void export(OutputStream out, Certificate certificate, boolean rfc) {
      try {
         byte[] encoded = certificate.getEncoded();
         if (rfc) {
            out.write("-----BEGIN CERTIFICATE-----\r\n".getBytes());
            out.write(JBase64.getMimeEncoder().encode(encoded));
            out.write("\r\n-----END CERTIFICATE-----\r\n".getBytes());
         } else out.write(encoded);
         out.flush();
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 将密钥库转换为指定类型的密钥库 * * @param srcKeyStore * @param target * @param password * @param alias * 导出指定别名的证书 * @return */
   public static KeyStore convert(KeyStore srcKeyStore, JKeyStore target, char[] password, String... alias) {
      return convert(srcKeyStore, target.getName(), password, alias);
   }

   /** * 将密钥库转换为指定类型的密钥库 * * @param srcKeyStore * @param target * @param password * @param alias * 导出指定别名的证书 * @return */
   public static KeyStore convert(KeyStore srcKeyStore, String target, char[] password, String... alias) {
      try {
         KeyStore outputKeyStore = KeyStore.getInstance(target);
         outputKeyStore.load(null, password);
         if (alias.length == 0) {
            Enumeration<String> enums = srcKeyStore.aliases();
            while (enums.hasMoreElements()) {
               String keyAlias = enums.nextElement();
               copyKeyEntry(srcKeyStore, outputKeyStore, keyAlias, password);
            }
         } else {
            for (String keyAlias : alias) {
               copyKeyEntry(srcKeyStore, outputKeyStore, keyAlias, password);
            }
         }
         return outputKeyStore;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 复制 * * @param src * @param target * @param alias * @param password * @throws UnrecoverableKeyException * @throws KeyStoreException * @throws NoSuchAlgorithmException */
   public static void copyKeyEntry(KeyStore src, KeyStore target, String alias, char[] password)
         throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
      if (src.isKeyEntry(alias)) {
         Key key = src.getKey(alias, password);
         Certificate[] certChain = src.getCertificateChain(alias);
         target.setKeyEntry(alias, key, password, certChain);
      }
   }
}
package com.jianggujin.codec.util;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/** * 加解密工具 * * @author jianggujin * */
public class JCodecUtils {
   /** * 获得私钥 * * @param privateKey * @param algorithm * @return */
   public static PrivateKey getPrivateKey(byte[] privateKey, String algorithm) {
      try {
         PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey);
         KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
         return keyFactory.generatePrivate(pkcs8KeySpec);
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 获得公钥 * * @param publicKey * @param algorithm * @return */
   public static PublicKey getPublicKey(byte[] publicKey, String algorithm) {
      try {
         X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey);
         KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
         return keyFactory.generatePublic(keySpec);
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 检查加解密操作模式 * * @param opmode */
   public static void checkOpMode(int opmode) {
      if (opmode != Cipher.ENCRYPT_MODE && opmode != Cipher.DECRYPT_MODE)
         throw new IllegalArgumentException("opmode invalid");
   }

   /** * 签名 * * @param data * @param privateKey * @param signatureAlgorithm * @return */
   public static byte[] sign(byte[] data, PrivateKey privateKey, String signatureAlgorithm) {
      try {
         Signature signature = Signature.getInstance(signatureAlgorithm);
         signature.initSign(privateKey);
         signature.update(data);
         return signature.sign();
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 验签 * * @param data * @param sign * @param publicKey * @param signatureAlgorithm * @return */
   public static boolean verify(byte[] data, byte[] sign, PublicKey publicKey, String signatureAlgorithm) {
      try {
         Signature signature = Signature.getInstance(signatureAlgorithm);
         signature.initVerify(publicKey);
         signature.update(data);

         return signature.verify(sign);
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 按单部分操作加密或解密数据,或者结束一个多部分操作 * * @param data * @param cipher * @return */
   public static byte[] doFinal(byte[] data, Cipher cipher) {
      try {
         return cipher.doFinal(data);
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 初始化密钥 * * @param algorithm * @param keySize * @return */
   public static KeyPair initKey(String algorithm, int keySize) {
      try {
         KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(algorithm);
         keyPairGen.initialize(keySize);
         return keyPairGen.generateKeyPair();
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /** * 初始化密钥 * * @param algorithm * @return */
   public static SecretKey initKey(String algorithm) {
      try {
         KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithm);
         SecretKey secretKey = keyGenerator.generateKey();
         return secretKey;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

}

编写测试工具类,使用我们刚才生成的密钥库和证书文件进行测试:

package com.jianggujin.codec.test;

import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;

import org.junit.Test;

import com.jianggujin.codec.JBase64;
import com.jianggujin.codec.JCertificate;
import com.jianggujin.codec.JCertificate.JKeyStore;

public class CertificateTest {
   @Test
   public void encode() throws Exception {
      SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
      char[] password = "123456".toCharArray();
      String alias = "www.jianggujin.com";
      String certificatePath = "test.cer";
      String keyStorePath = "test.pfx";
      byte[] data = "jianggujin".getBytes();

      KeyStore keyStore = JCertificate.getKeyStore(getClass().getResourceAsStream(keyStorePath), password,
            JKeyStore.JKS);
      X509Certificate certificate = (X509Certificate) JCertificate
            .getCertificate(getClass().getResourceAsStream(certificatePath));
      PrivateKey privateKey = JCertificate.getPrivateKey(keyStore, alias, password);
      PublicKey publicKey = JCertificate.getPublicKey(certificate);

      System.out.println("是否有效:" + JCertificate.verifyCertificate(certificate));
      System.out.println("使用者:" + certificate.getSubjectDN().getName());
      System.out.println("版本:" + certificate.getVersion());
      System.out.println("序列号:" + certificate.getSerialNumber().toString(16));
      System.out.println("签名算法:" + certificate.getSigAlgName());
      System.out.println("证书类型:" + certificate.getType());
      System.out.println("颁发者:" + certificate.getIssuerDN().getName());
      System.out.println(
            "有效期:" + format.format(certificate.getNotBefore()) + "到" + format.format(certificate.getNotAfter()));

      byte[] signResult = JCertificate.sign(data, keyStore, alias, password);
      System.out.println("签名:" + JBase64.getEncoder().encodeToString(signResult, "UTF-8"));
      System.out.println("证书验签:" + JCertificate.verify(data, signResult, certificate));
      System.out.println("密钥库验签:" + JCertificate.verify(data, signResult, keyStore));

      byte[] result = JCertificate.encrypt(data, privateKey);
      System.out.println("私钥加密:" + JBase64.getEncoder().encodeToString(result, "UTF-8"));
      System.out.println("公钥解密:" + new String(JCertificate.decrypt(result, publicKey)));

      result = JCertificate.encrypt(data, publicKey);
      System.out.println("公钥加密:" + JBase64.getEncoder().encodeToString(result, "UTF-8"));
      System.out.println("私钥解密:" + new String(JCertificate.decrypt(result, privateKey)));
   }

   public void convert() throws Exception {
      char[] password = "123456".toCharArray();
      String keyStorePath = "test.keystore";

      KeyStore keyStore = JCertificate.getKeyStore(getClass().getResourceAsStream(keyStorePath), password,
            JKeyStore.JKS);
      KeyStore target = JCertificate.convert(keyStore, JKeyStore.PKCS12, password);
      for (String alias : JCertificate.listAlias(target)) {
         System.out.println(alias);
      }
      target.store(new FileOutputStream("test.pfx"), password);
   }
}

相关文章