从PFX文件中获取私钥、公钥证书、公钥

该类具体功能:根据pfx证书得到私钥、根据私钥字节数组获取私钥对象、根据公钥字节数组获取公钥、根据pfx证书获取证书对象,根据私钥、公钥证书、密码生成pkcs12,根据私钥、公钥证书、密钥,合成为pfx文件,依赖工具包:commons-io

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Enumeration;

/**

  • Created by ssl on 2017/9/5.
    */
    public class PFXUtil {

    /**

    • 获取RSA算法的keyFactory
    • @return
      */
      private static KeyFactory getKeyFactory() throws Exception {
      return getKeyFactory("RSA");
      }

    /**

    • 获取指定算法的keyFactory
    • @param algorithm
    • @return
      */
      private static KeyFactory getKeyFactory(String algorithm) throws Exception {
      KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
      return keyFactory;
      }

    /**

    • 根据pfx证书获取keyStore
    • @param pfxData
    • @param password
    • @return
    • @throws Exception
      */
      private static KeyStore getKeyStore(byte[] pfxData, String password) throws Exception {
      KeyStore keystore = KeyStore.getInstance("PKCS12");
      keystore.load(new ByteArrayInputStream(pfxData), password.toCharArray());
      return keystore;
      }

    /**

    • 根据pfx证书得到私钥
    • @param pfxData
    • @param password
    • @throws Exception
      */
      public static PrivateKey getPrivateKeyByPfx(byte[] pfxData, String password) throws Exception {
      PrivateKey privateKey = null;
      KeyStore keystore = getKeyStore(pfxData, password);
      Enumeration enums = keystore.aliases();
      String keyAlias = "";
      while (enums.hasMoreElements()) {
      keyAlias = enums.nextElement();
      if (keystore.isKeyEntry(keyAlias)) {
      privateKey = (PrivateKey) keystore.getKey(keyAlias, password.toCharArray());
      }
      }
      return privateKey;
      }

    /**

    • 根据pfx证书得到私钥
    • @param pfxPath
    • @param password
    • @return
    • @throws Exception
      */
      public static PrivateKey getPrivateKeyByPfx(String pfxPath, String password) throws Exception {
      File pfxFile = new File(pfxPath);
      return getPrivateKeyByPfx(FileUtils.readFileToByteArray(pfxFile), password);
      }

    /**

    • 根据私钥字节数组获取私钥对象
    • @param privateKeyByte
    • @return
    • @throws Exception
      */
      public static PrivateKey getPrivateKey(byte[] privateKeyByte) throws Exception {
      PrivateKey privateKey = null;
      PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyByte);
      KeyFactory keyFactory = getKeyFactory();
      privateKey = keyFactory.generatePrivate(keySpec);
      return privateKey;
      }

    /**

    • 根据私钥Base64字符串获取私钥对象
    • @param privateKeyStr
    • @return
    • @throws Exception
      */
      public static PrivateKey getPrivateKey(String privateKeyStr) throws Exception {
      byte[] privateKeyByte = Base64.decodeBase64(privateKeyStr);
      return getPrivateKey(privateKeyByte);
      }

    /**

    • 根据公钥字节数组获取公钥
    • @param publicKeyByte 公钥字节数组
    • @return
    • @throws Exception
      */
      public static PublicKey getPublicKey(byte[] publicKeyByte) throws Exception {
      PublicKey publicKey = null;
      X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyByte);
      KeyFactory keyFactory = getKeyFactory();
      publicKey = keyFactory.generatePublic(keySpec);
      return publicKey;
      }

    /**

    • 根据公钥base64字符串获取公钥
    • @param publicKeyStr Base64编码后的公钥字节数组
    • @return
    • @throws Exception
      */
      public static PublicKey getPublicKey(String publicKeyStr) throws Exception {
      byte[] publicKeyByte = Base64.decodeBase64(publicKeyStr);
      return getPublicKey(publicKeyByte);
      }

    /**

    • 根据pfx证书获取证书对象
    • @param pfxData pfx的字节数组
    • @param password pfx证书密码
    • @return
    • @throws Exception
      */
      public static X509Certificate getX509Certificate(byte[] pfxData, String password) throws Exception {
      X509Certificate x509Certificate = null;
      KeyStore keystore = getKeyStore(pfxData, password);
      Enumeration enums = keystore.aliases();
      String keyAlias = "";
      while (enums.hasMoreElements()) {
      keyAlias = enums.nextElement();
      if (keystore.isKeyEntry(keyAlias)) {
      x509Certificate = (X509Certificate) keystore.getCertificate(keyAlias);
      }
      }
      return x509Certificate;
      }

