sso 加密

阅读更多
package com.citi.test; 

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.HashMap;

 
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;


import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
 

public class Crypto {
    
    private File keystoreFile;
    private String keyStoreType;
    private char[] password;
    private String alias;
   
    private static final Crypto instance = new Crypto();
    
        public static Crypto  getInstance() {
            return instance;
        }
        public Crypto(){
                
                if(readPath("C:\\ibm\\WebSphere\\profiles\\GBGCB\\installedApps\\APACCNSHZJW1373Node01Cell\\GBGCB.ear\\GBGCB.war\\WEB-INF\\etc").endsWith("/")){
                	keystoreFile=new File(readPath("C:\\ibm\\WebSphere\\profiles\\GBGCB\\installedApps\\APACCNSHZJW1373Node01Cell\\GBGCB.ear\\GBGCB.war\\WEB-INF\\etc")+readPath("keystore.jks"));
                }else{
                	keystoreFile=new File(readPath("C:\\ibm\\WebSphere\\profiles\\GBGCB\\installedApps\\APACCNSHZJW1373Node01Cell\\GBGCB.ear\\GBGCB.war\\WEB-INF\\etc")+"/"+readPath("keystore.jks"));
                }
            	keyStoreType=readPath("JKS");
            	
            	
            	BASE64Decoder decoder = new BASE64Decoder();
            	String passwordStr ="";
            	try {
            		passwordStr=new String(decoder.decodeBuffer("Q2l0aWJhbmswMQ=="));
				} catch (IOException e) {
				}
            	password=passwordStr.toCharArray();
            	alias=readPath("outkey");
        }
        public static String getSignature(byte []data){

            X509Certificate senderPubCert =null;
            PrivateKey senderPriKey =null;
            String certpath =null;
            
            
            
            try{

                BASE64Encoder m_EncoderBase64 = new BASE64Encoder();
                
                    java.security.Security.addProvider(new  org.bouncycastle.jce.provider.BouncyCastleProvider());
                    	
               
                if ((data == null) || (data.length == 0)) {
                    return null;
                }
                 certpath = new Crypto().readPath("C:\\ibm\\WebSphere\\profiles\\GBGCB\\installedApps\\APACCNSHZJW1373Node01Cell\\GBGCB.ear\\GBGCB.war\\WEB-INF\\etc");
                // Get Vendor Public  Cert
               
                /***** Get Sender Certificate ****/ 
                 Crypto export=new Crypto();

                  HashMap strMap = export.export();
                  if(strMap != null){
                      senderPriKey = (PrivateKey) strMap.get("0");
                      senderPubCert= (X509Certificate) strMap.get("1");
                  }
                byte[] signedData = null;
                if (senderPriKey != null && senderPubCert != null) {
                	Signature rsa = Signature.getInstance("SHA1withRSA", "BC");
                	  rsa.initSign(senderPriKey);
                	  rsa.update(data);
                	  signedData = rsa.sign();
                } 
                else {
                    //  signedData = encryptedData;
                    return null;
                }
                // perform Base64 encoding
                String sBase64Encoded = m_EncoderBase64.encode(signedData);
                sBase64Encoded = sBase64Encoded.replaceAll("\\r", "").replaceAll("\\n", "");  
                

               
                return sBase64Encoded;
            }
            catch (CMSException cmsex) {
                cmsex.printStackTrace();
            }
            catch (Exception ex) {
                ex.printStackTrace();
             }
            
            return null;
        
        }
        
        public static String encryptAndSignData(byte[] data) {
            String sGeneratorType = "RC2_CBC";
            X509Certificate senderPubCert =null;
            PrivateKey senderPriKey =null;
            String certpath =null;
            String vendorcertificate=null;
            
            
            
            try{
                boolean init = false;
                String CRYPTO_PROVIDER_NAME ="BC";
                BASE64Encoder m_EncoderBase64 = new BASE64Encoder();
                        
