62,046
社区成员
发帖
与我相关
我的任务
分享
//EncryptUtils.java
package com.chinaums.demo.encrypt;
import javax.crypto.Cipher;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
/**
* 加解密工具包
*
* @author YaoFeng
*/
public class EncryptUtils {
private static final String ALG_RSA = "RSA";
private static final String ALG_DSA = "DSA";
/**
* 私钥加密
*
* @param data 源数据
* @param privateKey 私钥
* @return
* @throws Exception
*/
public static byte[] encrypt(byte[] data, final PrivateKey privateKey) throws Exception {
final Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher(data, cipher, getBlockSize(privateKey) - 11);
}
/**
* 私钥解密
*
* @param encryptedData 已加密数据
* @param privateKey 私钥
* @return
* @throws Exception
*/
public static byte[] decrypt(byte[] encryptedData, final PrivateKey privateKey) throws Exception {
final Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher(encryptedData, cipher, getBlockSize(privateKey));
}
/**
* 公钥加密
*
* @param data 源数据
* @param publicKey 公钥
* @return
* @throws Exception
*/
public static byte[] encrypt(byte[] data, final PublicKey publicKey) throws Exception {
final Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher(data, cipher, getBlockSize(publicKey) - 11);
}
/**
* 公钥解密
*
* @param encryptedData 已加密数据
* @param publicKey 公钥
* @return
* @throws Exception
*/
public static byte[] decrypt(byte[] encryptedData, final PublicKey publicKey) throws Exception {
final Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher(encryptedData, cipher, getBlockSize(publicKey));
}
private static byte[] cipher(byte[] data, Cipher cipher, int blockSize) throws Exception {
final ByteArrayInputStream in = new ByteArrayInputStream(data);
final ByteArrayOutputStream out = new ByteArrayOutputStream();
final byte[] cache = new byte[blockSize];
while (true) {
final int r = in.read(cache);
if (r < 0) {
break;
}
final byte[] temp = cipher.doFinal(cache, 0, r);
out.write(temp, 0, temp.length);
}
return out.toByteArray();
}
private static int getBlockSize(final Key key) throws NoSuchAlgorithmException, InvalidKeySpecException {
final String alg = key.getAlgorithm();
final KeyFactory keyFactory = KeyFactory.getInstance(alg);
if (key instanceof PublicKey) {
final BigInteger prime;
if (ALG_RSA.equals(alg)) {
prime = keyFactory.getKeySpec(key, RSAPublicKeySpec.class).getModulus();
} else if (ALG_DSA.equals(alg)) {
prime = keyFactory.getKeySpec(key, DSAPublicKeySpec.class).getP();
} else {
throw new NoSuchAlgorithmException("不支持的解密算法:" + alg);
}
return prime.toString(2).length() / 8;
} else if (key instanceof PrivateKey) {
final BigInteger prime;
if (ALG_RSA.equals(alg)) {
prime = keyFactory.getKeySpec(key, RSAPrivateKeySpec.class).getModulus();
} else if (ALG_DSA.equals(alg)) {
prime = keyFactory.getKeySpec(key, DSAPrivateKeySpec.class).getP();
} else {
throw new NoSuchAlgorithmException("不支持的解密算法:" + alg);
}
return prime.toString(2).length() / 8;
} else {
throw new RuntimeException("不支持的密钥类型:" + key.getClass());
}
}
}
// CertificateUtils.java
package com.chinaums.demo.encrypt;
import java.io.IOException;
import java.io.InputStream;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
/**
* 数字证书工具包
*
* @author YaoFeng
*/
public class CertificateUtils {
/**
* Java密钥库(Java 密钥库,JKS)KEY_STORE
*/
public static final String KEY_STORE = "JKS";
public static final String X509 = "X.509";
/**
* 根据密钥库获得私钥
*
* @param keyStore 密钥库输入流
* @param alias 密钥别名,如果为<code>null</code>,则读取密钥库的一个条密钥
* @param password 密钥库密码
* @return
* @throws Exception
*/
public static PrivateKey getPrivateKey(final InputStream keyStore, final String alias, final String password)
throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
final KeyStore keyStore0 = getKeyStore(keyStore, password);
if (alias != null) {
return (PrivateKey) keyStore0.getKey(alias, password.toCharArray());
