标签:
package com.jetsum.util;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class CipherUtil {
/**
* MD5算法
*/
private static final String ALGORITHM_MD5 = "MD5";
/**
* SHA算法
*/
private static final String ALGORITHM_SHA = "SHA";
/**
* HMAC算法
*/
private static final String ALGORITHM_MAC = "HmacMD5";
/**
* DES算法
*/
private static final String ALGORITHM_DES = "DES";
/**
* PBE算法
*/
private static final String ALGORITHM_PBE = "PBEWITHMD5andDES";
/**
* AESkey
*/
private static final String KEY_AES = "AES";
/**
* AES算法
*/
private static final String ALGORITHM_AES = "AES/CBC/PKCS5Padding";
/**
* RSA算法
*/
private static final String KEY_ALGORITHM = "RSA";
/**
* 数字签名
*/
private static final String SIGNATURE_ALGORITHM = "MD5withRSA";
/**
* 公钥
*/
private static final String RSAPUBLIC_KEY = "RSAPublicKey";
/**
* 私钥
*/
private static final String RSAPRIVATE_KEY = "RSAPrivateKey";
/**
* D-H算法
*/
private static final String ALGORITHM_DH = "DH";
/**
* 默认密钥字节数
*
* <pre>
* DH
* Default Keysize 1024
* Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
* </pre>
*/
private static final int DH_KEY_SIZE = 1024;
/**
* DH加密下需要一种对称加密算法对数据加密,这里我们使用DES,也可以使用其他对称加密算法。
*/
private static final String SECRET_ALGORITHM = "DES";
/**
* DH公钥
*/
private static final String DHPUBLIC_KEY = "DHPublicKey";
/**
* DH私钥
*/
private static final String DHPRIVATE_KEY = "DHPrivateKey";
/**
* Java密钥库(Java Key Store,JKS)KEY_STORE
*/
private static final String KEY_STORE = "JKS";
private static final String X509 = "X.509";
/**
* 信息摘要算法
* @param algorithm 算法类型
* @param data 要加密的字符串
* @return 返回加密后的摘要信息
*/
private static String encryptEncode(String algorithm, String data) {
try {
MessageDigest md = MessageDigest.getInstance(algorithm);
return TranscodeUtil.byteArrayToHexStr(md.digest(data.getBytes()));
} catch(NoSuchAlgorithmException ex) {
ex.printStackTrace();
}
return null;
}
/**
* 使用MD5加密
* @param data 要加密的字符串
* @return 返回加密后的信息
*/
public static String MD5Encode(String data) {
return encryptEncode(ALGORITHM_MD5, data);
}
/**
* 使用SHA加密
* @param data 要加密的字符串
* @return 返回加密后的信息
*/
public static String SHAEncode(String data) {
return encryptEncode(ALGORITHM_SHA, data);
}
/**
* 生成HMAC密钥
* @return 返回密钥信息
*/
public static String generateMACKey() {
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM_MAC);
SecretKey secretKey = keyGenerator.generateKey();
return TranscodeUtil.byteArrayToBase64Str(secretKey.getEncoded());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
/**
* 使用HMAC加密
* @param data 要加密的字符串
* @param key 密钥
* @return 返回加密后的信息
*/
public static String HMACEncode(String data, String key) {
Key k = toKey(key,ALGORITHM_MAC);
try {
Mac mac = Mac.getInstance(k.getAlgorithm());
mac.init(k);
return TranscodeUtil.byteArrayToBase64Str(mac.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
return null;
}
/**
* 将base64编码后的密钥字符串转换成密钥对象
* @param key 密钥字符串
* @param algorithm 加密算法
* @return 返回密钥对象
*/
private static Key toKey(String key,String algorithm) {
SecretKey secretKey = new SecretKeySpec(TranscodeUtil.base64StrToByteArray(key), algorithm);
return secretKey;
}
/**
* 生成DES密钥
* @param seed 密钥种子
* @return 返回base64编码的密钥字符串
*/
public static String generateDESKey(String seed) {
try {
KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM_DES);
kg.init(new SecureRandom(seed.getBytes()));
SecretKey secretKey = kg.generateKey();
return TranscodeUtil.byteArrayToBase64Str(secretKey.getEncoded());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
/**
* DES加密
* @param data 要加密的数据
* @param key 密钥
* @return 返回加密后的数据(经过base64编码)
*/
public static String DESEncrypt(String data,String key) {
return DESCipher(data,key,Cipher.ENCRYPT_MODE);
}
/**
* DES解密
* @param data 要解密的数据
* @param key 密钥
* @return 返回解密后的数据
*/
public static String DESDecrypt(String data, String key) {
return DESCipher(data,key,Cipher.DECRYPT_MODE);
}
/**
* DES的加密解密
* @param data 要加密或解密的数据
* @param key 密钥
* @param mode 加密或解密模式
* @return 返回加密或解密的数据
*/
private static String DESCipher(String data, String key, int mode) {
try {
Key k = toKey(key,ALGORITHM_DES);
Cipher cipher = Cipher.getInstance(ALGORITHM_DES);
cipher.init(mode, k);
return mode == Cipher.DECRYPT_MODE?new String(cipher.doFinal(TranscodeUtil.base64StrToByteArray(data))):TranscodeUtil.byteArrayToBase64Str(cipher.doFinal(data.getBytes()));
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* 生成盐
* @return 返回base64编码后的盐信息
