com.zcj.util.secret.UtilRsa Maven / Gradle / Ivy
package com.zcj.util.secret;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.FileInputStream;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
/**
* RSA 非对称加密算法
*
* @author [email protected]
* @since 2019/11/1
*/
public class UtilRsa {
private static final String DEFAULT_PRIVATE_KEY_STRING = "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAhObxNn/4Orm4upVrVwjf17RdkS+tZ2hCL7wgTsImfS7N9bPnwjg/76tj9sbdJWxKw2289beCZCps8FT31+iOLwIDAQABAkBglaV/QgkYRJinoKddnSlwDbhiJxASMobHQiUIl7h5CFoHFpsCERPRzDIBXj53Qmc5Y8EX70M6YB0w1s+8KEmBAiEAxgSxv6mMt1JpV7ntZOCyTSebXVmGOGoKD+UPCikghB8CIQCr0S9hmuqVOCTEE09rYcSvLY3Reb9of4mFpv9RysYz8QIhAI5Wr4KLGOhp5+k0cA20ataFIuv+PznsF2GHkMEIASSXAiB9F/E6TBMND3JdO33wPZ94t17wq4Z7a5fRsjNj9pF10QIhAK9bd8H/LlGw9IAWMXtcToa7Hx/7vNxK9mYXYeTe81Cr";
private static final String DEFAULT_PUBLIC_KEY_STRING = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAITm8TZ/+Dq5uLqVa1cI39e0XZEvrWdoQi+8IE7CJn0uzfWz58I4P++rY/bG3SVsSsNtvPW3gmQqbPBU99foji8CAwEAAQ==";
// 公钥(publicKey)对内容(cipherText)解密
public static String decrypt(String publicKey, String cipherText) throws Exception {
PublicKey publicKeyObj = getPublicKey(publicKey);
return decrypt(publicKeyObj, cipherText);
}
// 公钥(publicKey)对内容(cipherText)解密
public static String decrypt(PublicKey publicKey, String cipherText) throws Exception {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
try {
cipher.init(Cipher.DECRYPT_MODE, publicKey);
} catch (InvalidKeyException e) {
// 因为 IBM JDK 不支持私钥加密, 公钥解密, 所以要反转公私钥
// 也就是说对于解密, 可以通过公钥的参数伪造一个私钥对象欺骗 IBM JDK
RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
RSAPrivateKeySpec spec = new RSAPrivateKeySpec(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent());
Key fakePrivateKey = KeyFactory.getInstance("RSA").generatePrivate(spec);
cipher = Cipher.getInstance("RSA"); //It is a stateful object. so we need to get new one.
cipher.init(Cipher.DECRYPT_MODE, fakePrivateKey);
}
if (cipherText == null || cipherText.length() == 0) {
return cipherText;
}
byte[] cipherBytes = Base64.base64ToByteArray(cipherText);
byte[] plainBytes = cipher.doFinal(cipherBytes);
return new String(plainBytes);
}
// 私钥(privateKey)对内容(plainText)加密
public static String encrypt(String privateKey, String plainText) throws Exception {
if (privateKey == null) {
privateKey = DEFAULT_PRIVATE_KEY_STRING;
}
byte[] keyBytes = Base64.base64ToByteArray(privateKey);
return encrypt(keyBytes, plainText);
}
// 私钥字节码(privateKeyBytes)对内容(plainText)加密
public static String encrypt(byte[] privateKeyBytes, String plainText) throws Exception {
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory factory = KeyFactory.getInstance("RSA", "SunRsaSign");
PrivateKey privateKey = factory.generatePrivate(spec);
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
try {
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
} catch (InvalidKeyException e) {
//For IBM JDK, 原因请看解密方法中的说明
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) privateKey;
RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
Key fakePublicKey = KeyFactory.getInstance("RSA").generatePublic(publicKeySpec);
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, fakePublicKey);
}
byte[] encryptedBytes = cipher.doFinal(plainText.getBytes("UTF-8"));
String encryptedString = Base64.byteArrayToBase64(encryptedBytes);
return encryptedString;
}
public static PublicKey getPublicKeyByX509(String x509File) {
if (x509File == null || x509File.length() == 0) {
return getPublicKey(null);
}
FileInputStream in = null;
try {
in = new FileInputStream(x509File);
CertificateFactory factory = CertificateFactory
.getInstance("X.509");
Certificate cer = factory.generateCertificate(in);
return cer.getPublicKey();
} catch (Exception e) {
throw new IllegalArgumentException("Failed to get public key", e);
} finally {
close(in);
}
}
public static PublicKey getPublicKey(String publicKeyText) {
if (publicKeyText == null || publicKeyText.length() == 0) {
publicKeyText = DEFAULT_PUBLIC_KEY_STRING;
}
try {
byte[] publicKeyBytes = Base64.base64ToByteArray(publicKeyText);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "SunRsaSign");
return keyFactory.generatePublic(x509KeySpec);
} catch (Exception e) {
throw new IllegalArgumentException("Failed to get public key", e);
}
}
public static PrivateKey getPrivateKey(String privateKeyText) {
if (privateKeyText == null || privateKeyText.length() == 0) {
privateKeyText = DEFAULT_PRIVATE_KEY_STRING;
}
try {
byte[] publicKeyBytes = Base64.base64ToByteArray(privateKeyText);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "SunRsaSign");
return keyFactory.generatePrivate(spec);
} catch (Exception e) {
throw new IllegalArgumentException("Failed to get private key", e);
}
}
public static PublicKey getPublicKeyByPublicKeyFile(String publicKeyFile) {
if (publicKeyFile == null || publicKeyFile.length() == 0) {
return getPublicKey(null);
}
FileInputStream in = null;
try {
in = new FileInputStream(publicKeyFile);
ByteArrayOutputStream out = new ByteArrayOutputStream();
int len = 0;
byte[] b = new byte[512 / 8];
while ((len = in.read(b)) != -1) {
out.write(b, 0, len);
}
byte[] publicKeyBytes = out.toByteArray();
X509EncodedKeySpec spec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory factory = KeyFactory.getInstance("RSA", "SunRsaSign");
return factory.generatePublic(spec);
} catch (Exception e) {
throw new IllegalArgumentException("Failed to get public key", e);
} finally {
close(in);
}
}
public static byte[][] genKeyPairBytes(int keySize)
throws NoSuchAlgorithmException, NoSuchProviderException {
byte[][] keyPairBytes = new byte[2][];
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
gen.initialize(keySize, new SecureRandom());
KeyPair pair = gen.generateKeyPair();
keyPairBytes[0] = pair.getPrivate().getEncoded();
keyPairBytes[1] = pair.getPublic().getEncoded();
return keyPairBytes;
}
public static String[] genKeyPair(int keySize)
throws NoSuchAlgorithmException, NoSuchProviderException {
byte[][] keyPairBytes = genKeyPairBytes(keySize);
String[] keyPairs = new String[2];
keyPairs[0] = Base64.byteArrayToBase64(keyPairBytes[0]);
keyPairs[1] = Base64.byteArrayToBase64(keyPairBytes[1]);
return keyPairs;
}
private static void close(Closeable x) {
if (x == null) {
return;
}
try {
x.close();
} catch (Exception e) {
}
}
@Deprecated
public static String encrypt(String plainText) throws Exception {
return encrypt((String) null, plainText);
}
@Deprecated
public static String decrypt(String cipherText) throws Exception {
return decrypt((String) null, cipherText);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy