trac ogg size gen cte false static doc
RSA是一种典型的非对称性加密算法,具体介绍可参考阮一峰的日志 RSA算法原理
下面是使用RSA算法对传输内容进行加密的一个简要Java案例,主要用到了三个类,大体实现如下:
- import java.security.KeyFactory;
- import java.security.PrivateKey;
- import java.security.PublicKey;
- import java.security.spec.PKCS8EncodedKeySpec;
- import java.security.spec.X509EncodedKeySpec;
- public class RSASignature {
- /**
- * 签名算法
- */
- public static final String SIGN_ALGORITHMS = "SHA1withRSA";
- /**
- * RSA签名
- * @param content 待签名数据
- * @param privateKey 商户私钥
- * @param encode 字符集编码
- * @return 签名值
- */
- public static String sign(String content, String privateKey, String encode)
- {
- try
- {
- PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec( Base64.decode(privateKey) );
- KeyFactory keyf = KeyFactory.getInstance("RSA");
- PrivateKey priKey = keyf.generatePrivate(priPKCS8);
- java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);
- signature.initSign(priKey);
- signature.update( content.getBytes(encode));
- byte[] signed = signature.sign();
- return Base64.encode(signed);
- }
- catch (Exception e)
- {
- e.printStackTrace();
- }
- return null;
- }
- public static String sign(String content, String privateKey)
- {
- try
- {
- PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec( Base64.decode(privateKey) );
- KeyFactory keyf = KeyFactory.getInstance("RSA");
- PrivateKey priKey = keyf.generatePrivate(priPKCS8);
- java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);
- signature.initSign(priKey);
- signature.update( content.getBytes());
- byte[] signed = signature.sign();
- return Base64.encode(signed);
- }
- catch (Exception e)
- {
- e.printStackTrace();
- }
- return null;
- }
- /**
- * RSA验签名检查
- * @param content 待签名数据
- * @param sign 签名值
- * @param publicKey 分配给开发商公钥
- * @return 布尔值
- */
- public static boolean doCheck(String content, String sign, String publicKey)
- {
- try
- {
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- byte[] encodedKey = Base64.decode(publicKey);
- PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
- java.security.Signature signature = java.security.Signature
- .getInstance(SIGN_ALGORITHMS);
- signature.initVerify(pubKey);
- signature.update( content.getBytes() );
- boolean bverify = signature.verify( Base64.decode(sign) );
- return bverify;
- }
- catch (Exception e)
- {
- e.printStackTrace();
- }
- return false;
- }
- }
- public class Base64 {
- static private final int BASELENGTH = 128;
- static private final int LOOKUPLENGTH = 64;
- static private final int TWENTYFOURBITGROUP = 24;
- static private final int EIGHTBIT = 8;
- static private final int SIXTEENBIT = 16;
- static private final int FOURBYTE = 4;
- static private final int SIGN = -128;
- static private final char PAD = ‘ = ‘;
- static private final boolean fDebug = false;
- static final private byte[] base64Alphabet = new byte[BASELENGTH];
- static final private char[] lookUpBase64Alphabet = new char[LOOKUPLENGTH];
- static {
- for (int i = 0; i < BASELENGTH; ++i) {
- base64Alphabet[i] = -1;
- }
- for (int i = ‘Z‘; i >= ‘A‘; i--) {
- base64Alphabet[i] = (byte)(i - ‘A‘);
- }
- for (int i = ‘z‘; i >= ‘a‘; i--) {
- base64Alphabet[i] = (byte)(i - ‘a‘ + 26);
- }
- for (int i = ‘9‘; i >= ‘0‘; i--) {
- base64Alphabet[i] = (byte)(i - ‘0‘ + 52);
- }
- base64Alphabet[‘ + ‘] = 62;
- base64Alphabet[‘ / ‘] = 63;
- for (int i = 0; i <= 25; i++) {