*/
public static String generatePBESalt() {
byte[] salt = new byte[8];
Random random = new Random();
random.nextBytes(salt);
return TranscodeUtil.byteArrayToBase64Str(salt);
}
/**
* PBE(Password-based encryption基于密码加密)加密
* @param data 要加密的数据
* @param password 密码
* @param salt 盐
* @return 返回加密后的数据(经过base64编码)
*/
public static String PBEEncrypt(String data,String password,String salt) {
return PBECipher( data, password, salt, Cipher.ENCRYPT_MODE);
}
/**
* PBE(Password-based encryption基于密码加密)解密
* @param data 要解密的数据
* @param password 密码
* @param salt 盐
* @return 返回解密后的数据
*/
public static String PBEDecrypt(String data,String password,String salt) {
return PBECipher( data, password, salt, Cipher.DECRYPT_MODE);
}
/**
* PBE加密解密
* @param data 要加密解密的信息
* @param password 密码
* @param salt 盐
* @param mode 加密或解密模式
* @return 返回加密解密后的数据
*/
private static String PBECipher(String data,String password,String salt,int mode) {
try {
Key secretKey = toPBEKey(password);
PBEParameterSpec paramSpec = new PBEParameterSpec(TranscodeUtil.base64StrToByteArray(salt), 100);
Cipher cipher = Cipher.getInstance(ALGORITHM_PBE);
cipher.init(mode, secretKey, paramSpec);
return mode == Cipher.DECRYPT_MODE?new String(cipher.doFinal(TranscodeUtil.base64StrToByteArray(data))):TranscodeUtil.byteArrayToBase64Str(cipher.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 生成PBEkey
* @param password 使用的密码
* @return 返回生成的PBEkey
*/
private static Key toPBEKey(String password) {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
try {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM_PBE);
SecretKey secretKey = keyFactory.generateSecret(keySpec);
return secretKey;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
}
return null;
}
/**
* 生成AESkey
* @param keySize key的位数
* @param seed 随机种子
* @return 返回base64编码后的key信息
*/
public static String generateAESKey(int keySize,String seed) {
try {
KeyGenerator kgen = KeyGenerator.getInstance(KEY_AES);
kgen.init(keySize,new SecureRandom(seed.getBytes()));
SecretKey key = kgen.generateKey();
return TranscodeUtil.byteArrayToBase64Str(key.getEncoded());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
/**
* AES加密
* @param data 要加密的数据
* @param key 密钥
* @param algorithmParameter 算法参数
* @return 返回加密数据
*/
public static String AESEncrypt(String data,String key,String algorithmParameter) {
return AESCipher(data, key, algorithmParameter,Cipher.ENCRYPT_MODE);
}
/**
* AES解密
* @param data 要解密的数据
* @param key 密钥
* @param algorithmParameter 算法参数
* @return 返回解密数据
*/
public static String AESDecrypt(String data,String key,String algorithmParameter) {
return AESCipher(data, key, algorithmParameter,Cipher.DECRYPT_MODE);
}
/**
* 实现AES加密解密
* @param data 要加密或解密的数据
* @param key 密钥
* @param algorithmParameter 算法参数
* @param mode 加密或解密
* @return 返回加密或解密的数据
*/
private static String AESCipher(String data, String key, String algorithmParameter,int mode) {
try {
Key k = toKey(key,KEY_AES);
AlgorithmParameterSpec paramSpec = new IvParameterSpec(algorithmParameter.getBytes());
Cipher ecipher = Cipher.getInstance(ALGORITHM_AES);
ecipher.init(mode, k, paramSpec);
return mode==Cipher.DECRYPT_MODE?new String(ecipher.doFinal(TranscodeUtil.base64StrToByteArray(data))):TranscodeUtil.byteArrayToBase64Str(ecipher.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 数字签名
* @param data 要签名的密文
* @param privateKey 私钥
* @return 返回签名信息
*/
public static String RSASign(String data, String privateKey) {
try {
// 解密由base64编码的私钥
byte[] keyBytes = TranscodeUtil.base64StrToByteArray(privateKey);
// 构造PKCS8EncodedKeySpec对象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
// KEY_ALGORITHM 指定的加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取私钥匙对象
PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
// 用私钥对信息生成数字签名
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(priKey);
signature.update(TranscodeUtil.base64StrToByteArray(data));
return TranscodeUtil.byteArrayToBase64Str(signature.sign());
} catch(NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
return null;
}
/**
* 验证签名
* @param data 要验证的密文
* @param publicKey 公钥
* @param sign 签名信息
* @return 返回验证成功状态
*/
public static boolean RSAVerify(String data, String publicKey, String sign) {
try {
// 解密由base64编码的公钥
byte[] keyBytes = TranscodeUtil.base64StrToByteArray(publicKey);
// 构造X509EncodedKeySpec对象
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
// KEY_ALGORITHM 指定的加密算法
