package com.epay.bank.test.encrypt; import java.io.FileInputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Enumeration; import org.apache.log4j.Logger; import sun.misc.BASE64Encoder; public class TestNetpaySignature { private static Logger logger = Logger.getLogger(TestNetpaySignature.class); /** * 根据原数据和指定的加密算法来生成用户的签名数据 * * @param algorithm * :使用的加密算法,为SHA1withRSA * @param srcData * :被签名数据,byte[]类型 * @param jksPath * :商户私钥jks文件存放路径 * @param jksPath * :商户私钥密码 * @return 已签名数据 * @throws Exception */ public byte[] sign(String algorithm, byte[] srcData, String jksPath,String jksPwd) throws Exception { try { // 获取JKS 服务器私有证书的私钥,取得标准的JKS的 KeyStore实例 KeyStore store = KeyStore.getInstance("JKS"); // 读取jks文件,path为商户私钥jks文件存放路径 FileInputStream stream = new FileInputStream(jksPath); // jks文件密码,根据实际情况修改 String passwd = jksPwd; store.load(stream, passwd.toCharArray()); // 获取jks证书别名 Enumeration en = store.aliases(); String pName = null; while (en.hasMoreElements()) { String n = (String) en.nextElement(); if (store.isKeyEntry(n)) { pName = n; } } // 获取证书的私钥 PrivateKey key = (PrivateKey) store.getKey(pName, passwd.toCharArray()); // 进行签名服务 Signature signature = Signature.getInstance(algorithm); signature.initSign(key); signature.update(srcData); byte[] signedData = signature.sign(); return signedData; } catch (Exception e) { throw new Exception("signature.sign.error"); } } public String getSignedStr(byte[] signedData){ logger.info("已签名" + new BASE64Encoder().encode(signedData)); // 返回签名结果 return new BASE64Encoder().encode(signedData); } /** * 根据对签名数据使用签名者的公钥来解密后验证是否与原数据相同。从而确认用户签名正确 * * @param 使用的加密算法 * ,需与加密时使用的算法一致 * @param srcData * 被签名数据,byte[]类型 * @param signedData * 使用该用户的私钥生成的已签名数据 * @param path商户公钥证书cer文件存放路径 * @return true或false,验证成功为true。 * @throws Exception */ public boolean verify(String algorithm, byte[] srcData, byte[] signedData, String path) throws Exception { // 获取指定证书的公钥 CertificateFactory certInfo = CertificateFactory.getInstance("x.509"); X509Certificate cert = (X509Certificate) certInfo .generateCertificate(new FileInputStream(path)); PublicKey publicKey = cert.getPublicKey(); // 进行验证签名服务 try { Signature sign3 = Signature.getInstance(algorithm); sign3.initVerify(publicKey); sign3.update(srcData); return sign3.verify(signedData); } catch (Exception e) { throw new Exception("signature.verify.error"); } } public static void main(String[] args) { StringBuffer srcData = new StringBuffer(); srcData.append("1"); TestNetpaySignature testNetpaySignature = new TestNetpaySignature(); boolean flag = false; try { byte[] signedData = testNetpaySignature.sign("SHA1withRSA", srcData.toString().getBytes(), "D:\keystore\pinganmer.jks", "12345678"); flag = testNetpaySignature.verify("SHA1withRSA", srcData.toString().getBytes(), signedData, "D:\keystore\pinganmer.cer"); } catch (Exception e) { // TODO: handle exception } System.out.println(flag); } }