- lookUpBase64Alphabet[i] = (char)(‘A‘ + i);
- }
- for (int i = 26, j = 0; i <= 51; i++, j++) {
- lookUpBase64Alphabet[i] = (char)(‘a‘ + j);
- }
- for (int i = 52, j = 0; i <= 61; i++, j++) {
- lookUpBase64Alphabet[i] = (char)(‘0‘ + j);
- }
- lookUpBase64Alphabet[62] = (char)‘ + ‘;
- lookUpBase64Alphabet[63] = (char)‘ / ‘;
- }
- private static boolean isWhiteSpace(char octect) {
- return (octect == 0x20 || octect == 0xd || octect == 0xa || octect == 0x9);
- }
- private static boolean isPad(char octect) {
- return (octect == PAD);
- }
- private static boolean isData(char octect) {
- return (octect < BASELENGTH && base64Alphabet[octect] != -1);
- }
- /**
- * Encodes hex octects into Base64
- *
- * @param binaryData Array containing binaryData
- * @return Encoded Base64 array
- */
- public static String encode(byte[] binaryData) {
- if (binaryData == null) {
- return null;
- }
- int lengthDataBits = binaryData.length * EIGHTBIT;
- if (lengthDataBits == 0) {
- return "";
- }
- int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
- int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP;
- int numberQuartet = fewerThan24bits != 0 ? numberTriplets + 1 : numberTriplets;
- char encodedData[] = null;
- encodedData = new char[numberQuartet * 4];
- byte k = 0,
- l = 0,
- b1 = 0,
- b2 = 0,
- b3 = 0;
- int encodedIndex = 0;
- int dataIndex = 0;
- if (fDebug) {
- System.out.println("number of triplets = " + numberTriplets);
- }
- for (int i = 0; i < numberTriplets; i++) {
- b1 = binaryData[dataIndex++];
- b2 = binaryData[dataIndex++];
- b3 = binaryData[dataIndex++];
- if (fDebug) {
- System.out.println("b1= " + b1 + ", b2= " + b2 + ", b3= " + b3);
- }
- l = (byte)(b2 & 0x0f);
- k = (byte)(b1 & 0x03);
- byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2) : (byte)((b1) >> 2 ^ 0xc0);
- byte val2 = ((b2 & SIGN) == 0) ? (byte)(b2 >> 4) : (byte)((b2) >> 4 ^ 0xf0);
- byte val3 = ((b3 & SIGN) == 0) ? (byte)(b3 >> 6) : (byte)((b3) >> 6 ^ 0xfc);
- if (fDebug) {
- System.out.println("val2 = " + val2);
- System.out.println("k4 = " + (k << 4));
- System.out.println("vak = " + (val2 | (k << 4)));
- }
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[(l << 2) | val3];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[b3 & 0x3f];
- }
- // form integral number of 6-bit groups
- if (fewerThan24bits == EIGHTBIT) {
- b1 = binaryData[dataIndex];
- k = (byte)(b1 & 0x03);
- if (fDebug) {
- System.out.println("b1=" + b1);
- System.out.println("b1<<2 = " + (b1 >> 2));
- }
- byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2) : (byte)((b1) >> 2 ^ 0xc0);
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[k << 4];
- encodedData[encodedIndex++] = PAD;
- encodedData[encodedIndex++] = PAD;
- } else if (fewerThan24bits == SIXTEENBIT) {
- b1 = binaryData[dataIndex];
- b2 = binaryData[dataIndex + 1];
- l = (byte)(b2 & 0x0f);
- k = (byte)(b1 & 0x03);
- byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2) : (byte)((b1) >> 2 ^ 0xc0);
- byte val2 = ((b2 & SIGN) == 0) ? (byte)(b2 >> 4) : (byte)((b2) >> 4 ^ 0xf0);
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[l << 2];
- encodedData[encodedIndex++] = PAD;
- }
- return new String(encodedData);
- }
- /**
- * Decodes Base64 data into octects
- *
- * @param encoded string containing Base64 data
- * @return Array containind decoded data.