Signature signature;
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取公钥匙对象
PublicKey pubKey = keyFactory.generatePublic(keySpec);
signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(pubKey);
signature.update(TranscodeUtil.base64StrToByteArray(data));
// 验证签名是否正常
return signature.verify(TranscodeUtil.base64StrToByteArray(sign));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
return false;
}
/**
* 私钥解密
* @param data 要解密的字符串
* @param key 私钥
* @return 返回解密后的字符串
*/
public static String RSADecryptByPrivateKey(String data, String key) {
try {
// 对密钥解密
byte[] keyBytes = TranscodeUtil.base64StrToByteArray(key);
// 取得私钥
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
// 对数据解密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(cipher.doFinal(TranscodeUtil.base64StrToByteArray(data)));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 公钥解密
* @param data 要解密的数据
* @param key 公钥
* @return 返回解密后的数据
*/
public static String RSADecryptByPublicKey(String data, String key) {
try {
// 对密钥解密
byte[] keyBytes = TranscodeUtil.base64StrToByteArray(key);
// 取得公钥
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicKey = keyFactory.generatePublic(x509KeySpec);
// 对数据解密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return new String(cipher.doFinal(TranscodeUtil.base64StrToByteArray(data)));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 公钥加密
* @param data 要加密的数据
* @param key 公钥
* @return 返回加密的数据
*/
public static String RSAEncryptByPublicKey(String data, String key) {
try {
// 对公钥解密
byte[] keyBytes = TranscodeUtil.base64StrToByteArray(key);
// 取得公钥
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicKey = keyFactory.generatePublic(x509KeySpec);
// 对数据加密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return TranscodeUtil.byteArrayToBase64Str(cipher.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 私钥加密
* @param data 要加密的数据
* @param key 私钥
* @return 返回加密后的数据
*/
public static String RSAEncryptByPrivateKey(String data, String key) {
try {
// 对密钥解密
byte[] keyBytes = TranscodeUtil.base64StrToByteArray(key);
// 取得私钥
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
// 对数据加密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return TranscodeUtil.byteArrayToBase64Str(cipher.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 获得私钥
* @param keyMap 密钥对
* @return 返回经过base64编码的私钥
*/
public static String getRSAPrivateKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(RSAPRIVATE_KEY);
return TranscodeUtil.byteArrayToBase64Str(key.getEncoded());
}
/**
* 获得公钥(base64编码)
* @param keyMap 密钥对
* @return 返回经过base64编码的公钥
*/
public static String getRSAPublicKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(RSAPUBLIC_KEY);
return TranscodeUtil.byteArrayToBase64Str(key.getEncoded());
}
/**
* 初始化密钥对
* @return 返回密钥对
*/
public static Map<String, Object> initRSAKey() {
Map<String, Object> keyMap = new HashMap<String, Object>(2);
try {
KeyPairGenerator keyPairGen = KeyPairGenerator
.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(1024);
KeyPair keyPair = keyPairGen.generateKeyPair();
// 公钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
// 私钥
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
keyMap.put(RSAPUBLIC_KEY, publicKey);
keyMap.put(RSAPRIVATE_KEY, privateKey);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return keyMap;
}
/**
* 初始化甲方密钥对
* @return 返回甲方密钥对
*/
public static Map<String, Object> initDHKey() {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_DH);
keyPairGenerator.initialize(DH_KEY_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 甲方公钥
DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
// 甲方私钥
DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(DHPUBLIC_KEY, publicKey);
keyMap.put(DHPRIVATE_KEY, privateKey);
return keyMap;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
/**
* 使用甲方公钥初始化乙方密钥对
* @param key 甲方公钥
* @return 返回乙方密钥对
*/
public static Map<String, Object> initDHKey(String key) {
try {
// 解析甲方公钥
byte[] keyBytes = TranscodeUtil.base64StrToByteArray(key);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_DH);
PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
// 由甲方公钥构建乙方密钥
DHParameterSpec dhParamSpec = ((DHPublicKey) pubKey).getParams();
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyFactory.getAlgorithm());
keyPairGenerator.initialize(dhParamSpec);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 乙方公钥
DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
// 乙方私钥
DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(DHPUBLIC_KEY, publicKey);
keyMap.put(DHPRIVATE_KEY, privateKey);
return keyMap;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
return null;
}
/**
* DH加密
* @param data 要加密的数据
* @param publicKey 甲方或乙方公钥
* @param privateKey 甲方或乙方私钥
* @return 加密结果
*/
public static String DHEncrypt(String data, String publicKey,String privateKey) {
try {
// 生成本地密钥
SecretKey secretKey = getDHSecretKey(publicKey, privateKey);
// 数据加密
Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return TranscodeUtil.byteArrayToBase64Str(cipher.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* DH解密
* @param data 要解密的数据
* @param publicKey 公钥
* @param privateKey 私钥
* @return 返回解密结果
*/
public static String DHDecrypt(String data, String publicKey,String privateKey) {
try {
// 生成本地密钥
SecretKey secretKey = getDHSecretKey(publicKey, privateKey);
// 数据解密
Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(TranscodeUtil.base64StrToByteArray(data)));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 生成本地密钥
* @param publicKey 公钥
* @param privateKey 私钥
* @return 返回本地密钥
*/
private static SecretKey getDHSecretKey(String publicKey, String privateKey) {
try {
// 初始化公钥
byte[] pubKeyBytes = TranscodeUtil.base64StrToByteArray(publicKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_DH);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKeyBytes);
PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
// 初始化私钥
byte[] priKeyBytes = TranscodeUtil.base64StrToByteArray(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKeyBytes);
Key priKey = keyFactory.generatePrivate(pkcs8KeySpec);
KeyAgreement keyAgree = KeyAgreement.getInstance(keyFactory.getAlgorithm());
keyAgree.init(priKey);
keyAgree.doPhase(pubKey, true);
// 生成本地密钥
SecretKey secretKey = keyAgree.generateSecret(SECRET_ALGORITHM);
return secretKey;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
return null;
}
/**
* 获取私钥
* @param keyMap 密钥对
* @return 返回base64编码的私钥
*/
public static String getDHPrivateKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(DHPRIVATE_KEY);
return TranscodeUtil.byteArrayToBase64Str(key.getEncoded());
}
/**
* 获取公钥
* @param keyMap 密钥对
* @return 返回base64编码的公钥
*/
public static String getDHPublicKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(DHPUBLIC_KEY);
return TranscodeUtil.byteArrayToBase64Str(key.getEncoded());
}
/**
* 获取私钥
* @param keyStorePath keystore文件路径
* @param alias 别名
* @param password 密码
* @return 返回私钥
*/
private static PrivateKey getKeyStorePrivateKey(String keyStorePath, String alias,String password) {
try {
KeyStore ks = getKeyStore(keyStorePath, password);
PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray());
return key;
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
/**
* 获取公钥
* @param certificatePath 证书文件路径
* @return 返回公钥
*/
private static PublicKey getCertificatePublicKey(String certificatePath) {
try {
Certificate certificate = getCertificate(certificatePath);
PublicKey key = certificate.getPublicKey();
return key;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* 加载证书文件
* @param certificatePath 证书文件路径
* @return 返回证书
*/
private static Certificate getCertificate(String certificatePath) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
FileInputStream in = new FileInputStream(certificatePath);
Certificate certificate = certificateFactory.generateCertificate(in);
in.close();
return certificate;
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
/**
* 获取证书
* @param keyStorePath keystore文件路径
* @param alias 别名
* @param password 密码
* @return 返回证书
*/
private static Certificate getCertificate(String keyStorePath,String alias, String password) {
try {
KeyStore ks = getKeyStore(keyStorePath, password);
Certificate certificate = ks.getCertificate(alias);
return certificate;
} catch (KeyStoreException e) {
e.printStackTrace();
}
return null;
}
/**
* 加载KeyStore文件
* @param keyStorePath keystore文件地址
* @param password keystore密码
* @return 返回KeyStore
*/
private static KeyStore getKeyStore(String keyStorePath, String password) {
try {
FileInputStream is = new FileInputStream(keyStorePath);
KeyStore ks = KeyStore.getInstance(KEY_STORE);
ks.load(is, password.toCharArray());
is.close();
return ks;
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
/**
* 加密数据
* @param data 要加密的数据
