美文网首页
从PFX文件中获取私钥、公钥证书、公钥

从PFX文件中获取私钥、公钥证书、公钥

作者: 柳岸花开 | 来源:发表于2017-11-30 16:20 被阅读1253次

    该类具体功能:根据pfx证书得到私钥、根据私钥字节数组获取私钥对象、根据公钥字节数组获取公钥、根据pfx证书获取证书对象,根据私钥、公钥证书、密码生成pkcs12,根据私钥、公钥证书、密钥,合成为pfx文件,依赖工具包:commons-io

    import org.apache.commons.codec.binary.Base64;
    import org.apache.commons.io.FileUtils;

    import java.io.ByteArrayInputStream;
    import java.io.ByteArrayOutputStream;
    import java.io.File;
    import java.security.KeyFactory;
    import java.security.KeyStore;
    import java.security.PrivateKey;
    import java.security.PublicKey;
    import java.security.cert.Certificate;
    import java.security.cert.X509Certificate;
    import java.security.spec.PKCS8EncodedKeySpec;
    import java.security.spec.X509EncodedKeySpec;
    import java.util.Enumeration;

    /**

    • Created by ssl on 2017/9/5.
      */
      public class PFXUtil {

      /**

      • 获取RSA算法的keyFactory
      • @return
        */
        private static KeyFactory getKeyFactory() throws Exception {
        return getKeyFactory("RSA");
        }

      /**

      • 获取指定算法的keyFactory
      • @param algorithm
      • @return
        */
        private static KeyFactory getKeyFactory(String algorithm) throws Exception {
        KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
        return keyFactory;
        }

      /**

      • 根据pfx证书获取keyStore
      • @param pfxData
      • @param password
      • @return
      • @throws Exception
        */
        private static KeyStore getKeyStore(byte[] pfxData, String password) throws Exception {
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(new ByteArrayInputStream(pfxData), password.toCharArray());
        return keystore;
        }

      /**

      • 根据pfx证书得到私钥
      • @param pfxData
      • @param password
      • @throws Exception
        */
        public static PrivateKey getPrivateKeyByPfx(byte[] pfxData, String password) throws Exception {
        PrivateKey privateKey = null;
        KeyStore keystore = getKeyStore(pfxData, password);
        Enumeration<String> enums = keystore.aliases();
        String keyAlias = "";
        while (enums.hasMoreElements()) {
        keyAlias = enums.nextElement();
        if (keystore.isKeyEntry(keyAlias)) {
        privateKey = (PrivateKey) keystore.getKey(keyAlias, password.toCharArray());
        }
        }
        return privateKey;
        }

      /**

      • 根据pfx证书得到私钥
      • @param pfxPath
      • @param password
      • @return
      • @throws Exception
        */
        public static PrivateKey getPrivateKeyByPfx(String pfxPath, String password) throws Exception {
        File pfxFile = new File(pfxPath);
        return getPrivateKeyByPfx(FileUtils.readFileToByteArray(pfxFile), password);
        }

      /**

      • 根据私钥字节数组获取私钥对象
      • @param privateKeyByte
      • @return
      • @throws Exception
        */
        public static PrivateKey getPrivateKey(byte[] privateKeyByte) throws Exception {
        PrivateKey privateKey = null;
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyByte);
        KeyFactory keyFactory = getKeyFactory();
        privateKey = keyFactory.generatePrivate(keySpec);
        return privateKey;
        }

      /**

      • 根据私钥Base64字符串获取私钥对象
      • @param privateKeyStr
      • @return
      • @throws Exception
        */
        public static PrivateKey getPrivateKey(String privateKeyStr) throws Exception {
        byte[] privateKeyByte = Base64.decodeBase64(privateKeyStr);
        return getPrivateKey(privateKeyByte);
        }

      /**

      • 根据公钥字节数组获取公钥
      • @param publicKeyByte 公钥字节数组
      • @return
      • @throws Exception
        */
        public static PublicKey getPublicKey(byte[] publicKeyByte) throws Exception {
        PublicKey publicKey = null;
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyByte);
        KeyFactory keyFactory = getKeyFactory();
        publicKey = keyFactory.generatePublic(keySpec);
        return publicKey;
        }

      /**

      • 根据公钥base64字符串获取公钥
      • @param publicKeyStr Base64编码后的公钥字节数组
      • @return
      • @throws Exception
        */
        public static PublicKey getPublicKey(String publicKeyStr) throws Exception {
        byte[] publicKeyByte = Base64.decodeBase64(publicKeyStr);
        return getPublicKey(publicKeyByte);
        }

      /**

      • 根据pfx证书获取证书对象
      • @param pfxData pfx的字节数组
      • @param password pfx证书密码
      • @return
      • @throws Exception
        */
        public static X509Certificate getX509Certificate(byte[] pfxData, String password) throws Exception {
        X509Certificate x509Certificate = null;
        KeyStore keystore = getKeyStore(pfxData, password);
        Enumeration<String> enums = keystore.aliases();
        String keyAlias = "";
        while (enums.hasMoreElements()) {
        keyAlias = enums.nextElement();
        if (keystore.isKeyEntry(keyAlias)) {
        x509Certificate = (X509Certificate) keystore.getCertificate(keyAlias);
        }
        }
        return x509Certificate;
        }

