package com.walker.infrastructure.utils; import java.io.ByteArrayOutputStream; import java.nio.charset.Charset; import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Signature; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; import javax.crypto.Cipher; import com.walker.infrastructure.utils.StringUtils; public class RSAUtil { public static final Charset UTF8 = Charset.forName("UTF-8"); public static final String DEFAULT_ALGORITHM = "RSA/ECB/PKCS1Padding"; /** * 加密算法RSA */ public static final String KEY_ALGORITHM = "RSA"; /** * 签名算法 */ public static final String SIGNATURE_ALGORITHM = "MD5withRSA"; public static final String SIGNaTURE_ALGORITHM_SHA1_RSA = "SHA1WithRSA"; /** * 获取公钥的key */ private static final String PUBLIC_KEY = "RSAPublicKey"; /** * 获取私钥的key */ private static final String PRIVATE_KEY = "RSAPrivateKey"; /** * RSA最大加密明文大小 */ private static final int MAX_ENCRYPT_BLOCK = 117; /** * RSA最大解密密文大小 */ private static final int MAX_DECRYPT_BLOCK = 128; public static String privateKeyPath = "private_key.pem"; public static String publicKeyPath = "public_key.pem"; private static KeyFactory rsaKeyFactory = null; static { try { rsaKeyFactory = KeyFactory.getInstance(KEY_ALGORITHM); } catch (NoSuchAlgorithmException e) { throw new UnsupportedOperationException("未找到加密算法:" + KEY_ALGORITHM); } } // public RSAUtil(){ // try { // rsaKeyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // } catch (NoSuchAlgorithmException e) { // throw new UnsupportedOperationException("未找到加密算法:" + KEY_ALGORITHM); // } // } /** * 生成秘钥对 * * @return * @throws NoSuchAlgorithmException */ public static KeyPair generateKey() throws NoSuchAlgorithmException { KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM); keyPairGen.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGen.generateKeyPair(); return keyPair; } public static String toHexString(byte[] b) { StringBuilder sb = new StringBuilder(b.length * 2); for (int i = 0; i < b.length; i++) { sb.append(HEXCHAR[(b[i] & 0xf0) >>> 4]); sb.append(HEXCHAR[b[i] & 0x0f]); } return sb.toString(); } public static final byte[] toBytes(String s) { byte[] bytes; bytes = new byte[s.length() / 2]; for (int i = 0; i < bytes.length; i++) { bytes[i] = (byte) Integer.parseInt(s.substring(2 * i, 2 * i + 2), 16); } return bytes; } private static char[] HEXCHAR = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; /** *

* 生成密钥对(公钥和私钥) *

* * @return * @throws Exception */ public static Map genKeyPair() throws Exception { KeyPair keyPair = generateKey(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); Map keyMap = new HashMap(2); keyMap.put(PUBLIC_KEY, publicKey); keyMap.put(PRIVATE_KEY, privateKey); return keyMap; } /** *

* 用私钥对信息生成数字签名 *

* * @param data * 已加密数据 * @param privateKey * 私钥(BASE64编码) * * @return * @throws Exception */ public static String sign(byte[] data, String privateKey) throws Exception { byte[] keyBytes = Base64Utils.decode(privateKey); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(privateK); signature.update(data); return Base64Utils.encode(signature.sign()); } /** * 签名算法,使用SHA1WithRSA,目前支付宝使用。 * @param content * @param privateKey * @return */ public static String signWithSha1Rsa(String content, String privateKey) { try { PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64Utils.decode(privateKey)); // KeyFactory keyf = KeyFactory.getInstance(KEY_ALGORITHM); PrivateKey priKey = rsaKeyFactory.generatePrivate(priPKCS8); Signature signature = Signature.getInstance(SIGNaTURE_ALGORITHM_SHA1_RSA); signature.initSign(priKey); signature.update(content.getBytes(StringUtils.DEFAULT_CHARSET_UTF8)); byte[] signed = signature.sign(); return Base64Utils.encode(signed); } catch (Exception e) { e.printStackTrace(); } return null; } /** * 验证签名,目前支付宝使用 * @param content * @param sign * @param alipay_public_key * @param input_charset * @return * @throws Exception */ public static boolean verifyWithSha1Rsa(String content, String sign , String alipay_public_key, String input_charset) throws Exception{ // KeyFactory keyFactory = KeyFactory.getInstance("RSA"); byte[] encodedKey = Base64Utils.decode(alipay_public_key); PublicKey pubKey = rsaKeyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); Signature signature = Signature.getInstance(SIGNaTURE_ALGORITHM_SHA1_RSA); signature.initVerify(pubKey); signature.update(content.getBytes(input_charset)); return signature.verify(Base64Utils.decode(sign) ); } /** *