* @param keyStorePath keystore路径
* @param alias 别名
* @param password 密码
* @return 返回加密后的数据
*/
public static String encryptByPrivateKey(String data, String keyStorePath,
String alias, String password) {
try {
// 取得私钥
PrivateKey privateKey = getKeyStorePrivateKey(keyStorePath, alias, password);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return TranscodeUtil.byteArrayToBase64Str(cipher.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 私钥解密
* @param data 要解密的数据
* @param keyStorePath keystore路径
* @param alias 别名
* @param password 密码
* @return 返回解密后的数据
*/
public static String decryptByPrivateKey(String data, String keyStorePath,String alias, String password) {
try {
// 取得私钥
PrivateKey privateKey = getKeyStorePrivateKey(keyStorePath, alias, password);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(cipher.doFinal(TranscodeUtil.base64StrToByteArray(data)));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 私钥加密
* @param data 要加密的数据
* @param certificatePath 证书路径
* @return 返回加密后的信息
*/
public static String encryptByPublicKey(String data, String certificatePath) {
try {
// 取得公钥
PublicKey publicKey = getCertificatePublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return TranscodeUtil.byteArrayToBase64Str(cipher.doFinal(data.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 公钥解密
* @param data 要解密的数据
* @param certificatePath 证书路径
* @return 返回解密信息
*/
public static String decryptByPublicKey(String data, String certificatePath) {
try {
// 取得公钥
PublicKey publicKey = getCertificatePublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return new String(cipher.doFinal(TranscodeUtil.base64StrToByteArray(data)));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
/**
* 验证证书是否过期
* @param certificatePath 证书路径
* @return 返回验证结果
*/
public static boolean verifyCertificate(String certificatePath) {
return verifyCertificate(new Date(), certificatePath);
}
/**
* 验证证书是否过期
* @param date 日期
* @param certificatePath 证书路径
* @return 返回验证结果
*/
public static boolean verifyCertificate(Date date, String certificatePath) {
boolean status = true;
try {
// 取得证书
Certificate certificate = getCertificate(certificatePath);
// 验证证书是否过期或无效
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证证书是否过期
* @param date 日期
* @param certificate 证书
* @return 返回验证结果
*/
private static boolean verifyCertificate(Date date, Certificate certificate) {
boolean status = true;
try {
X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity(date);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 对于数据进行签名
* @param sign 要签名的信息
* @param keyStorePath keystore文件位置
* @param alias 别名
* @param password 密码
* @return 返回签名信息
*/
public static String sign(String sign, String keyStorePath, String alias,String password) {
try {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(
keyStorePath, alias, password);
// 获取私钥
KeyStore ks = getKeyStore(keyStorePath, password);
// 取得私钥
PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password
.toCharArray());
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initSign(privateKey);
signature.update(TranscodeUtil.base64StrToByteArray(sign));
return TranscodeUtil.byteArrayToBase64Str(signature.sign());
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
return null;
}
/**
* 验证签名信息
* @param data 要验证的信息
* @param sign 签名信息
* @param certificatePath 证书路径
* @return 返回验证结果
*/
public static boolean verify(String data, String sign,String certificatePath) {
try {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initVerify(publicKey);
signature.update(TranscodeUtil.base64StrToByteArray(data));
return signature.verify(TranscodeUtil.base64StrToByteArray(sign));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
return false;
}
/**
* 验证证书
* @param date 日期
* @param keyStorePath keystore文件路径
* @param alias 别名
* @param password 密码
* @return 返回验证结果
*/
public static boolean verifyCertificate(Date date, String keyStorePath,
String alias, String password) {
boolean status = true;
try {
Certificate certificate = getCertificate(keyStorePath, alias,
password);
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证证书
* @param keyStorePath keystore文件路径
* @param alias 别名
* @param password 密码
* @return 返回验证结果
*/
public static boolean verifyCertificate(String keyStorePath, String alias,
String password) {
return verifyCertificate(new Date(), keyStorePath, alias, password);
}
}
标签:
原文地址:http://www.cnblogs.com/zmc/p/4387443.html
