saml 数字签名校验 -

sping_

浏览: 7310 次

最近访客更多访客>>

iwg

InJavaWeTrust

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

saml 数字签名校验

博客分类：

java

private String publicKey;
44.    private String privateKey;
45.
46.    @Before
47.    public void setUp() throws Exception {
48.        Map<String, Object> keyMap = RSACoder.initKey();
49.
50.        publicKey = RSACoder.getPublicKey(keyMap);
51.        privateKey = RSACoder.getPrivateKey(keyMap);
52.        System.err.println("公钥: \n\r" + publicKey);
53.        System.err.println("私钥： \n\r" + privateKey);
54.    }
55.
56.    @Test
57.    public void test() throws Exception {
58.        System.err.println("公钥加密——私钥解密");
59.        String inputStr = "abc";
60.        byte[] data = inputStr.getBytes();
61.        byte[] encodedData = RSACoder.encryptByPublicKey(data, publicKey);
62.        byte[] decodedData = RSACoder.decryptByPrivateKey(encodedData, privateKey);
63.
64.        String outputStr = new String(decodedData);
65.        System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
66.        assertEquals(inputStr, outputStr);
67.
68.    }
69.
70.    @Test
71.    public void testSign() throws Exception {
72.        System.err.println("私钥加密——公钥解密");
73.        String inputStr = "sign";
74.        byte[] data = inputStr.getBytes();
75.        byte[] encodedData = RSACoder.encryptByPrivateKey(data, privateKey);
76.        byte[] decodedData = RSACoder.decryptByPublicKey(encodedData, publicKey);
77.
78.        String outputStr = new String(decodedData);
79.        System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
80.        assertEquals(inputStr, outputStr);
81.
82.        System.err.println("私钥签名——公钥验证签名");
83.        // 产生签名
84.        String sign = RSACoder.sign(encodedData, privateKey);
85.        System.err.println("签名:\r" + sign);
86.
87.        // 验证签名
88.        boolean status = RSACoder.verify(encodedData, publicKey, sign);
89.        System.err.println("状态:\r" + status);
90.        assertTrue(status);
91.
92.    }
93.
94.}
95.
96.abstract class RSACoder extends Coder {
97.    public static final String KEY_ALGORITHM = "RSA";
98.    public static final String SIGNATURE_ALGORITHM = "MD5withRSA";
99.
100.    private static final String PUBLIC_KEY = "RSAPublicKey";
101.    private static final String PRIVATE_KEY = "RSAPrivateKey";
102.
103.    /**
104.     * 用私钥对信息生成数字签名
105.     *
106.     * @param data
107.     *            加密数据
108.     * @param privateKey
109.     *            私钥
110.     *
111.     * @return
112.     * @throws Exception
113.     */
114.    public static String sign(byte[] data, String privateKey) throws Exception {
115.        // 解密由base64编码的私钥
116.        byte[] keyBytes = decryptBASE64(privateKey);
117.
118.        // 构造PKCS8EncodedKeySpec对象
119.        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
120.
121.        // KEY_ALGORITHM 指定的加密算法
122.        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
123.
124.        // 取私钥匙对象
125.        PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
126.
127.        // 用私钥对信息生成数字签名
128.        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
129.        signature.initSign(priKey);
130.        signature.update(data);
131.
132.        return encryptBASE64(signature.sign());
133.    }
134.
135.    /**
136.     * 校验数字签名
137.     *
138.     * @param data
139.     *            加密数据
140.     * @param publicKey
141.     *            公钥
142.     * @param sign
143.     *            数字签名
144.     *
145.     * @return 校验成功返回true 失败返回false
146.     * @throws Exception
147.     *
148.     */
149.    public static boolean verify(byte[] data, String publicKey, String sign)
150.            throws Exception {
151.
152.        // 解密由base64编码的公钥
153.        byte[] keyBytes = decryptBASE64(publicKey);
154.
155.        // 构造X509EncodedKeySpec对象
156.        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
157.
158.        // KEY_ALGORITHM 指定的加密算法
159.        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
160.
161.        // 取公钥匙对象
162.        PublicKey pubKey = keyFactory.generatePublic(keySpec);
163.
164.        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
165.        signature.initVerify(pubKey);
166.        signature.update(data);
167.
168.        // 验证签名是否正常
169.        return signature.verify(decryptBASE64(sign));
170.    }
171.
172.    /**
173.     * 解密<br>
174.     * 用私钥解密 http://www.5a520.cn http://www.feng123.com
175.     *
176.     * @param data
177.     * @param key
178.     * @return
179.     * @throws Exception
180.     */
181.    public static byte[] decryptByPrivateKey(byte[] data, String key)
182.            throws Exception {
183.        // 对密钥解密
184.        byte[] keyBytes = decryptBASE64(key);
185.
186.        // 取得私钥
187.        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
188.        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
189.        Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
190.
191.        // 对数据解密
192.        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
193.        cipher.init(Cipher.DECRYPT_MODE, privateKey);
194.
195.        return cipher.doFinal(data);
196.    }
197.
198.    /**
199.     * 解密<br>
200.     * 用私钥解密
201.     *
202.     * @param data
203.     * @param key
204.     * @return
205.     * @throws Exception
206.     */
207.    public static byte[] decryptByPublicKey(byte[] data, String key)
208.            throws Exception {
209.        // 对密钥解密
210.        byte[] keyBytes = decryptBASE64(key);
211.
212.        // 取得公钥
213.        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
214.        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
215.        Key publicKey = keyFactory.generatePublic(x509KeySpec);
216.
217.        // 对数据解密
218.        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
219.        cipher.init(Cipher.DECRYPT_MODE, publicKey);
220.
221.        return cipher.doFinal(data);
222.    }
223.
224.    /**
225.     * 加密<br>
226.     * 用公钥加密
227.     *
228.     * @param data
229.     * @param key
230.     * @return
231.     * @throws Exception
232.     */
233.    public static byte[] encryptByPublicKey(byte[] data, String key)
234.            throws Exception {
235.        // 对公钥解密
236.        byte[] keyBytes = decryptBASE64(key);
237.
238.        // 取得公钥
239.        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
240.        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
241.        Key publicKey = keyFactory.generatePublic(x509KeySpec);
242.
243.        // 对数据加密
244.        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
245.        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
246.
247.        return cipher.doFinal(data);
248.    }
249.
250.    /**
251.     * 加密<br>
252.     * 用私钥加密
253.     *
254.     * @param data
255.     * @param key
256.     * @return
257.     * @throws Exception
258.     */
259.    public static byte[] encryptByPrivateKey(byte[] data, String key)
260.            throws Exception {
261.        // 对密钥解密
262.        byte[] keyBytes = decryptBASE64(key);
263.
264.        // 取得私钥
265.        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
266.        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
267.        Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
268.
269.        // 对数据加密
270.        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
271.        cipher.init(Cipher.ENCRYPT_MODE, privateKey);
272.
273.        return cipher.doFinal(data);
274.    }
275.
276.    /**
277.     * 取得私钥
278.     *
279.     * @param keyMap
280.     * @return
281.     * @throws Exception
282.     */
283.    public static String getPrivateKey(Map<String, Object> keyMap)
284.            throws Exception {
285.        Key key = (Key) keyMap.get(PRIVATE_KEY);
286.
287.        return encryptBASE64(key.getEncoded());
288.    }
289.
290.    /**
291.     * 取得公钥
292.     *
293.     * @param keyMap
294.     * @return
295.     * @throws Exception
296.     */
297.    public static String getPublicKey(Map<String, Object> keyMap)
298.            throws Exception {
299.        Key key = (Key) keyMap.get(PUBLIC_KEY);
300.
301.        return encryptBASE64(key.getEncoded());
302.    }
303.
304.    /**
305.     * 初始化密钥
306.     *
307.     * @return
308.     * @throws Exception
309.     */
310.    public static Map<String, Object> initKey() throws Exception {
311.        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
312.        keyPairGen.initialize(1024);
313.
314.        KeyPair keyPair = keyPairGen.generateKeyPair();
315.
316.        // 公钥
317.        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
318.
319.        // 私钥
320.        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
321.
322.        Map<String, Object> keyMap = new HashMap<String, Object>(2);
323.
324.        keyMap.put(PUBLIC_KEY, publicKey);
325.        keyMap.put(PRIVATE_KEY, privateKey);
326.        return keyMap;
327.    }
328.}

