java解析证书具有两种方式,
1.为证书的标准格式,java通过jdk进行对标准证书进行base64解密转换、解析,由于网上对于该方式的描述较多,本文不做过多描述。
2.第二种方式为java去除了开头的“-----BEGIN CERTIFICATE-----”以及中间的“/n”末尾的“-----END CERTIFICATE-----”
备注:第一种方式可通过代码处理去除证书文件的分隔符以及开头结尾标识转为第二种情况
只剩下了内容。
public static PublicKey verify_cert(String caPath,String userBase64,String userName) throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
Security.addProvider(new BouncyCastleProvider());
// 读取 ca 证书 文件,获取证书的 公钥
String certString = readFile(new File(caPath));
String replace = certString.replace("-----BEGIN CERTIFICATE-----", "")
.replaceAll(System.lineSeparator(), "")
.replace("-----END CERTIFICATE-----", "");
BASE64Decoder decoder = new BASE64Decoder();
byte[] cetba = decoder.decodeBuffer(replace);
InputStream inStream = new ByteArrayInputStream(cetba);
CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
X509Certificate ca_52_cert = (X509Certificate)cf.generateCertificate(inStream);
PublicKey ca_52_publicKey = ca_52_cert.getPublicKey();
// 读取个人证书,获取证书,以及公钥
byte[] userByte = decoder.decodeBuffer(userBase64);
ByteArrayInputStream fis_ra = new ByteArrayInputStream(userByte);
X509Certificate user_52_cert = (X509Certificate)cf.generateCertificate(fis_ra);
PublicKey user_52_certPublicKey = user_52_cert.getPublicKey();
return user_52_certPublicKey;
}
java支持pksc8格式的私钥文件读取,把拿到的pksc1格式私钥转换为pksc8格式
证书私钥文件转换
1.openssl
2.pkcs8 -topk8 -inform PEM -in ca.key -outform pem -nocrypt -out pkcs8_ca_test.key
读取私钥获得转为私钥对象
/**
* 从私钥文件当中读取私钥文件
* @param file
* @return
* @throws IOException
*/
public static String readFile(File file) throws IOException {
InputStream in = null;
ByteArrayOutputStream out = null;
try {
in = new FileInputStream(file);
out = new ByteArrayOutputStream();
byte[] buf = new byte[1024];
int len = -1;
while ((len = in.read(buf)) != -1) {
out.write(buf, 0, len);
}
out.flush();
byte[] data = out.toByteArray();
return new String(data);
} finally {
out.close();
in.close();
}
}
/**
* 通过私钥文件读取加载为私钥对象
* @param replace 去除私钥格式后的cks8字符串
*/
public static PrivateKey get( String replace) throws Exception {
// byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
BASE64Decoder decoder = new BASE64Decoder();
byte[] cetba = decoder.decodeBuffer(replace);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(cetba);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}
/**
* 用公钥解密
* @param privateDataBase64 密文
* @param publicKey 公钥
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(String privateDataBase64, PublicKey publicKey) throws Exception {
byte[] privateDataBytes = decryptBASE64(privateDataBase64);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(privateDataBytes);
}
/**
* 用私钥加密
* @param data 明文
* @param privateKey 私钥
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
public static byte[] decryptBASE64(String key) throws Exception {
return (new BASE64Decoder()).decodeBuffer(key);
}
public static String encryptBASE64(byte[] key) throws Exception {
return (new BASE64Encoder()).encodeBuffer(key);
}
精彩内容
您阅读本篇文章共花了:
发表评论