wangyishuai
/
springboot-base


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
							package cn.efunbox.base.util;

import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.util.encoders.UrlBase64;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

public class RSASignature {
	public static final String KEY_ALGORITHM = "RSA";
	public static final String SIGNATURE_ALGORITHM = "SHA1WithRSA";
	public static final String ENCODING = "utf-8";
	public static final String X509 = "X.509";

	/**
	 * query RSA private key
	 *
	 * @param key
	 * @return
	 * @throws Exception
	 */
	public static PrivateKey getPrivateKey(String key) throws Exception {
		byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING));
		PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
		return privateKey;
	}

	/**
	 * query RSA public key
	 *
	 * @param key
	 * @return
	 * @throws Exception
	 */
	public static PublicKey getPublicKey(String key) throws Exception {
		byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING));
		CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
		InputStream in = new ByteArrayInputStream(keyBytes);
		Certificate certificate = certificateFactory.generateCertificate(in);
		PublicKey publicKey = certificate.getPublicKey();
		return publicKey;
	}

	/**
	 * sign by private key
	 *
	 * @param content
	 *            content data which will be signed
	 * @param privateKey
	 *            private key data
	 * @return signed data
	 */
	public static String signByPrivateKey(String content, String privateKey) {
		return signByPrivateKey(content, privateKey, true);
	}

	public static boolean verifySignByPublicKey(String content, String sign, String publicKey) {		
		return verifySignByPublicKey(content, sign, publicKey, true);
	}
	
	public static String signByPrivateKey(String content, String privateKey, boolean useUrlBase64) {
		try {
			PrivateKey priKey = getPrivateKey(privateKey);
			Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
			signature.initSign(priKey);
			signature.update(content.getBytes(ENCODING));
			byte[] signed = signature.sign();
			if (useUrlBase64) {
				return new String(UrlBase64.encode(signed), ENCODING);
			} else {
				return new String(Base64.encodeBase64(signed), ENCODING);
			}
		} catch (Exception e) {
			//ignore exception
		}
		return null;
	}

	public static boolean verifySignByPublicKey(String content, String sign, String publicKey, boolean useUrlBase64) {
		try {
			KeyFactory keyFactory = KeyFactory.getInstance("RSA");
			byte[] encodedKey = Base64.decodeBase64(publicKey.getBytes(ENCODING));
			PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));

			Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
			signature.initVerify(pubKey);
			signature.update(content.getBytes(ENCODING));

			if (useUrlBase64) {
				return signature.verify(UrlBase64.decode(sign.getBytes(ENCODING)));
			} else {
				return signature.verify(Base64.decodeBase64(sign.getBytes(ENCODING)));
			}
		} catch (Exception e) {
			// ignore exception
		}
		return false;
	}
}