签名及验证示例(Java)
package com.tuputech.api;
import com.tuputech.api.util.Base64Util;
import net.sf.json.JSONObject;
import java.io.*;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
/**
* 鉴权
*
* @author soap
*/
public class SignatureVerify {
//tupu public pem
final static String publickKeyString = "-----BEGIN PUBLIC KEY-----" + "\n"
+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDyZneSY2eGnhKrArxaT6zswVH9" + "\n"
+ "/EKz+CLD+38kJigWj5UaRB6dDUK9BR6YIv0M9vVQZED2650tVhS3BeX04vEFhThn" + "\n"
+ "NrJguVPidufFpEh3AgdYDzOQxi06AN+CGzOXPaigTurBxZDIbdU+zmtr6a8bIBBj" + "\n" + "WQ4v2JR/BA6gVHV5TwIDAQAB"
+ "\n" + "-----END PUBLIC KEY-----";
/**
* 进行验证
*
* @param signature 数字签名
* @param json 真正的有效数据的字符串
**/
public boolean verify(String signature, String json) {
try {
InputStream inPublic = new ByteArrayInputStream(publickKeyString.getBytes("UTF-8"));
String publicKeyStr = readKey(inPublic);
byte[] buffer = Base64Util.decode(publicKeyStr);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
// 获取公钥匙对象
PublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
Signature signer = Signature.getInstance("SHA256WithRSA");
signer.initVerify(pubKey);
signer.update(json.getBytes("UTF-8"));
// 验证签名是否正常
return signer.verify(Base64Util.decode(signature));
} catch (Exception e) {
return false;
}
}
/**
* @param in
* @throws IOException
*/
private String readKey(InputStream in) throws IOException {
BufferedReader br = new BufferedReader(new InputStreamReader(in));
String readLine = null;
StringBuilder sb = new StringBuilder();
while ((readLine = br.readLine()) != null) {
if (readLine.charAt(0) == '-') {
continue;
} else {
sb.append(readLine);
sb.append('\r');
}
}
return sb.toString();
}
/**
* 读取用户私钥
*
* @param privateKey 私钥
* @return
*/
public PrivateKey readPrivateKey(String privateKey) {
String privateKeyStr = "";
PrivateKey pKey = null;
if (privateKey.endsWith(".pem")) {
// 读取你的密钥pkcs8_private_key.pem
File private_key_pem = new File(privateKey);
InputStream inPrivate = null;
try {
inPrivate = new FileInputStream(private_key_pem);
} catch (FileNotFoundException e) {
System.out.println(e);
}
try {
privateKeyStr = readKey(inPrivate);
} catch (IOException e) {
System.out.println(e);
}
} else {
privateKeyStr = privateKey;
}
try {
byte[] buffer = Base64Util.decode(privateKeyStr);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
// 获取密钥对象
pKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
} catch (Exception e) {
System.out.println(e);
}
return pKey;
}
/**
* 进行签名
*
* @param sign_string
* @param privateKey 参与签名的文本
**/
public String signature(PrivateKey privateKey, String sign_string) {
try {
// 用私钥对信息生成数字签名
Signature signer = Signature.getInstance("SHA256WithRSA");
signer.initSign(privateKey);
signer.update(sign_string.getBytes());
byte[] signed = signer.sign();
return new String(Base64Util.encode(signed));
} catch (Exception e) {
return "err";
}
}
/**
* 签名
*/
private void testSign() {
//私钥地址
PrivateKey privateKey = readPrivateKey("/uri");
//
String secretId = "";
String timestamp = Math.round(System.currentTimeMillis() / 1000.0) + "";
String nonce = Math.random() + "";
String sign_string = secretId + "," + timestamp + "," + nonce;
String signature = signature(privateKey, sign_string);
}
/**
* 验证结果
*/
private void testVerify() {
//返回的结果
String response = "";
//验证返回值
//response
JSONObject jsonObject = JSONObject.fromObject(response);
String result_json = jsonObject.getString("json");
String code = JSONObject.fromObject(result_json).getString("code");
String message = JSONObject.fromObject(result_json).getString("message");
if (Integer.valueOf(code) == 0) {
String result_signature = jsonObject.getString("signature");
// 进行验证
boolean verify = verify(result_signature, result_json);
}
}
public static void main(String[] args) {
SignatureVerify signatureVerify = new SignatureVerify();
//签名
signatureVerify.testSign();
//验证结果
signatureVerify.testVerify();
}
}
package com.tuputech.api.util;
import java.io.UnsupportedEncodingException;
/**
* 加密
* @author soap
*
*/
public class Base64Util {
private static char[] base64EncodeChars = new char[] {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
'w', 'x', 'y', 'z', '0', '1', '2', '3',
'4', '5', '6', '7', '8', '9', '+', '/' };
private static byte[] base64DecodeChars = new byte[] {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1 };
public static String encode(byte[] data) {
StringBuffer sb = new StringBuffer();
int len = data.length;
int i = 0;
int b1, b2, b3;
while (i < len) {
b1 = data[i++] & 0xff;
if (i == len)
{
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[(b1 & 0x3) << 4]);
sb.append("==");
break;
}
b2 = data[i++] & 0xff;
if (i == len)
{
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[(b2 & 0x0f) << 2]);
sb.append("=");
break;
}
b3 = data[i++] & 0xff;
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[((b2 & 0x0f) << 2) | ((b3 & 0xc0) >>> 6)]);
sb.append(base64EncodeChars[b3 & 0x3f]);
}
return sb.toString();
}
public static byte[] decode(String str) throws UnsupportedEncodingException {
StringBuffer sb = new StringBuffer();
byte[] data = str.getBytes("US-ASCII");
int len = data.length;
int i = 0;
int b1, b2, b3, b4;
while (i < len) {
/* b1 */
do {
b1 = base64DecodeChars[data[i++]];
} while (i < len && b1 == -1);
if (b1 == -1) break;
/* b2 */
do {
b2 = base64DecodeChars[data[i++]];
} while (i < len && b2 == -1);
if (b2 == -1) break;
sb.append((char)((b1 << 2) | ((b2 & 0x30) >>> 4)));
/* b3 */
do {
b3 = data[i++];
if (b3 == 61) return sb.toString().getBytes("ISO-8859-1");
b3 = base64DecodeChars[b3];
} while (i < len && b3 == -1);
if (b3 == -1) break;
sb.append((char)(((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2)));
/* b4 */
do {
b4 = data[i++];
if (b4 == 61) return sb.toString().getBytes("ISO-8859-1");
b4 = base64DecodeChars[b4];
} while (i < len && b4 == -1);
if (b4 == -1) break;
sb.append((char)(((b3 & 0x03) << 6) | b4));
}
return sb.toString().getBytes("ISO-8859-1");
}
}