Java加密与解密的艺术~数字证书~证书使用openssl
生活随笔
收集整理的這篇文章主要介紹了
Java加密与解密的艺术~数字证书~证书使用openssl
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
證書工具
/*** 2009-5-20*/ package org.zlex.chapter10_2;import java.io.FileInputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate;import javax.crypto.Cipher;/*** 證書組件* * @author 梁棟* @version 1.0*/ public abstract class CertificateCoder {/*** 證書類型X509*/public static final String CERT_TYPE = "X.509";/*** 密鑰庫類型PCKS12*/private static final String STORE_TYPE = "PKCS12";/*** 由KeyStore獲得私鑰* * @param keyStorePath* 密鑰庫路徑* @param alias* 別名* @param password* 密碼* @return PrivateKey 私鑰* @throws Exception*/public static PrivateKey getPrivateKeyByKeyStore(String keyStorePath,String alias, String password) throws Exception {// 獲得密鑰庫KeyStore ks = getKeyStore(keyStorePath, password);// 獲得私鑰return (PrivateKey) ks.getKey(alias, password.toCharArray());}/*** 由Certificate獲得公鑰* * @param certificatePath* 證書路徑* @return PublicKey 公鑰* @throws Exception*/public static PublicKey getPublicKeyByCertificate(String certificatePath)throws Exception {// 獲得證書Certificate certificate = getCertificate(certificatePath);// 獲得公鑰return certificate.getPublicKey();}/*** 獲得Certificate* * @param certificatePath* 證書路徑* @return Certificate 證書* @throws Exception*/private static X509Certificate getCertificate(String certificatePath)throws Exception {// 實(shí)例化證書工廠CertificateFactory certificateFactory = CertificateFactory.getInstance(CERT_TYPE);// 取得證書文件流FileInputStream in = new FileInputStream(certificatePath);// 生成證書Certificate certificate = certificateFactory.generateCertificate(in);// 關(guān)閉證書文件流in.close();return (X509Certificate) certificate;}/*** 獲得KeyStore* * @param keyStorePath* 密鑰庫路徑* @param password* 密碼* @return KeyStore 密鑰庫* @throws Exception*/private static KeyStore getKeyStore(String keyStorePath, String password)throws Exception {// 實(shí)例化密鑰庫KeyStore ks = KeyStore.getInstance(STORE_TYPE);// 獲得密鑰庫文件流FileInputStream in = new FileInputStream(keyStorePath);// 加載密鑰庫ks.load(in, password.toCharArray());// 關(guān)閉密鑰庫文件流in.close();return ks;}/*** 私鑰加密* * @param data* 待加密數(shù)據(jù)* @param keyStorePath* 密鑰庫路徑* @param alias* 別名* @param password* 密碼* @return byte[] 加密數(shù)據(jù)* @throws Exception*/public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath,String alias, String password) throws Exception {// 取得私鑰PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath, alias,password);// 對數(shù)據(jù)加密Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());cipher.init(Cipher.ENCRYPT_MODE, privateKey);return cipher.doFinal(data);}/*** 私鑰解密* * @param data* 待解密數(shù)據(jù)* @param keyStorePath* 密鑰庫路徑* @param alias* 別名* @param password* 密碼* @return byte[] 解密數(shù)據(jù)* @throws Exception*/public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath,String alias, String password) throws Exception {// 取得私鑰PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath, alias,password);// 對數(shù)據(jù)加密Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());cipher.init(Cipher.DECRYPT_MODE, privateKey);return cipher.doFinal(data);}/*** 公鑰加密* * @param data* 待加密數(shù)據(jù)* @param certificatePath* 證書路徑* @return byte[] 加密數(shù)據(jù)* @throws Exception*/public static byte[] encryptByPublicKey(byte[] data, String certificatePath)throws Exception {// 取得公鑰PublicKey publicKey = getPublicKeyByCertificate(certificatePath);// 對數(shù)據(jù)加密Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());cipher.init(Cipher.ENCRYPT_MODE, publicKey);return cipher.doFinal(data);}/*** 公鑰解密* * @param data* 待解密數(shù)據(jù)* @param certificatePath* 證書路徑* @return byte[] 解密數(shù)據(jù)* @throws Exception*/public static byte[] decryptByPublicKey(byte[] data, String