加密工具类
2020-09-16 本文已影响0人
刘彦青
package com.lakala.boss.api.utils;
import com.lakala.boss.api.security.CAP12CertTool;
import com.lakala.boss.api.security.RSASignUtil;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
/**
* @Project: boss-sdk
* @Package: com.lakala.boss.api.utils
* @Description: 加解密工具类
* @author: LXF
* @date Date: 2019年10月23日 18:00
* @version: V1.0.0
*/
public class KeyUtil {
private KeyUtil(){}
/**
* 加密敏感数据
* @param str
* @param secretKey
* @return
* @throws InvalidEncryptedKeyException
*/
public static String encryptPrivateData(String str, String secretKey) throws InvalidEncryptedKeyException {
if(StringUtils.isNotBlank(str) && StringUtils.isNotBlank(secretKey)) {
return AESUtil.aesEncrypt(str, secretKey);
} else {
return null;
}
}
/**
* 解密敏感数据
* @param str
* @param secretKey
* @return
* @throws InvalidEncryptedKeyException
*/
public static String decryptPrivateData(String str, String secretKey) throws InvalidEncryptedKeyException {
if(StringUtils.isNotBlank(str) && StringUtils.isNotBlank(secretKey)) {
return AESUtil.aesDecrypt(str, secretKey);
} else {
return null;
}
}
/**
* 加密临时密钥
* @param client
* @param secretKey
* @return
*/
public static String encryptSecretKey(BossClient client, String secretKey){
if(ObjectUtils.isEmpty(client) || StringUtils.isBlank(secretKey)){
return null;
}
CAP12CertTool cap12CertTool = client.getRsaSignUtil().getCap12CertTool();
return RSASignUtil.rsaEcbEncryptBase64((RSAPrivateKey) cap12CertTool.getPrivateKey(), secretKey.getBytes());
}
/**
* 解密临时密钥
* @param client
* @param encryptSecretKey
* @return
*/
public static String decryptSecretKey(BossClient client, String encryptSecretKey){
if(ObjectUtils.isEmpty(client) || StringUtils.isBlank(encryptSecretKey)){
return null;
}
CAP12CertTool cap12CertTool = client.getRsaSignUtil().getCap12CertTool();
return RSASignUtil.rsaEcbDecryptBase64((RSAPublicKey) cap12CertTool.getPublicKey(), encryptSecretKey);
}
/**
* 解密临时密钥
* @param client
* @param encryptSecretKey
* @return
*/
public static String decryptSecretKeyByPrivateKey(BossClient client, String encryptSecretKey){
if(ObjectUtils.isEmpty(client) || StringUtils.isBlank(encryptSecretKey)){
return null;
}
CAP12CertTool cap12CertTool = client.getRsaSignUtil().getCap12CertTool();
return RSASignUtil.rsaEcbDecryptBase64((RSAPrivateKey) cap12CertTool.getPrivateKey(), encryptSecretKey);
}
}
package com.lakala.boss.api.security;
import java.io.*;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
/**
* 密钥工具类
*/
public class CAP12CertTool {
private SignedPack signedPack;
public CAP12CertTool(InputStream fileInputStream, String keyPass) throws SecurityException {
signedPack = this.getP12(fileInputStream, keyPass);
}
public CAP12CertTool(String path, String keyPass) throws SecurityException, FileNotFoundException {
FileInputStream fileInputStream = new FileInputStream(new File(path));
signedPack = this.getP12(fileInputStream, keyPass);
}
public static SignedPack getKeyPkcs12(String keyfile, String keypwd) {
KeyStore keyStore = getKeyStore(keyfile, keypwd, "PKCS12");
PrivateKey privateKey = null;
try {
Enumeration<String> aliasenum = keyStore.aliases();
String keyAlias = null;
if (aliasenum.hasMoreElements()) {
keyAlias = (String) aliasenum.nextElement();
}
privateKey = (PrivateKey) keyStore.getKey(keyAlias, keypwd.toCharArray());
Certificate cert = keyStore.getCertificate(keyAlias);
PublicKey publicKey = cert.getPublicKey();
SignedPack sp = new SignedPack();
sp.setCert((X509Certificate) cert);
sp.setPubKey(publicKey);
sp.setPriKey(privateKey);
