package com.epay.bank.test.encrypt; import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration; import org.apache.log4j.Logger; import sun.misc.BASE64Encoder; public class TestNetpaySignature {
private static Logger logger = Logger.getLogger(TestNetpaySignature.class);
/**
* 根据原数据和指定的加密算法来生成用户的签名数据
*
* @param algorithm
* :使用的加密算法,为SHA1withRSA
* @param srcData
* :被签名数据,byte[]类型
* @param jksPath
* :商户私钥jks文件存放路径
* @param jksPath
* :商户私钥密码
* @return 已签名数据
* @throws Exception
*/
public byte[] sign(String algorithm, byte[] srcData, String jksPath,String jksPwd)
throws Exception { try {
// 获取JKS 服务器私有证书的私钥,取得标准的JKS的 KeyStore实例
KeyStore store = KeyStore.getInstance("JKS"); // 读取jks文件,path为商户私钥jks文件存放路径
FileInputStream stream = new FileInputStream(jksPath); // jks文件密码,根据实际情况修改
String passwd = jksPwd;
store.load(stream, passwd.toCharArray()); // 获取jks证书别名
Enumeration en = store.aliases();
String pName = null;
while (en.hasMoreElements()) {
String n = (String) en.nextElement();
if (store.isKeyEntry(n)) {
pName = n;
}
} // 获取证书的私钥
PrivateKey key = (PrivateKey) store.getKey(pName,
passwd.toCharArray()); // 进行签名服务
Signature signature = Signature.getInstance(algorithm);
signature.initSign(key);
signature.update(srcData);
byte[] signedData = signature.sign(); return signedData; } catch (Exception e) {
throw new Exception("signature.sign.error");
}
} public String getSignedStr(byte[] signedData){
logger.info("已签名" + new BASE64Encoder().encode(signedData));
// 返回签名结果
return new BASE64Encoder().encode(signedData);
} /**
* 根据对签名数据使用签名者的公钥来解密后验证是否与原数据相同。从而确认用户签名正确
*
* @param 使用的加密算法
* ,需与加密时使用的算法一致
* @param srcData
* 被签名数据,byte[]类型
* @param signedData
* 使用该用户的私钥生成的已签名数据
* @param path商户公钥证书cer文件存放路径
* @return true或false,验证成功为true。
* @throws Exception
*/ public boolean verify(String algorithm, byte[] srcData, byte[] signedData,
String path) throws Exception {
// 获取指定证书的公钥
CertificateFactory certInfo = CertificateFactory.getInstance("x.509");
X509Certificate cert = (X509Certificate) certInfo
.generateCertificate(new FileInputStream(path));
PublicKey publicKey = cert.getPublicKey(); // 进行验证签名服务
try {
Signature sign3 = Signature.getInstance(algorithm);
sign3.initVerify(publicKey);
sign3.update(srcData);
return sign3.verify(signedData);
} catch (Exception e) {
throw new Exception("signature.verify.error");
}
} public static void main(String[] args) {
StringBuffer srcData = new StringBuffer(); srcData.append("1"); TestNetpaySignature testNetpaySignature = new TestNetpaySignature(); boolean flag = false;
try {
byte[] signedData = testNetpaySignature.sign("SHA1withRSA", srcData.toString().getBytes(), "D:\\keystore\\pinganmer.jks", "12345678"); flag = testNetpaySignature.verify("SHA1withRSA", srcData.toString().getBytes(), signedData, "D:\\keystore\\pinganmer.cer"); } catch (Exception e) {
// TODO: handle exception
}
System.out.println(flag); }
}