package com.hx.util.rsa; import com.hx.util.StringUtils; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Map; /** * RSA签名验签类 */ public class RSASignature{ /** * 签名算法 */ public static final String SIGN_ALGORITHMS = "SHA1WithRSA"; /** * RSA签名 * @param content 待签名数据 * @param privateKey 商户私钥 * @param encode 字符集编码 * @return 签名值 */ public static String createSign(String content, String privateKey, String encode) { try { PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec( Base64.decode(privateKey) ); KeyFactory keyf = KeyFactory.getInstance("RSA"); PrivateKey priKey = keyf.generatePrivate(priPKCS8); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS); signature.initSign(priKey); signature.update( content.getBytes(encode)); byte[] signed = signature.sign(); return Base64.encode(signed); } catch (Exception e) { e.printStackTrace(); } return null; } /** * RSA签名Pkcs1ToPkcs8 * @param rawKey 商户私钥 * @return 签名值 */ public static String formatPkcs1ToPkcs8(String rawKey) { if (!StringUtils.isEmpty(rawKey)) { try { //将BASE64编码的私钥字符串进行解码 byte[] encodeByte = Base64.decode(rawKey); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag); PrivateKeyInfo privKeyInfo = new PrivateKeyInfo(algorithmIdentifier, ASN1ObjectIdentifier.fromByteArray(encodeByte)); return Base64.encode(privKeyInfo.getEncoded()); } catch (Exception e) { e.printStackTrace(); } } return null; } /** * RSA签名Pkcs8ToPkcs1 * @param rawKey 商户私钥 * @return 签名值 */ public static String formatPkcs8ToPkcs1(String rawKey){ try { byte[] encodeByte = Base64.decode(rawKey); PrivateKeyInfo pki = PrivateKeyInfo.getInstance(encodeByte); ASN1Encodable asn = pki.parsePrivateKey(); ASN1Primitive primitive = asn.toASN1Primitive(); return Base64.encode(primitive.getEncoded()); } catch (Exception e) { e.printStackTrace(); return null; } } public static String createSign(String content, String privateKey) { try{ PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec( Base64.decode(privateKey) ); KeyFactory keyf = KeyFactory.getInstance("RSA"); PrivateKey priKey = keyf.generatePrivate(priPKCS8); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS); signature.initSign(priKey); signature.update( content.getBytes()); byte[] signed = signature.sign(); return Base64.encode(signed); } catch (Exception e) { e.printStackTrace(); } return null; } /** * RSA验签名检查 * @param content 待签名数据 * @param sign 签名值 * @param publicKey 分配给开发商公钥 * @param encode 字符集编码 * @return 布尔值 */ public static boolean doCheck(String content, String sign, String publicKey,String encode) { try { KeyFactory keyFactory = KeyFactory.getInstance("RSA"); byte[] encodedKey = Base64.decode(publicKey); PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); java.security.Signature signature = java.security.Signature .getInstance(SIGN_ALGORITHMS); signature.initVerify(pubKey); signature.update( content.getBytes(encode) ); boolean bverify = signature.verify( Base64.decode(sign) ); return bverify; } catch (Exception e) { e.printStackTrace(); } return false; } public static boolean doCheck(String content, String sign, String publicKey) { try { KeyFactory keyFactory = KeyFactory.getInstance("RSA"); byte[] encodedKey = Base64.decode(publicKey); PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); java.security.Signature signature = java.security.Signature .getInstance(SIGN_ALGORITHMS); signature.initVerify(pubKey); signature.update( content.getBytes() ); boolean bverify = signature.verify( Base64.decode(sign) ); return bverify; } catch (Exception e) { e.printStackTrace(); } return false; } /** * ASCII码递增排序(剔除空值) * @param params * @return */ public static String getSignCheckContent(Map params) { if (params == null) { return null; } else { StringBuilder content = new StringBuilder(); List keys = new ArrayList(params.keySet()); Collections.sort(keys); for(int i = 0; i < keys.size(); ++i) { String key = (String)keys.get(i); Object value = params.get(key); if(value == null || StringUtils.isEmpty(value.toString())){ continue; } content.append(i == 0 ? "" : "&").append(key).append("=").append(value); } return content.toString(); } } }