import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Base64.Decoder;
import java.util.Base64.Encoder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* 非对称加密工具类,用于对数据进行私钥签名和公钥验签
* 第三方包的maven依赖:
* <dependency>
<groupId>bouncycastle</groupId>
<artifactId>bouncycastle-jce-jdk13</artifactId>
<version>112</version>
<scope>runtime</scope>
</dependency>
* @author 大别山人
*/
public class RSAUtil {
private RSAUtil() {throw new UnsupportedOperationException("工具类不需要实例化");}
private static final String ALGORITHM = "RSA";
private static final String SIGN_TYPE = "SHA256WITHRSA";
private static final Provider DEFAULT_PROVIDER = new BouncyCastleProvider();
private static final Decoder BASE64_DECODER = Base64.getDecoder();
private static final Encoder BASE64_ENCODER = Base64.getEncoder();
private static KeyFactory keyFactory;
static {
try {
keyFactory = KeyFactory.getInstance(ALGORITHM,DEFAULT_PROVIDER);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
/**
* 封装密钥对的类
* @author i
*
*/
public static final class RSAKeyPair{
private String publicKey;
private String privateKey;
public String getPublicKey() {
return publicKey;
}
public String getPrivateKey() {
return privateKey;
}
private RSAKeyPair(String publicKey,String privateKey) {
this.publicKey = publicKey;
this.privateKey = privateKey;
}
@Override
public String toString() {
return "RSAKeyPair [publicKey=" + publicKey + ",
privateKey=" + privateKey + "]";
}
}
/**
* 生成base64编码的密钥对
* @return
* @throws Exception
*/
public static final RSAKeyPair createKeyPair() throws Exception {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGORITHM);
keyPairGen.initialize(2048);
KeyPair keyPair = keyPairGen.generateKeyPair();
return new RSAKeyPair(BASE64_ENCODER.encodeToString(keyPair.getPublic().getEncoded()),BASE64_ENCODER.encodeToString(keyPair.getPrivate().getEncoded()));
}
/**
* 对指定数据使用私钥进行签名
* @param data
* @param privateKey
* @return
*/
public static final String sign(String data,String privateKey) {
try {
Signature signature = Signature.getInstance(SIGN_TYPE);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(BASE64_DECODER.decode(privateKey));
signature.initSign(keyFactory.generatePrivate(keySpec));
signature.update(toSHA256(data));
return BASE64_ENCODER.encodeToString(signature.sign());
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* 对指定的数据和签名,使用公钥进行验签
* @param data
* @param publicKey
* @param sign
* @return
*/
public static final boolean signVerify(String data,String publicKey,String sign) {
try {
Signature signature = Signature.getInstance(SIGN_TYPE);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(BASE64_DECODER.decode(publicKey));
signature.initVerify(keyFactory.generatePublic(keySpec));
signature.update(toSHA256(data));
return signature.verify(BASE64_DECODER.decode(sign));
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
private static final byte[] toSHA256(String data) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
digest.update(data.getBytes());
return digest.digest();
}
}