    /**

    • 根据pfx证书获取证书对象
    • @param pfxPath pfx证书路径
    • @param password pfx证书密码
    • @return
    • @throws Exception
      */
      public static X509Certificate getX509Certificate(String pfxPath, String password) throws Exception {
      File pfxFile = new File(pfxPath);
      return getX509Certificate(FileUtils.readFileToByteArray(pfxFile), password);
      }

    //生成pkcs12

    /**

    • 根据私钥、公钥证书、密码生成pkcs12
    • @param privateKey 私钥
    • @param x509Certificate 公钥证书
    • @param password 需要设置的密钥
    • @return
    • @throws Exception
      */
      public static byte[] generatorPkcx12(PrivateKey privateKey, X509Certificate x509Certificate, String password)
      throws Exception {
      Certificate[] chain = {x509Certificate};
      KeyStore keystore = KeyStore.getInstance("PKCS12");
      keystore.load(null, password.toCharArray());
      keystore.setKeyEntry(x509Certificate.getSerialNumber().toString(), privateKey, password.toCharArray(), chain);
      ByteArrayOutputStream bytesos = new ByteArrayOutputStream();
      keystore.store(bytesos, password.toCharArray());
      byte[] bytes = bytesos.toByteArray();
      return bytes;
      }

    //合成pfx

    /**

    • 根据私钥、公钥证书、密钥,保存为pfx文件
    • @param privateKey 私钥
    • @param x509Certificate 公钥证书
    • @param password 打开pfx的密钥
    • @param saveFile 保存的文件
    • @return
    • @throws Exception
      */
      public static String generatorPFX(PrivateKey privateKey, X509Certificate x509Certificate, String password, File
      saveFile) throws Exception {
      //判断文件是否存在
      if (!saveFile.exists()) {
      //判断文件的目录是否存在
      if (!saveFile.getParentFile().exists()) {
      saveFile.getParentFile().mkdirs();
      }
      saveFile.createNewFile();
      }
      byte[] pkcs12Byte = generatorPkcx12(privateKey, x509Certificate, password);
      FileUtils.writeByteArrayToFile(saveFile, pkcs12Byte);
      return saveFile.getPath();
      }

    public static void main(String[] args) throws Exception {
    String pfxPath = "C:\Users\49383\Desktop\文件\国新测试证书-1.pfx";
    String password = "1";
    //私钥:pfx文件中获取私钥对象
    PrivateKey privateKey = getPrivateKeyByPfx(pfxPath, password);
    byte[] privateKeyByte = privateKey.getEncoded();
    String privateKeyStr = Base64.encodeBase64String(privateKeyByte);
    System.out.println("私钥Base64字符串:" + privateKeyStr);
    //=====私钥Base64字符串转私钥对象
    PrivateKey privateKey2 = getPrivateKey(privateKeyStr);
    System.out.println("私钥Base64字符串2:" + Base64.encodeBase64String(privateKey2.getEncoded()));
    //证书:从pfx文件中获取证书对象
    X509Certificate certificate = getX509Certificate(pfxPath, password);
    System.out.println("证书主题:" + certificate.getSubjectDN().getName());
    String publicKeyStr = Base64.encodeBase64String(certificate.getPublicKey().getEncoded());
    System.out.println("公钥Base64字符串:" + publicKeyStr);
    //=====根据公钥Base64字符串获取公钥对象
    System.out.println("公钥Base64字符串2:" + Base64.encodeBase64String(getPublicKey(publicKeyStr).getEncoded()));
    //PFX:合成pfx(需要私钥、公钥证书)
    String savePath = generatorPFX(privateKey, certificate, "1", new File
    ("C:\Users\49383\Desktop\文件\009\009.pfx"));
    System.out.println(savePath);
    }
    }

import com.itrus.cryptorole.Sender;
import com.itrus.cryptorole.bc.RecipientBcImpl;
import com.itrus.cryptorole.bc.SenderBcImpl;
import com.itrus.util.Base64;
import com.itrusign.util.DateUtils;
import com.szitrus.ssp.common.exception.ServiceException;
import com.szitrus.ssp.common.page.Pager;
import com.szitrus.ssp.dao.SignatureMapper;
import com.szitrus.ssp.model.Signature;
import com.szitrus.ssp.model.SignatureExample;
import com.szitrus.ssp.service.SignatureService;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Date;
import java.util.List;
import java.util.Map;

/**

  • 描述:签名功能实现

  • @author ssl

  • @create 2017/11/21 9:39
    /
    @Service
    public class SignatureServiceImpl implements SignatureService {
    private Logger logger = LoggerFactory.getLogger(this.getClass());
    /
    *