certificatePath)throws Exception {// 取得公鑰PublicKey publicKey = getPublicKeyByCertificate(certificatePath);// 對數(shù)據(jù)加密Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());cipher.init(Cipher.DECRYPT_MODE, publicKey);return cipher.doFinal(data);}/*** 簽名* * @param keyStorePath* 密鑰庫路徑* @param alias* 別名* @param password* 密碼* @return byte[] 簽名* @throws Exception*/public static byte[] sign(byte[] sign, String keyStorePath, String alias,String password, String certificatePath) throws Exception {// 獲得證書X509Certificate x509Certificate = getCertificate(certificatePath);// 構(gòu)建簽名,由證書指定簽名算法Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());// 獲取私鑰PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath, alias,password);// 初始化簽名,由私鑰構(gòu)建signature.initSign(privateKey);signature.update(sign);return signature.sign();}/*** 驗(yàn)證簽名* * @param data* 數(shù)據(jù)* @param sign* 簽名* @param certificatePath* 證書路徑* @return boolean 驗(yàn)證通過為真* @throws Exception*/public static boolean verify(byte[] data, byte[] sign,String certificatePath) throws Exception {// 獲得證書X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);// 由證書構(gòu)建簽名Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());// 由證書初始化簽名,實(shí)際上是使用了證書中的公鑰signature.initVerify(x509Certificate);signature.update(data);return signature.verify(sign);}}證書示例
/*** 2009-5-20*/ package org.zlex.chapter10_2;import static org.junit.Assert.*;import org.apache.commons.codec.binary.Hex; import org.junit.Test;/*** 證書校驗(yàn)* * @author 梁棟* @version 1.0*/ public class CertificateCoderTest {private String password = "123456";private String alias = "1";private String certificatePath = "d:/ca/certs/ca.cer";//E:\pdf\JAVA\javaSecurity\opensslprivate String keyStorePath = "d:/ca/certs/ca.p12";/*** 公鑰加密——私鑰解密* * @throws Exception*/@Testpublic void test1() {try {System.err.println("公鑰加密——私鑰解密");String inputStr = "Ceritifcate";byte[] data = inputStr.getBytes();// 公鑰加密byte[] encrypt = CertificateCoder.encryptByPublicKey(data,certificatePath);// 私鑰解密byte[] decrypt = CertificateCoder.decryptByPrivateKey(encrypt,keyStorePath, alias, password);String outputStr = new String(decrypt);System.err.println("加密前:\n" + inputStr);System.err.println("解密后:\n" + outputStr);// 驗(yàn)證數(shù)據(jù)一致assertArrayEquals(data, decrypt);} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();fail(e.getMessage());}}/*** 私鑰加密——公鑰解密* * @throws Exception*/@Testpublic void test2() {System.err.println("私鑰加密——公鑰解密");String inputStr = "sign";byte[] data = inputStr.getBytes();try {// 私鑰加密byte[] encodedData = CertificateCoder.encryptByPrivateKey(data,keyStorePath, alias, password);// 公鑰加密byte[] decodedData = CertificateCoder.decryptByPublicKey(encodedData, certificatePath);String outputStr = new String(decodedData);System.err.println("加密前:\n" + inputStr);System.err.println("解密后:\n" + outputStr);// 校驗(yàn)assertEquals(inputStr, outputStr);} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();fail(e.getMessage());}}/*** 簽名驗(yàn)證* * @throws Exception*/@Testpublic void testSign() {try {String inputStr = "簽名";byte[] data = inputStr.getBytes();System.err.println("私鑰簽名——公鑰驗(yàn)證");// 產(chǎn)生簽名byte[] sign = CertificateCoder.sign(data, keyStorePath, alias,password,certificatePath);System.err.println("簽名:\n" + Hex.encodeHexString(sign));// 驗(yàn)證簽名boolean status = CertificateCoder.verify(data, sign,certificatePath);System.err.println("狀態(tài):\n" + status);// 校驗(yàn)assertTrue(status);} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();fail(e.getMessage());}}}總結(jié)
以上是生活随笔為你收集整理的Java加密与解密的艺术~数字证书~证书使用openssl的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Abstract Server、Adap
- 下一篇: 深入了解Struts2返回JSON数据的