      /**

      • 根据pfx证书获取证书对象
      • @param pfxPath pfx证书路径
      • @param password pfx证书密码
      • @return
      • @throws Exception
        */
        public static X509Certificate getX509Certificate(String pfxPath, String password) throws Exception {
        File pfxFile = new File(pfxPath);
        return getX509Certificate(FileUtils.readFileToByteArray(pfxFile), password);
        }

      //生成pkcs12

      /**

      • 根据私钥、公钥证书、密码生成pkcs12
      • @param privateKey 私钥
      • @param x509Certificate 公钥证书
      • @param password 需要设置的密钥
      • @return
      • @throws Exception
        */
        public static byte[] generatorPkcx12(PrivateKey privateKey, X509Certificate x509Certificate, String password)
        throws Exception {
        Certificate[] chain = {x509Certificate};
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(null, password.toCharArray());
        keystore.setKeyEntry(x509Certificate.getSerialNumber().toString(), privateKey, password.toCharArray(), chain);
        ByteArrayOutputStream bytesos = new ByteArrayOutputStream();
        keystore.store(bytesos, password.toCharArray());
        byte[] bytes = bytesos.toByteArray();
        return bytes;
        }

      //合成pfx

      /**

      • 根据私钥、公钥证书、密钥,保存为pfx文件
      • @param privateKey 私钥
      • @param x509Certificate 公钥证书
      • @param password 打开pfx的密钥
      • @param saveFile 保存的文件
      • @return
      • @throws Exception
        */
        public static String generatorPFX(PrivateKey privateKey, X509Certificate x509Certificate, String password, File
        saveFile) throws Exception {
        //判断文件是否存在
        if (!saveFile.exists()) {
        //判断文件的目录是否存在
        if (!saveFile.getParentFile().exists()) {
        saveFile.getParentFile().mkdirs();
        }
        saveFile.createNewFile();
        }
        byte[] pkcs12Byte = generatorPkcx12(privateKey, x509Certificate, password);
        FileUtils.writeByteArrayToFile(saveFile, pkcs12Byte);
        return saveFile.getPath();
        }

      public static void main(String[] args) throws Exception {
      String pfxPath = "C:\Users\49383\Desktop\文件\国新测试证书-1.pfx";
      String password = "1";
      //私钥:pfx文件中获取私钥对象
      PrivateKey privateKey = getPrivateKeyByPfx(pfxPath, password);
      byte[] privateKeyByte = privateKey.getEncoded();
      String privateKeyStr = Base64.encodeBase64String(privateKeyByte);
      System.out.println("私钥Base64字符串:" + privateKeyStr);
      //=====私钥Base64字符串转私钥对象
      PrivateKey privateKey2 = getPrivateKey(privateKeyStr);
      System.out.println("私钥Base64字符串2:" + Base64.encodeBase64String(privateKey2.getEncoded()));
      //证书:从pfx文件中获取证书对象
      X509Certificate certificate = getX509Certificate(pfxPath, password);
      System.out.println("证书主题:" + certificate.getSubjectDN().getName());
      String publicKeyStr = Base64.encodeBase64String(certificate.getPublicKey().getEncoded());
      System.out.println("公钥Base64字符串:" + publicKeyStr);
      //=====根据公钥Base64字符串获取公钥对象
      System.out.println("公钥Base64字符串2:" + Base64.encodeBase64String(getPublicKey(publicKeyStr).getEncoded()));
      //PFX:合成pfx(需要私钥、公钥证书)
      String savePath = generatorPFX(privateKey, certificate, "1", new File
      ("C:\Users\49383\Desktop\文件\009\009.pfx"));
      System.out.println(savePath);
      }
      }

    import com.itrus.cryptorole.Sender;
    import com.itrus.cryptorole.bc.RecipientBcImpl;
    import com.itrus.cryptorole.bc.SenderBcImpl;
    import com.itrus.util.Base64;
    import com.itrusign.util.DateUtils;
    import com.szitrus.ssp.common.exception.ServiceException;
    import com.szitrus.ssp.common.page.Pager;
    import com.szitrus.ssp.dao.SignatureMapper;
    import com.szitrus.ssp.model.Signature;
    import com.szitrus.ssp.model.SignatureExample;
    import com.szitrus.ssp.service.SignatureService;
    import org.apache.commons.lang3.StringUtils;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.stereotype.Service;

    import java.security.PrivateKey;
    import java.security.cert.X509Certificate;
    import java.text.ParseException;
    import java.util.Date;
    import java.util.List;
    import java.util.Map;

    /**

    • 描述:签名功能实现

    • @author ssl

    • @create 2017/11/21 9:39
      /
      @Service
      public class SignatureServiceImpl implements SignatureService {
      private Logger logger = LoggerFactory.getLogger(this.getClass());
      /
      *