- */
- public static byte[] decode(String encoded) {
- if (encoded == null) {
- return null;
- }
- char[] base64Data = encoded.toCharArray();
- // remove white spaces
- int len = removeWhiteSpace(base64Data);
- if (len % FOURBYTE != 0) {
- return null; //should be divisible by four
- }
- int numberQuadruple = (len / FOURBYTE);
- if (numberQuadruple == 0) {
- return new byte[0];
- }
- byte decodedData[] = null;
- byte b1 = 0,
- b2 = 0,
- b3 = 0,
- b4 = 0;
- char d1 = 0,
- d2 = 0,
- d3 = 0,
- d4 = 0;
- int i = 0;
- int encodedIndex = 0;
- int dataIndex = 0;
- decodedData = new byte[(numberQuadruple) * 3];
- for (; i < numberQuadruple - 1; i++) {
- if (!isData((d1 = base64Data[dataIndex++])) || !isData((d2 = base64Data[dataIndex++])) || !isData((d3 = base64Data[dataIndex++])) || !isData((d4 = base64Data[dataIndex++]))) {
- return null;
- } //if found "no data" just return null
- b1 = base64Alphabet[d1];
- b2 = base64Alphabet[d2];
- b3 = base64Alphabet[d3];
- b4 = base64Alphabet[d4];
- decodedData[encodedIndex++] = (byte)(b1 << 2 | b2 >> 4);
- decodedData[encodedIndex++] = (byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
- decodedData[encodedIndex++] = (byte)(b3 << 6 | b4);
- }
- if (!isData((d1 = base64Data[dataIndex++])) || !isData((d2 = base64Data[dataIndex++]))) {
- return null; //if found "no data" just return null
- }
- b1 = base64Alphabet[d1];
- b2 = base64Alphabet[d2];
- d3 = base64Data[dataIndex++];
- d4 = base64Data[dataIndex++];
- if (!isData((d3)) || !isData((d4))) { //Check if they are PAD characters
- if (isPad(d3) && isPad(d4)) {
- if ((b2 & 0xf) != 0) //last 4 bits should be zero
- {
- return null;
- }
- byte[] tmp = new byte[i * 3 + 1];
- System.arraycopy(decodedData, 0, tmp, 0, i * 3);
- tmp[encodedIndex] = (byte)(b1 << 2 | b2 >> 4);
- return tmp;
- } else if (!isPad(d3) && isPad(d4)) {
- b3 = base64Alphabet[d3];
- if ((b3 & 0x3) != 0) //last 2 bits should be zero
- {
- return null;
- }
- byte[] tmp = new byte[i * 3 + 2];
- System.arraycopy(decodedData, 0, tmp, 0, i * 3);
- tmp[encodedIndex++] = (byte)(b1 << 2 | b2 >> 4);
- tmp[encodedIndex] = (byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
- return tmp;
- } else {
- return null;
- }
- } else { //No PAD e.g 3cQl
- b3 = base64Alphabet[d3];
- b4 = base64Alphabet[d4];
- decodedData[encodedIndex++] = (byte)(b1 << 2 | b2 >> 4);
- decodedData[encodedIndex++] = (byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
- decodedData[encodedIndex++] = (byte)(b3 << 6 | b4);
- }
- return decodedData;
- }
- /**
- * remove WhiteSpace from MIME containing encoded Base64 data.