示例2
【例：校验数字签名】

    /**
    * @(#) VerifySign.java
    */
    import java.io.*;
    import java.security.*;
    import java.security.spec.*;
    class VerifySign{
    public static void main(String[] args){
    if (args.length != 3){
        System.out.println(
        "Usage: VerifySign
        ");
        System.out.println("Options:");
        System.out.println(":The file name of the public key.");
        System.out.println(": The file name that want to signature.");
        System.out.println(": The file name containing signature data.");
        System.out.println("Examples:");
        System.out.println("   java Verifysign Publickey-my info.txt Sign-my");
        System.exit(0);
    }
    try{
        //从文件得到编码公钥字节
        FileInputStream fileIn = new FileInputStream(args[0]);
        //已编码的公钥字节
        byte[] encodedpubkey = new byte[fileIn.available()];
        fileIn.read(encodedpubkey);
        fileIn.close();
        //用编码公钥字节创建一个X509EncodedkeySpec对象
        X509EncodedkeySpec pubkeySpec =
        new X509ExcodedkeySpec(encodedpubkey);
        //使用DSA算法创建一个keyFactory对象
        keyFactory keyFactory = keyFactory.getInstance("DSA");
        //用公钥规范生成一个公钥对象
        PublicKey pubkey = keyFactory.generatePublic(pubkeySpec);
        //从文件中得到数字签名
        FileInputStream sigStream = new FileInputStream(args[2]);
        Byte[] signature = new byte[sigStream.available()];
        SigStream.read(signature);
        SigStream.close();
        //创建数字签名对象
        Signature sigObj = Signature.getInstance("SHAlwithDSA");
        //初始化Signature对象,以便用公钥检验
        sigObj.initVerify(pubkey);
        foleIn = new FoleInputStream(args[1]);
        byte b;
        while (fileIn.available() != 0){
            b = (byte) fileIn.read();
            sigObj.update(b);
        };
        fileIn.close();
        Boolean verifies = sigObj.verify(signature);
        System.out.puintln("sognature verifies:" + verifies);
    }catch (Exception e) {System.err.puintln("" + e);
        }
    }
    }