      • P1签名方式
        /
        public static final String PKCS1 = "PKCS1";
        /
        *
      • 包括原文,也包含签名者数字证书的pkcs7签名值
        /
        public static final String PKCS7_ATTACH = "PKCS7_ATTACH";
        /
        *
      • 返回值格式为BASE64编码的PKCS7,包含签名者证书
        */
        public static final String PKCS7_DETACH = "PKCS7_DETACH";

      @Autowired
      private SignatureMapper signatureMapper;

      @Override
      public Signature insertSelective(Signature signature) {
      signatureMapper.insertSelective(signature);
      return signature;
      }

      @Override
      public byte[] sign(PrivateKey privateKey, X509Certificate x509Certificate, String signType, String plaintext)
      throws ServiceException {
      Sender sender = new SenderBcImpl();
      byte[] bytes = null;
      try {
      sender.initCertWithKey(privateKey, x509Certificate);
      if (signType.equalsIgnoreCase(PKCS1)) {
      /** p1签名 /
      bytes = sender.doSign(plaintext.getBytes("utf-8"));
      } else if (signType.equalsIgnoreCase(PKCS7_ATTACH)) {
      /
      * p7 attach签名 /
      bytes = sender.signMessageIncludeOriginal(plaintext.getBytes("utf-8"));
      } else if (signType.equalsIgnoreCase(PKCS7_DETACH)) {
      /
      * p7 detach签名 /
      bytes = sender.signMessage(plaintext.getBytes("utf-8"));
      } else {
      logger.error("不支持的签名模式,signType:{}", signType);
      throw new ServiceException("500", "仅支持PKCS1、PKCS7_ATTACH、PKCS7_DETACH方式签名,signType:" + signType +
      "暂不支持.");
      }
      } catch (Exception e) {
      e.printStackTrace();
      throw new ServiceException("500", e.getMessage());
      }
      /
      * 保存签名记录 */
      return bytes;
      }

      @Override
      public X509Certificate verify(X509Certificate signer, String singType, String plaintext, String signature) throws
      ServiceException {
      X509Certificate x509Certificate = null;
      RecipientBcImpl recipient = new RecipientBcImpl();
      try {
      if (singType.equalsIgnoreCase(PKCS1)) {
      if (null == signer) {
      throw new ServiceException("500", "验签失败,PKCS1签名值验签时请提交公钥证书.");
      }
      boolean flag = recipient.doVerify(plaintext.getBytes("utf-8"), Base64.decode(signature),
      signer,
      null);
      if (flag) {
      x509Certificate = signer;
      }
      } else if (singType.equalsIgnoreCase(PKCS7_ATTACH)) {
      x509Certificate = recipient.verifySignatureIncludeOriginal(Base64.decode(signature));
      } else if (singType.equalsIgnoreCase(PKCS7_DETACH)) {
      x509Certificate = recipient.verifySignature(plaintext, signature);
      } else {
      logger.error("不支持的验签模式,signType:{}", singType);
      throw new ServiceException("500", "不支持的验签模式,signType:" + singType);
      }
      } catch (Exception e) {
      logger.error("验签出错", e);
      throw new ServiceException("500", "验签出错," + e.getMessage());
      }
      return x509Certificate;
      }

      @Override
      public Pager<Signature> selectByPager(Integer offset, Integer size, Map<String, String> parameterMap) {
      SignatureExample example = new SignatureExample();
      SignatureExample.Criteria criteria = example.or();
      criteria.andDeletedEqualTo(false);
      /** 查询条件 */
      if (StringUtils.isNotBlank(parameterMap.get("keywords"))) {
      criteria.andPlaintextLike("%" + parameterMap.get("keywords") + "%");
      }
      String startDateStr = parameterMap.get("startDate");
      if (StringUtils.isNotBlank(startDateStr)) {
      try {
      Date startDate = DateUtils.parseDate(startDateStr, "yyyy-MM-dd");
      criteria.andCreationDateGreaterThanOrEqualTo(startDate);
      } catch (ParseException e) {
      logger.error("日期转换出错", e);
      }
      }

       String endDateStr = parameterMap.get("endDate");
       if (StringUtils.isNotBlank(endDateStr)) {
           try {
               Date endDate = DateUtils.parseDate(endDateStr, "yyyy-MM-dd");
               criteria.andCreationDateLessThanOrEqualTo(endDate);
           } catch (ParseException e) {
               logger.error("日期转换出错", e);
           }
       }
       Integer count = signatureMapper.countByExample(example);
       example.setOffset(offset);
       example.setLimit(size);
       List<Signature> signatures = signatureMapper.selectByExample(example);
       return new Pager<Signature>(offset, size, count, signatures);
      

      }

      @Override
      public Signature selectByPrimaryKey(long id) {
      return signatureMapper.selectByPrimaryKey(id);
      }
      }

    相关文章

      网友评论

          本文标题:从PFX文件中获取私钥、公钥证书、公钥

          本文链接:https://www.haomeiwen.com/subject/vwgvbxtx.html