return sp;
} catch (Exception e) {
throw new IllegalArgumentException("Fail: get private key from private certificate", e);
}
}
private static KeyStore getKeyStore(String keyfile, String keypwd, String type) {
FileInputStream fis = null;
KeyStore keyStoreOut;
try {
KeyStore keyStore = null;
keyStore = KeyStore.getInstance(type);
fis = new FileInputStream(keyfile);
char[] nPassword = null != keypwd && !"".equals(keypwd.trim()) ? keypwd.toCharArray() : null;
keyStore.load(fis, nPassword);
fis.close();
keyStoreOut = keyStore;
} catch (Exception e) {
if (Security.getProvider("BC") == null) {
throw new IllegalArgumentException("BC Provider not installed.", e);
}
throw new IllegalArgumentException("Fail: load privateKey certificate", e);
} finally {
if (null != fis) {
try {
fis.close();
} catch (Exception ignored) {
}
}
}
return keyStoreOut;
}
private SignedPack getP12(InputStream fileInputStream, String keyPass) throws SecurityException {
SignedPack sp = new SignedPack();
try {
KeyStore ks = KeyStore.getInstance("PKCS12");
char[] nPassword = (char[]) null;
if (keyPass != null && !keyPass.trim().equals("")) {
nPassword = keyPass.toCharArray();
} else {
nPassword = (char[]) null;
}
ks.load(fileInputStream, nPassword);
Enumeration enum2 = ks.aliases();
String keyAlias = null;
if (enum2.hasMoreElements()) {
keyAlias = (String) enum2.nextElement();
}
PrivateKey priKey = (PrivateKey) ks.getKey(keyAlias, nPassword);
Certificate cert = ks.getCertificate(keyAlias);
PublicKey pubKey = cert.getPublicKey();
sp.setCert((X509Certificate) cert);
sp.setPubKey(pubKey);
sp.setPriKey(priKey);
} catch (Exception var13) {
var13.printStackTrace();
throw new SecurityException(var13.getMessage());
}
if (fileInputStream != null) {
try {
fileInputStream.close();
} catch (IOException var12) {
;
}
}
if (fileInputStream != null) {
try {
fileInputStream.close();
} catch (IOException var11) {
;
}
}
return sp;
}
public X509Certificate getCert() {
return signedPack.getCert();
}
public PublicKey getPublicKey() {
return signedPack.getPubKey();
}
public PrivateKey getPrivateKey() {
return signedPack.getPriKey();
}
public byte[] getSignData(byte[] indata) throws SecurityException {
byte[] res = (byte[]) null;
try {
Signature signet = Signature.getInstance("SHA256WITHRSA");
signet.initSign(this.getPrivateKey());
signet.update(indata);
res = signet.sign();
return res;
} catch (InvalidKeyException var4) {
throw new SecurityException(var4.getMessage());
} catch (NoSuchAlgorithmException var5) {
throw new SecurityException(var5.getMessage());
} catch (SignatureException var6) {
throw new SecurityException(var6.getMessage());
}
}
}
package com.lakala.boss.api.security;
import net.sf.json.JSONArray;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import javax.crypto.Cipher;
import java.io.*;
import java.security.*;
import java.security.cert.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.*;
public class RSASignUtil {
private String hexCert = null;
private CAP12CertTool cap12CertTool;
public RSASignUtil(String certFilePath, String password) {
try {
cap12CertTool = new CAP12CertTool(certFilePath, password);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
}
public static PublicKey getPublicKeyfromPath(String svrCertpath) throws SecurityException {
X509Certificate cert = null;
FileInputStream inStream = null;
try {
inStream = new FileInputStream(new File(svrCertpath));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cert = (X509Certificate) cf.generateCertificate(inStream);