                // Check if we got not-null parameters
                if (!init){
                    java.security.Security.addProvider(new  org.bouncycastle.jce.provider.BouncyCastleProvider());
                    init = true;
                }
                if ((data == null) || (data.length == 0)) {
                    return null;
                }
                 certpath = new Crypto().readPath("C:\\ibm\\WebSphere\\profiles\\GBGCB\\installedApps\\APACCNSHZJW1373Node01Cell\\GBGCB.ear\\GBGCB.war\\WEB-INF\\etc");
                 
                 vendorcertificate = new Crypto().readPath("vendorcertificate");
                 vendorcertificate = "LPSSO.cer";
                
                // Get Vendor Public  Cert
                 FileInputStream fi=null;
                 if(certpath.endsWith("/")){
                	 fi = new FileInputStream(certpath+vendorcertificate);
                 }else{
                	 fi = new FileInputStream(certpath+"/"+vendorcertificate);
                 }
              
                CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC");
                X509Certificate recipientPubCert= (X509Certificate)certFact.generateCertificate(fi);
    
                if (recipientPubCert == null) {
                    return null;
                }
                /***** Get Sender Certificate ****/ 
                 Crypto export=new Crypto();

                  HashMap strMap = export.export();
                  if(strMap != null){
                      senderPriKey = (PrivateKey) strMap.get("0");
                      senderPubCert= (X509Certificate) strMap.get("1");
                  }
                //***** End of Get Sender Certificate ****//*
                CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
                // add the recipient's public key
                edGen.addKeyTransRecipient(recipientPubCert);
                // generate the enveloped-data object
                CMSProcessable procData = new CMSProcessableByteArray(data);
                sGeneratorType  = CMSEnvelopedDataGenerator.RC2_CBC;
                CMSEnvelopedData envelopedData = edGen.generate(procData, sGeneratorType, CRYPTO_PROVIDER_NAME);
                byte[] encryptedData = envelopedData.getEncoded();
                // sign the enveloped data
                byte[] signedData = null;
                if (senderPriKey != null && senderPubCert != null) {
                    CMSSignedDataGenerator signer = new CMSSignedDataGenerator();
                    signer.addSigner(senderPriKey, senderPubCert, CMSSignedDataGenerator.DIGEST_SHA1);
                    CMSSignedData cmsSignedData = signer.generate(new CMSProcessableByteArray(encryptedData), true, CRYPTO_PROVIDER_NAME);
                } 
                else {
                    //  signedData = encryptedData;
                    return null;
                }
                // perform Base64 encoding
                String sBase64Encoded = m_EncoderBase64.encode(signedData);
                sBase64Encoded = sBase64Encoded.replaceAll("\r\n", "");
                return sBase64Encoded;
            }
            catch (CMSException cmsex) {
                cmsex.printStackTrace();
            }
            catch (Exception ex) {
                ex.printStackTrace();
             }
            
            return null;
        }
           public HashMap export() throws Exception{
                   HashMap strmap = new HashMap();
                   KeyStore keystore=KeyStore.getInstance(keyStoreType);
                   keystore.load(new FileInputStream(keystoreFile),password);
                   PrivateKey senderPK = (PrivateKey)keystore.getKey(alias,password);
                    X509Certificate certificate =(X509Certificate) keystore.getCertificate(alias);
                    strmap.put("0",senderPK);
                    strmap.put("1",certificate);
                    return strmap;
           }
          public String readPath(String pathname){
              java.util.Properties properties = new java.util.Properties();
              String certpath = null;
              try {
                    certpath = pathname;
              }catch (Exception ex) {
                        ex.printStackTrace();
              }
              return certpath;
        }
   
       public static void main(String[] args){
               System.out.println("test");
              String GRBNumber="004195137";
      		String PageID="HomePage";
      		String Initial_Request_timestamp=String.valueOf(System.currentTimeMillis());
      		String ICHANNEL_ID="Default";
      		String postData = "GRBNumber="+GRBNumber+"&PageID="+PageID+"&Initial_Request_timestamp="+Initial_Request_timestamp+"&ICHANNEL_ID="+ICHANNEL_ID;
      		System.out.println(postData);
      		String value = Crypto.getSignature(postData.getBytes());
      		System.out.println(value);
              
          }
    } 

你可能感兴趣的:(java,security,websphere,sun)