AS2协议详解(二)

上一篇中主要讲解了AS2协议加密的理论知识,这篇来上代码。

签名和验签

通过信息摘要算法和非对称加密,可以实现信息的防伪造,防篡改,通过我们的私钥来签名消息,接收方就能通过我们的公钥来校验该消息是否是我们发送的。

/**
 * 获取证书库
 */
public static KeyStore getKeyStore(InputStream keyStoreInputStream, String keyStorePassword, String keyStoreType) throws Exception {
    return getKeyStore(keyStoreInputStream, keyStorePassword, keyStoreType);
}

public static KeyStore getKeyStore(InputStream keyStoreInputStream, String keyStorePassword, String keyStoreType, String provider) throws Exception {
    KeyStore keyStore;
    if (StringUtils.isNotBlank(provider)) {
        keyStore = KeyStore.getInstance(keyStoreType, provider);
    } else {
        keyStore = KeyStore.getInstance(keyStoreType);
    }
    keyStore.load(keyStoreInputStream, keyStorePassword.toCharArray());
    IoUtil.close(keyStoreInputStream);
    return keyStore;
}

/**
 * 从证书库中获取公钥
 */
public static PublicKey getPublicKeyFromKeyStore(KeyStore keyStore, String alias) throws Exception {
    Certificate certificate = keyStore.getCertificate(alias);
    return certificate.getPublicKey();
}

/**
 * 从证书库获取私钥
 */
public static PrivateKey getPrivateKeyFromKeyStore(KeyStore keyStore, String alias, String password) throws Exception {
    return (PrivateKey) keyStore.getKey(alias, password.toCharArray());
}

/**
 * 签名
 */
public static byte[] sign(byte[] message, PrivateKey privateKey, String algorithm) throws Exception {
    Signature signature;
    signature = Signature.getInstance(algorithm);
    signature.initSign(privateKey);
    signature.update(message);
    return signature.sign();
}

/**
 * 验签
 */
public static boolean verify(byte[] message, byte[] signMessage, PublicKey publicKey, String algorithm) throws Exception {
    Signature signature;
    boolean verifyResult;
    signature = Signature.getInstance(algorithm);
    signature.initVerify(publicKey);
    signature.update(message);
    verifyResult = signature.verify(signMessage);
    return verifyResult;
}

然后写个单元测试来验证下

@Test
public void testVerify() throws Exception {
    FileInputStream fis = new FileInputStream(new File("d:/keys/testkeystore.keystore"));
    //获取证书库
    KeyStore keyStore = getKeyStore(fis, "mypassword", "JKS");
    //获取私钥
    PrivateKey privateKey = getPrivateKeyFromKeyStore(keyStore, "mykeystore", "mypassword");
    //摘要算法用SHA1,非对称加密算法用RSA进行签名
    byte[] signMessage = sign(CONTENT.getBytes(), privateKey, "SHA1withRSA");
    //获取公钥
    PublicKey publicKey = getPublicKeyFromKeyStore(keyStore, "mykeystore");
    //进行验签
    boolean verify = verify(CONTENT.getBytes(), signMessage, publicKey, "SHA1withRSA");
    System.out.println(verify);
}

加密和解密

/**
 * 使用私钥加密
 */
public static byte[] encodeByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception {
    // 对数据加密,加密算法由创建秘钥时指定,也可以自己指定,一般用RSA
    Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
    cipher.init(Cipher.ENCRYPT_MODE, privateKey);
    return cipher.doFinal(data);
}

/**
 * 使用公钥解密
 */
public static byte[] decodeByPublicKey(byte[] data, PublicKey publicKey)
        throws Exception {
    // 对数据加密
    Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
    cipher.init(Cipher.DECRYPT_MODE, publicKey);
    return cipher.doFinal(data);
}

/**
 * 公钥加密
 */
public static byte[] encodeByPublicKey(byte[] data, PublicKey publicKey)
        throws Exception {
    // 对数据加密
    Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
    cipher.init(Cipher.ENCRYPT_MODE, publicKey);
    return cipher.doFinal(data);
}

/**
 * 私钥解密
 */
public static byte[] decodeByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception {
    // 对数据加密
    Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
    cipher.init(Cipher.DECRYPT_MODE, privateKey);
    return cipher.doFinal(data);
}

单元测试

public static String CONTENT = "寥落古行宫,宫花寂寞红。白头宫女在,闲坐说玄宗";
@Test
public void testDecode() throws Exception {
    FileInputStream fis = new FileInputStream(new File("d:/keys/testkeystore.keystore"));
    KeyStore keyStore = getKeyStore(fis, "mypassword", "JKS");
    PrivateKey privateKey = getPrivateKeyFromKeyStore(keyStore, "mykeystore", "mypassword");
    PublicKey publicKey = getPublicKeyFromKeyStore(keyStore, "mykeystore");
    //加密
    byte[] encode = encodeByPrivateKey(CONTENT.getBytes(), privateKey);
    //解密
    byte[] message = decodeByPublicKey(encode, publicKey);
    System.out.println(new String(message));
}

版权声明:本文为hollycloud原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。