- *
- * @param data the byte array of base64 data (with WS)
- * @return the new length
- */
- private static int removeWhiteSpace(char[] data) {
- if (data == null) {
- return 0;
- }
- // count characters that‘s not whitespace
- int newSize = 0;
- int len = data.length;
- for (int i = 0; i < len; i++) {
- if (!isWhiteSpace(data[i])) {
- data[newSize++] = data[i];
- }
- }
- return newSize;
- }
- }
- import java.nio.charset.Charset;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Value;
- import com.alibaba.fastjson.JSONObject;
- public class ChannelSignature implements ServletChannelInterceptor {
- private final static Logger logger = (Logger) LoggerFactory.getLogger(ChannelSignature.class);
- private static final String DEFAULT_CHARSET = "UTF-8";
- /是否签名验签,true:验签 ,false:不进行验签/private boolean verifySignFlag;
- /私钥路径/@Value("${privateKey}") private String privateKey;
- /公钥路径/@Value("${publicKey}") private String publicKey;
- @Override public void onRequest(ChannelContext < HttpServletRequest, HttpServletResponse > channelContext, ContextEx contextEx) throws FcsiException {
- if (!verifySignFlag) {
- logger.debug("don‘t need verif");
- return;
- }
- Object object = channelContext.getRequestPayload();
- String json = new String((byte[]) object, Charset.forName(DEFAULT_CHARSET));
- JSONObject jsonObject = JSONObject.parseObject(json);
- String requestParamStr = jsonObject.getString("requestData");
- String vSign = jsonObject.getString("sign");
- logger.debug("verif sign begin ... ... requestParamStr:{} signStr:{}", requestParamStr, vSign);
- Boolean verifResult = RSASignature.doCheck(requestParamStr, vSign, publicKey);
- if (!verifResult) {
- throw new SignatureException(MsgConstants.IFP_230002, "验签异常");
- }
- logger.debug("verif sign end ... ... signResult:{}", verifResult);
- }
- @Override public void onResponse(ChannelContext < HttpServletRequest, HttpServletResponse > channelContext, ContextEx contextEx, Throwable ex) {
- JSONObject jsonObject = null;
- if (ex instanceof SignatureException) {
- jsonObject = getSignatureExceptionRespData(ex);
- sign(channelContext, jsonObject);
- return;
- }
- Object object = channelContext.getResponsePalyload();
- if (null == object) {
- logger.debug("responsePalyload is null");
- return;
- }
- String json = new String((byte[]) object, Charset.forName("UTF8"));
- jsonObject = JSONObject.parseObject(json);
- sign(channelContext, jsonObject);
- }
- /**
- * 对响应数据进行签名,并将响应结果放至ResponsePayload
- * @param channelContext
- * @param jsonObject
- */
- private void sign(ChannelContext < HttpServletRequest, HttpServletResponse > channelContext, JSONObject jsonObject) {
- String responseParamStr = jsonObject.getString("responseData");
- logger.debug("generate sign begin ... ... signParamStr:{}", responseParamStr);
- String sign = RSASignature.sign(responseParamStr, privateKey); //对原始报文进行签名
- logger.debug("generate sign end ... ... signStr:{}", sign);
- jsonObject.put("sign", sign);
- String str = jsonObject.toString();
- channelContext.setResponsePayload((Object) str.getBytes(Charset.forName(DEFAULT_CHARSET)));
- }
- /**
- * 组装签名异常响应数据
- * @param ex
- * @return
- */
- private JSONObject getSignatureExceptionRespData(Throwable ex) {
- String code = ((SignatureException) ex).getCode();
- String defaultMessage = ((SignatureException) ex).getMessage();
- String[] errMessageStr = defaultMessage.split("]");
- String msg = errMessageStr[1];
- JSONObject jsonObject = new JSONObject();
- jsonObject.put("code", code);
- jsonObject.put("msg", msg);
- JSONObject respJsonObject = new JSONObject();
- respJsonObject.put("responseData", jsonObject);
- return respJsonObject;
- }
- public boolean isVerifySignFlag() {
- return verifySignFlag;
- }
- public void setVerifySignFlag(boolean verifySignFlag) {
- this.verifySignFlag = verifySignFlag;
- }
- }
Java使用RSA加密算法对内容进行加密
来源: http://www.bubuko.com/infodetail-2302193.html