} else {
final Enumeration<String> aliases = keyStore0.aliases();
return (PrivateKey) keyStore0.getKey(aliases.nextElement(), password.toCharArray());
}
}
/**
* 根据证书获得公钥
*
* @param certificate 证书输入流
* @return
* @throws Exception
*/
public static PublicKey getPublicKey(final InputStream certificate) throws CertificateException {
return getCertificate(certificate).getPublicKey();
}
/**
* 获得密钥库
*
* @param keyStore 密钥库输入流
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static KeyStore getKeyStore(final InputStream keyStore, final String password)
throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
final KeyStore result = KeyStore.getInstance(KEY_STORE);
result.load(keyStore, password.toCharArray());
return result;
}
/**
* <p>
* 获得证书
* </p>
*
* @param certificate 证书输入流
* @return
* @throws Exception
*/
private static Certificate getCertificate(InputStream certificate) throws CertificateException {
final CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
return certificateFactory.generateCertificate(certificate);
}
/**
* <p>
* 根据密钥库获得证书
* </p>
*
* @param keyStore 密钥库输入流
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
* @throws Exception
*/
private static Certificate getCertificate(InputStream keyStore, String alias, String password) throws Exception {
return getKeyStore(keyStore, password).getCertificate(alias);
}
/**
* <p>
* 校验证书当前是否有效
* </p>
*
* @param certificate 证书
* @return
*/
public static boolean verifyCertificate(Certificate certificate) {
return verifyCertificate(new Date(), certificate);
}
/**
* <p>
* 验证证书是否过期或无效
* </p>
*
* @param date 日期
* @param certificate 证书
* @return
*/
public static boolean verifyCertificate(Date date, Certificate certificate) {
try {
final X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity(date);
return true;
} catch (Exception e) {
return false;
}
}
/**
* <p>
* 验证数字证书是在给定的日期是否有效
* </p>
*
* @param date 日期
* @param certificate 证书输入流
* @return
*/
public static boolean verifyCertificate(Date date, InputStream certificate) {
try {
return verifyCertificate(getCertificate(certificate));
} catch (Exception e) {
return false;
}
}
/**
* <p>
* 验证数字证书是在给定的日期是否有效
* </p>
*
* @param keyStore 密钥库输入流
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
*/
public static boolean verifyCertificate(Date date, InputStream keyStore, String alias, String password) {
try {
return verifyCertificate(date, getCertificate(keyStore, alias, password));
} catch (Exception e) {
return false;
}
}
/**
* <p>
* 验证数字证书当前是否有效
* </p>
*
* @param keyStore 密钥库存储路径
* @param alias 密钥库别名
* @param password 密钥库密码
* @return
*/
public static boolean verifyCertificate(InputStream keyStore, String alias, String password) {
return verifyCertificate(new Date(), keyStore, alias, password);
}
/**
* <p>
* 验证数字证书当前是否有效
* </p>
*
* @param certificate 证书输入流
* @return
*/
public static boolean verifyCertificate(InputStream certificate) {
return verifyCertificate(new Date(), certificate);
}
}
public static byte[] EncryptString(string source,string privateKey)
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] data = Encoding.UTF8.GetBytes(source);
rsa.FromXmlString(privateKey);
int keySize = rsa.KeySize / 8;
int bufferSize = keySize - 11;
byte[] buffer = new byte[bufferSize];
MemoryStream msInput = new MemoryStream(data);
MemoryStream msOutput = new MemoryStream();
int readLen = msInput.Read(buffer, 0, bufferSize);
while (readLen > 0)
{
byte[] dataToEnc = new byte[readLen];
Array.Copy(buffer, 0, dataToEnc, 0, readLen);
byte[] encData = rsa.Encrypt(dataToEnc, false);
msOutput.Write(encData, 0, encData.Length);
readLen = msInput.Read(buffer, 0, bufferSize);
}
msInput.Close();
byte[] result = msOutput.ToArray(); //得到加密结果
msOutput.Close();
rsa.Clear();
return result;
}