} catch (CertificateException var4) {
throw new SecurityException(var4.getMessage());
} catch (FileNotFoundException var5) {
throw new SecurityException(var5.getMessage());
}
return cert.getPublicKey();
}
public static byte[] checkPEM(byte[] paramArrayOfByte) {
String str1 = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/+= \r\n-";
for (int i = 0; i < paramArrayOfByte.length; ++i) {
if (str1.indexOf(paramArrayOfByte[i]) == -1) {
return null;
}
}
StringBuffer localStringBuffer = new StringBuffer(paramArrayOfByte.length);
String str2 = new String(paramArrayOfByte);
for (int j = 0; j < str2.length(); ++j) {
if (str2.charAt(j) != ' ' && str2.charAt(j) != '\r' && str2.charAt(j) != '\n') {
localStringBuffer.append(str2.charAt(j));
}
}
return localStringBuffer.toString().getBytes();
}
/**
* RSA 加密
*
* @param privateKey 私钥
* @param data 待加密数据
* @return 加密结果
*/
public static String rsaEcbEncryptBase64(RSAPrivateKey privateKey, byte[] data) {
byte[] res = rsaEcbEncrypt(privateKey, data);
return com.lakala.boss.api.utils.Base64.encode(res);
}
/**
* 加密
*
* @param privateKey 私钥
* @param data 加密数据
* @return 加密结果
*/
public static byte[] rsaEcbEncrypt(RSAPrivateKey privateKey, byte[] data) {
String algorithm = "RSA/ECB/PKCS1Padding";
if (privateKey == null) {
throw new IllegalArgumentException("publicKey is null");
} else {
try {
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(1, privateKey);
return cipher.doFinal(data);
} catch (Exception e) {
throw new IllegalArgumentException("Fail: RSA Ecb Encrypt", e);
}
}
}
/**
* 解密
*
* @param publicKey 公钥
* @param data 待解密数据
* @return 解密后数据
*/
public static String rsaEcbDecryptBase64(RSAPublicKey publicKey, String data) {
byte[] res = rsaEcbDecrypt(publicKey, com.lakala.boss.api.utils.Base64.decode(data));
return new String(res);
}
/**
* 解密
*
* @param privateKey 私钥
* @param data 待解密数据
* @return 解密后数据
*/
public static String rsaEcbDecryptBase64(RSAPrivateKey privateKey, String data) {
byte[] res = rsaEcbDecrypt(privateKey, com.lakala.boss.api.utils.Base64.decode(data));
return new String(res);
}
/**
* 解密
*
* @param publicKey 公钥
* @param data 待解密数据
* @return 解密后数据
*/
public static byte[] rsaEcbDecrypt(RSAPublicKey publicKey, byte[] data) {
if (publicKey == null) {
throw new IllegalArgumentException("privateKey is null");
} else {
Object var3 = null;
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(2, publicKey);
return cipher.doFinal(data);
} catch (Exception e) {
throw new IllegalArgumentException("Fail: RSA Ecb Decrypt", e);
}
}
}
/**
* 解密
*
* @param privateKey 私钥
* @param data 待解密数据
* @return 解密后数据
*/
public static byte[] rsaEcbDecrypt(RSAPrivateKey privateKey, byte[] data) {
if (privateKey == null) {
throw new IllegalArgumentException("privateKey is null");
} else {
Object var3 = null;
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(2, privateKey);
return cipher.doFinal(data);
} catch (Exception e) {
throw new IllegalArgumentException("Fail: RSA Ecb Decrypt", e);
}
}
}
public CAP12CertTool getCap12CertTool() {
return cap12CertTool;
}
public String sign(String indata, String encoding) {
String singData = null;
try {
X509Certificate cert = cap12CertTool.getCert();
byte[] si = cap12CertTool.getSignData(indata.getBytes(encoding));
byte[] cr = cert.getEncoded();
this.hexCert = HexStringByte.byteToHex(cr);
singData = HexStringByte.byteToHex(si);
} catch (CertificateEncodingException var8) {
var8.printStackTrace();
} catch (UnsupportedEncodingException var10) {
var10.printStackTrace();
} catch (SecurityException var11) {
var11.printStackTrace();
