1 import java.io.FileInputStream;
2 import java.security.KeyStore;
3 import java.security.PrivateKey;
4 import java.security.PublicKey;
5 import java.security.Signature;
6 import java.security.cert.Certificate;
7 import java.security.cert.CertificateFactory;
8 import java.security.cert.X509Certificate;
9
10 import javax.crypto.Cipher;
11
12
13
14
15
16 public class CertificateCoder {
17
18 public static final String CERT_TYPE="X.509";
19
20
21
22 /**
23 * 获取私匙
24 * @param keyStorePath
25 * @param pwd
26 * @param alias
27 * @return PrivateKey 私匙
28 * @throws Exception
29 */
30 private static PrivateKey getPrivateKey(String keyStorePath,String pwd,String alias) throws Exception{
31 KeyStore ks=getKeyStore(keyStorePath, pwd);
32 return (PrivateKey)ks.getKey(alias, pwd.toCharArray());
33
34 }
35
36
37 /**
38 *
39 * @param keyStorePath
40 * @param pwd
41 * @return keyStore 密匙库
42 * @throws Exception
43 */
44 private static KeyStore getKeyStore(String keyStorePath,String pwd) throws Exception{
45 KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());
46 FileInputStream in=new FileInputStream(keyStorePath);
47 ks.load(in,pwd.toCharArray());
48 in.close();
49 return ks;
50 }
51
52
53 /**
54 *
55 * @param certificatePath
56 * @return Certificate 证书
57 * @throws Exception
58 */
59 private static Certificate getCertificate(String certificatePath) throws Exception{
60 CertificateFactory factory=CertificateFactory.getInstance(CERT_TYPE);
61 FileInputStream in=new FileInputStream(certificatePath);
62 Certificate certificate=factory.generateCertificate(in);
63 in.close();
64 return certificate;
65
66 }
67
68
69 /**
70 * 通过证书返回公匙
71 * @param certificatePath
72 * @return Publickey 返回公匙
73 * @throws Exception
74 */
75 private static PublicKey getPublicKeyByCertificate(String certificatePath) throws Exception{
76 Certificate certificate=getCertificate(certificatePath);
77 return certificate.getPublicKey();
78 }
79
80
81 /**
82 *
83 * @param keyStorePath
84 * @param alias
85 * @param pwd
86 * @return Certificate 证书
87 * @throws Exception
88 */
89 private static Certificate getCertificate(String keyStorePath,String alias,String pwd) throws Exception{
90 KeyStore ks=getKeyStore(keyStorePath, pwd);
91 //获取证书
92 return ks.getCertificate(alias);
93 }
94
95
96 /**
97 * 私匙加密
98 * @param data
99 * @param keyStorePath
100 * @param alias
101 * @param pwd
102 * @return byte[] 被私匙加密的数据
103 * @throws Exception
104 */
105 public static byte[] encryptByPrivateKey(byte[] data,String keyStorePath,String alias,String pwd) throws Exception{
106 PrivateKey privateKey=getPrivateKey(keyStorePath, pwd, alias);
107 //对数据进行加密
108 Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());
109 cipher.init(Cipher.ENCRYPT_MODE, privateKey);
110 return cipher.doFinal(data);
111
112 }
113
114
115 /**
116 * 私匙解密
117 * @param data
118 * @param keyStorePath
119 * @param alias
120 * @param pwd
121 * @return byte[] 私匙解密的数据
122 * @throws Exception
123 */
124 public static byte[] decryptByPrivateKey(byte[] data,String keyStorePath,String alias,String pwd) throws Exception{
125 PrivateKey privateKey=getPrivateKey(keyStorePath, pwd, alias);
126 Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());
127 cipher.init(cipher.DECRYPT_MODE, privateKey);
128 return cipher.doFinal(data);
129 }
130
131
132 /**
133 * 公匙加密
134 * @param data
135 * @param cerPath
136 * @return byte[] 被公匙加密的数据
137 * @throws Exception
138 */
139 public static byte[] encryptByPublicKey(byte[] data,String cerPath) throws Exception{
140 //获取公匙
141 PublicKey publicKey=getPublicKeyByCertificate(cerPath);
142 System.out.println(publicKey.getAlgorithm());
143 Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());
144 cipher.init(Cipher.ENCRYPT_MODE, publicKey);
145 return cipher.doFinal(data);
146 }
147
148 /**
149 * 公匙解密
150 * @param data
151 * @param cerPath
152 * @return
153 * @throws Exception
154 */
155 public static byte[] decryptByPublicKey(byte[] data,String cerPath) throws Exception{
156 PublicKey publicKey=getPublicKeyByCertificate(cerPath);
157 Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());
158 cipher.init(Cipher.DECRYPT_MODE, publicKey);
159 return cipher.doFinal(data);
160 }
161
162 /**
163 * 签名
164 * @param sign
165 * @param keyStorePath
166 * @param pwd
167 * @param alias
168 * @return
169 * @throws Exception
170 */
171 public static byte[] sign(byte[] sign,String keyStorePath,String pwd,String alias) throws Exception{
172 //获取证书
173 X509Certificate x509=(X509Certificate)getCertificate(keyStorePath, alias, pwd);
174 //构建签名,由证书指定签名算法
175 Signature sa=Signature.getInstance(x509.getSigAlgName());
176 //获取私匙
177 PrivateKey privateKey=getPrivateKey(keyStorePath, pwd, alias);
178 sa.initSign(privateKey);
179 sa.update(sign);
180 return sa.sign();
181 }
182
183 /**
184 * 验证签名
185 * @param data
186 * @param sign
187 * @param cerPath
188 * @return
189 * @throws Exception
190 */
191 public static boolean verify(byte[] data,byte[] sign,String cerPath) throws Exception{
192 X509Certificate x509=(X509Certificate)getCertificate(cerPath);
193 Signature sa=Signature.getInstance(x509.getSigAlgName());
194 sa.initVerify(x509);
195 sa.update(data);
196 return sa.verify(sign);
197 }
198 }
