标签:方案 date import enc throw cee apach log 方法
在不同服务器或系统之间进行交互时我们往往需要进行身份的认证,以满足安全上的防抵赖和防篡改。
要实现以上要求使用非对称加密算法是目前最理想的方案。
以下是具体的实现:
1. 生成RSA算法私钥和公钥对,用openssl(openssl的安装网上有很多资料,可以自行查看)
import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import org.apache.commons.codec.binary.Base64; public String sign(String data, String privateKey) { String result = ""; byte[] keyBytes = Base64.decodeBase64(privateKey); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); try{ KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data.getBytes()); result = (new Base64()).encodeAsString(signature.sign()); }catch(Exception ex){ throw new ServiceException(ex); } return result; }
4. 响应方的系统对请求数据验证签名
public boolean verify(String data, String publicKey, String sign) { boolean result; byte[] keyBytes = Base64.decodeBase64(publicKey); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory; try { keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PublicKey pubKey = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(pubKey); signature.update(data.getBytes()); result = signature.verify((new Base64()).decode(sign)); } catch (Exception ex) { throw new RuntimeException(ex); } return result; }
标签:方案 date import enc throw cee apach log 方法
原文地址:http://www.cnblogs.com/shenhuiqi/p/7252426.html