}
return singData;
}
public String getCertInfo() {
return this.hexCert;
}
public boolean verify(String oriData, String signData, String svrCert, String encoding) {
boolean res = false;
try {
byte[] signDataBytes = HexStringByte.hexToByte(signData.getBytes());
byte[] inDataBytes = oriData.getBytes(encoding);
byte[] signaturepem = checkPEM(signDataBytes);
if (signaturepem != null) {
signDataBytes = Base64.decode(signaturepem);
}
X509Certificate cert = this.getCertFromHexString(svrCert);
if (cert != null) {
PublicKey pubKey = cert.getPublicKey();
Signature signet = Signature.getInstance("SHA256WITHRSA");
signet.initVerify(pubKey);
signet.update(inDataBytes);
res = signet.verify(signDataBytes);
}
} catch (InvalidKeyException var12) {
var12.printStackTrace();
} catch (NoSuchAlgorithmException var13) {
var13.printStackTrace();
} catch (SignatureException var14) {
var14.printStackTrace();
} catch (SecurityException var15) {
var15.printStackTrace();
} catch (UnsupportedEncodingException var16) {
var16.printStackTrace();
}
return res;
}
public X509Certificate getCertfromPath(String crt_path) throws SecurityException {
X509Certificate cert = null;
FileInputStream inStream = null;
try {
inStream = new FileInputStream(new File(crt_path));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cert = (X509Certificate) cf.generateCertificate(inStream);
return cert;
} catch (CertificateException var5) {
throw new SecurityException(var5.getMessage());
} catch (FileNotFoundException var6) {
throw new SecurityException(var6.getMessage());
}
}
public boolean verifyCert(X509Certificate userCert, X509Certificate rootCert) throws SecurityException {
boolean res = false;
try {
PublicKey rootKey = rootCert.getPublicKey();
userCert.checkValidity();
userCert.verify(rootKey);
res = true;
if (!userCert.getIssuerDN().equals(rootCert.getSubjectDN())) {
res = false;
}
return res;
} catch (CertificateExpiredException var5) {
throw new SecurityException(var5.getMessage());
} catch (CertificateNotYetValidException var6) {
throw new SecurityException(var6.getMessage());
} catch (InvalidKeyException var7) {
throw new SecurityException(var7.getMessage());
} catch (CertificateException var8) {
throw new SecurityException(var8.getMessage());
} catch (NoSuchAlgorithmException var9) {
throw new SecurityException(var9.getMessage());
} catch (NoSuchProviderException var10) {
throw new SecurityException(var10.getMessage());
} catch (SignatureException var11) {
throw new SecurityException(var11.getMessage());
}
}
private X509Certificate getCertFromHexString(String hexCert) throws SecurityException {
ByteArrayInputStream bIn = null;
X509Certificate certobj = null;
byte[] cert = HexStringByte.hexToByte(hexCert.getBytes());
CertificateFactory fact = null;
try {
fact = CertificateFactory.getInstance("X.509");
} catch (CertificateException var13) {
var13.printStackTrace();
}
bIn = new ByteArrayInputStream(cert);
try {
certobj = (X509Certificate) fact.generateCertificate(bIn);
bIn.close();
bIn = null;
} catch (CertificateException var11) {
var11.printStackTrace();
} catch (IOException var12) {
var12.printStackTrace();
}
try {
if (bIn != null) {
bIn.close();
}
} catch (IOException var10) {
var10.printStackTrace();
}
try {
if (bIn != null) {
bIn.close();
}
} catch (IOException var9) {
;
}
try {
if (bIn != null) {
bIn.close();
}
} catch (IOException var8) {
;
}
try {
if (bIn != null) {
bIn.close();
}
} catch (IOException var7) {
;
}
return certobj;
}
public String getFormValue(String respMsg, String name) {