* 校验数字签名 *

* * @param data * 已加密数据 * @param publicKey * 公钥(BASE64编码) * @param sign * 数字签名 * * @return * @throws Exception * */ public static boolean verify(byte[] data, String publicKey, String sign) throws Exception { byte[] keyBytes = Base64Utils.decode(publicKey); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PublicKey publicK = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(publicK); signature.update(data); return signature.verify(Base64Utils.decode(sign)); } /** *

* 私钥解密 *

* * @param encryptedData * 已加密数据 * @param privateKey * 私钥(BASE64编码) * @return * @throws Exception */ public static byte[] decryptByPrivateKey(byte[] encryptedData, String privateKey) throws Exception { byte[] keyBytes = Base64Utils.decode(privateKey); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateK = keyFactory.generatePrivate(pkcs8KeySpec); // String al = keyFactory.getAlgorithm(); Cipher cipher = Cipher.getInstance(DEFAULT_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, privateK); int inputLen = encryptedData.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段解密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_DECRYPT_BLOCK) { cache = cipher .doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK); } else { cache = cipher .doFinal(encryptedData, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_DECRYPT_BLOCK; } byte[] decryptedData = out.toByteArray(); out.close(); return decryptedData; } /** *

* 公钥解密 *

* * @param encryptedData * 已加密数据 * @param publicKey * 公钥(BASE64编码) * @return * @throws Exception */ public static byte[] decryptByPublicKey(byte[] encryptedData, String publicKey) throws Exception { byte[] keyBytes = Base64Utils.decode(publicKey); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicK = keyFactory.generatePublic(x509KeySpec); Cipher cipher = Cipher.getInstance(DEFAULT_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, publicK); int inputLen = encryptedData.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段解密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_DECRYPT_BLOCK) { cache = cipher .doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK); } else { cache = cipher .doFinal(encryptedData, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_DECRYPT_BLOCK; } byte[] decryptedData = out.toByteArray(); out.close(); return decryptedData; } /** *

* 公钥加密 *

* * @param data * 源数据 * @param publicKey * 公钥(BASE64编码) * @return * @throws Exception */ public static byte[] encryptByPublicKey(byte[] data, String publicKey) throws Exception { byte[] keyBytes = Base64Utils.decode(publicKey); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicK = keyFactory.generatePublic(x509KeySpec); // 对数据加密 Cipher cipher = Cipher.getInstance(DEFAULT_ALGORITHM);// keyFactory.getAlgorithm()解决javax.crypto.BadPaddingException: // Blocktype异常的几种解决办法 cipher.init(Cipher.ENCRYPT_MODE, publicK); int inputLen = data.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段加密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK); } else { cache = cipher.doFinal(data, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_ENCRYPT_BLOCK; } byte[] encryptedData = out.toByteArray(); out.close(); return encryptedData; } /** *

* 私钥加密 *

* * @param data * 源数据 * @param privateKey * 私钥(BASE64编码) * @return * @throws Exception */ public static byte[] encryptByPrivateKey(byte[] data, String privateKey) throws Exception { byte[] keyBytes = Base64Utils.decode(privateKey); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateK = keyFactory.generatePrivate(pkcs8KeySpec); Cipher cipher = Cipher.getInstance(DEFAULT_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, privateK); int inputLen = data.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段加密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK); } else { cache = cipher.doFinal(data, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_ENCRYPT_BLOCK; } byte[] encryptedData = out.toByteArray(); out.close(); return encryptedData; } /** *

* 获取私钥 *

* * @param keyMap * 密钥对 * @return * @throws Exception */ public static String getPrivateKey(Map keyMap) throws Exception { Key key = (Key) keyMap.get(PRIVATE_KEY); return Base64Utils.encode(key.getEncoded()); } /** *

* 获取公钥 *

* * @param keyMap * 密钥对 * @return * @throws Exception */ public static String getPublicKey(Map keyMap) throws Exception { Key key = (Key) keyMap.get(PUBLIC_KEY); return Base64Utils.encode(key.getEncoded()); } public static PublicKey getPublicKey(String key) throws Exception { byte[] keyBytes; keyBytes = Base64Utils.decode(key); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PublicKey publicKey = keyFactory.generatePublic(keySpec); return publicKey; } public static byte[] encrypt(PublicKey pubkey, String text) { try { Cipher rsa; rsa = Cipher.getInstance(DEFAULT_ALGORITHM); rsa.init(Cipher.ENCRYPT_MODE, pubkey); return rsa.doFinal(text.getBytes()); } catch (Exception e) { e.printStackTrace(); } return null; } public static String decrypt(PrivateKey decryptionKey, byte[] buffer) { try { Cipher rsa; rsa = Cipher.getInstance(DEFAULT_ALGORITHM); rsa.init(Cipher.DECRYPT_MODE, decryptionKey); byte[] utf8 = rsa.doFinal(buffer); return new String(utf8, "UTF8"); } catch (Exception e) { e.printStackTrace(); } return null; } }