    • P1签名方式
      /
      public static final String PKCS1 = "PKCS1";
      /
      *
    • 包括原文,也包含签名者数字证书的pkcs7签名值
      /
      public static final String PKCS7_ATTACH = "PKCS7_ATTACH";
      /
      *
    • 返回值格式为BASE64编码的PKCS7,包含签名者证书
      */
      public static final String PKCS7_DETACH = "PKCS7_DETACH";

    @Autowired
    private SignatureMapper signatureMapper;

    @Override
    public Signature insertSelective(Signature signature) {
    signatureMapper.insertSelective(signature);
    return signature;
    }

    @Override
    public byte[] sign(PrivateKey privateKey, X509Certificate x509Certificate, String signType, String plaintext)
    throws ServiceException {
    Sender sender = new SenderBcImpl();
    byte[] bytes = null;
    try {
    sender.initCertWithKey(privateKey, x509Certificate);
    if (signType.equalsIgnoreCase(PKCS1)) {
    /** p1签名 /
    bytes = sender.doSign(plaintext.getBytes("utf-8"));
    } else if (signType.equalsIgnoreCase(PKCS7_ATTACH)) {
    /
    * p7 attach签名 /
    bytes = sender.signMessageIncludeOriginal(plaintext.getBytes("utf-8"));
    } else if (signType.equalsIgnoreCase(PKCS7_DETACH)) {
    /
    * p7 detach签名 /
    bytes = sender.signMessage(plaintext.getBytes("utf-8"));
    } else {
    logger.error("不支持的签名模式,signType:{}", signType);
    throw new ServiceException("500", "仅支持PKCS1、PKCS7_ATTACH、PKCS7_DETACH方式签名,signType:" + signType +
    "暂不支持.");
    }
    } catch (Exception e) {
    e.printStackTrace();
    throw new ServiceException("500", e.getMessage());
    }
    /
    * 保存签名记录 */
    return bytes;
    }

    @Override
    public X509Certificate verify(X509Certificate signer, String singType, String plaintext, String signature) throws
    ServiceException {
    X509Certificate x509Certificate = null;
    RecipientBcImpl recipient = new RecipientBcImpl();
    try {
    if (singType.equalsIgnoreCase(PKCS1)) {
    if (null == signer) {
    throw new ServiceException("500", "验签失败,PKCS1签名值验签时请提交公钥证书.");
    }
    boolean flag = recipient.doVerify(plaintext.getBytes("utf-8"), Base64.decode(signature),
    signer,
    null);
    if (flag) {
    x509Certificate = signer;
    }
    } else if (singType.equalsIgnoreCase(PKCS7_ATTACH)) {
    x509Certificate = recipient.verifySignatureIncludeOriginal(Base64.decode(signature));
    } else if (singType.equalsIgnoreCase(PKCS7_DETACH)) {
    x509Certificate = recipient.verifySignature(plaintext, signature);
    } else {
    logger.error("不支持的验签模式,signType:{}", singType);
    throw new ServiceException("500", "不支持的验签模式,signType:" + singType);
    }
    } catch (Exception e) {
    logger.error("验签出错", e);
    throw new ServiceException("500", "验签出错," + e.getMessage());
    }
    return x509Certificate;
    }

    @Override
    public Pager selectByPager(Integer offset, Integer size, Map parameterMap) {
    SignatureExample example = new SignatureExample();
    SignatureExample.Criteria criteria = example.or();
    criteria.andDeletedEqualTo(false);
    /** 查询条件 */
    if (StringUtils.isNotBlank(parameterMap.get("keywords"))) {
    criteria.andPlaintextLike("%" + parameterMap.get("keywords") + "%");
    }
    String startDateStr = parameterMap.get("startDate");
    if (StringUtils.isNotBlank(startDateStr)) {
    try {
    Date startDate = DateUtils.parseDate(startDateStr, "yyyy-MM-dd");
    criteria.andCreationDateGreaterThanOrEqualTo(startDate);
    } catch (ParseException e) {
    logger.error("日期转换出错", e);
    }
    }

     String endDateStr = parameterMap.get("endDate");
     if (StringUtils.isNotBlank(endDateStr)) {
         try {
             Date endDate = DateUtils.parseDate(endDateStr, "yyyy-MM-dd");
             criteria.andCreationDateLessThanOrEqualTo(endDate);
         } catch (ParseException e) {
             logger.error("日期转换出错", e);
         }
     }
     Integer count = signatureMapper.countByExample(example);
     example.setOffset(offset);
     example.setLimit(size);
     List signatures = signatureMapper.selectByExample(example);
     return new Pager(offset, size, count, signatures);
    

    }

    @Override
    public Signature selectByPrimaryKey(long id) {
    return signatureMapper.selectByPrimaryKey(id);
    }
    }

你可能感兴趣的:(从PFX文件中获取私钥、公钥证书、公钥)