String[] resArr = StringUtils.split(respMsg, "&");
Map<String, String> resMap = new HashMap<String, String>();
for (int i = 0; i < resArr.length; ++i) {
String data = resArr[i];
int index = StringUtils.indexOf(data, '=');
String nm = StringUtils.substring(data, 0, index);
String val = StringUtils.substring(data, index + 1);
resMap.put(nm, val);
}
return resMap.get(name) != null ? resMap.get(name) : "";
}
public String getValue(String respMsg, String name) {
String[] resArr = StringUtils.split(respMsg, "&");
Map<String, String> resMap = new HashMap<String, String>();
for (int i = 0; i < resArr.length; ++i) {
String data = resArr[i];
int index = StringUtils.indexOf(data, '=');
String nm = StringUtils.substring(data, 0, index);
String val = StringUtils.substring(data, index + 1);
resMap.put(nm, val);
}
return resMap.get(name) != null ? resMap.get(name) : "";
}
public Map<String, String> coverString2Map(String respMsg) {
String[] resArr = StringUtils.split(respMsg, "&");
Map<String, String> resMap = new HashMap<String, String>();
for (int i = 0; i < resArr.length; ++i) {
String data = resArr[i];
int index = StringUtils.indexOf(data, '=');
String nm = StringUtils.substring(data, 0, index);
String val = StringUtils.substring(data, index + 1);
resMap.put(nm, val);
}
return resMap;
}
@SuppressWarnings({"rawtypes", "unchecked"})
public String coverMap2String(Map data) {
TreeMap tree = new TreeMap();
Iterator it = data.entrySet().iterator();
while (it.hasNext()) {
Map.Entry en = (Map.Entry) it.next();
if (!"merchantSign".equals(((String) en.getKey()).trim()) && !"serverSign".equals(((String) en.getKey()).trim()) && !"serverCert".equals(((String) en.getKey()).trim())) {
tree.put(en.getKey(), en.getValue());
}
}
it = tree.entrySet().iterator();
StringBuffer sf = new StringBuffer();
while (it.hasNext()) {
Map.Entry en = (Map.Entry) it.next();
String tmp;
if (en.getValue() instanceof String) {
tmp = (String) en.getValue();
} else if (en.getValue() instanceof List) {
tmp = JSONArray.fromObject(en.getValue()).toString();
} else {
tmp = String.valueOf(en.getValue());
}
if (!StringUtils.equals(tmp, "null") && !StringUtils.isBlank(tmp)) {
sf.append((String) en.getKey()).append("=").append(tmp).append("&");
}
}
return sf.substring(0, sf.length() - 1);
}
public String encryptData(String dataString, String encoding, String svrCertPath) {
try {
byte[] data = encryptedPin(getPublicKeyfromPath(svrCertPath), dataString.getBytes(encoding));
return new String(base64Encode(data), encoding);
} catch (Exception var5) {
var5.printStackTrace();
return "";
}
}
public byte[] encryptedPin(PublicKey publicKey, byte[] plainPin) throws Exception {
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", new BouncyCastleProvider());
cipher.init(1, publicKey);
int blockSize = cipher.getBlockSize();
int outputSize = cipher.getOutputSize(plainPin.length);
int leavedSize = plainPin.length % blockSize;
int blocksSize = leavedSize == 0 ? plainPin.length / blockSize : plainPin.length / blockSize + 1;
byte[] raw = new byte[outputSize * blocksSize];
for (int i = 0; plainPin.length - i * blockSize > 0; ++i) {
if (plainPin.length - i * blockSize > blockSize) {
cipher.doFinal(plainPin, i * blockSize, blockSize, raw, i * outputSize);
} else {
cipher.doFinal(plainPin, i * blockSize, plainPin.length - i * blockSize, raw, i * outputSize);
}
}
return raw;
} catch (Exception var9) {
throw new Exception(var9.getMessage());
}
}
public byte[] base64Encode(byte[] inputByte) throws IOException {
return Base64.encode(inputByte);
}
}
