importjava.io.FileInputStream;importjava.io.InputStream;importjava.security.KeyStore;importjava.security.PrivateKey;importjava.security.Provider;importjava.security.Security;importjava.security.cert.Certificate;importjava.security.cert.CertificateFactory;importjava.security.cert.X509Certificate;importjava.util.ArrayList;importjava.util.Collection;importjava.util.Iterator;importjava.util.List;importorg.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;importorg.bouncycastle.cert.X509CertificateHolder;importorg.bouncycastle.cert.jcajce.JcaCertStore;importorg.bouncycastle.cms.CMSEnvelopedData;importorg.bouncycastle.cms.CMSEnvelopedDataGenerator;importorg.bouncycastle.cms.CMSProcessableByteArray;importorg.bouncycastle.cms.CMSSignedData;importorg.bouncycastle.cms.CMSSignedDataGenerator;importorg.bouncycastle.cms.CMSTypedData;importorg.bouncycastle.cms.RecipientInformation;importorg.bouncycastle.cms.RecipientInformationStore;importorg.bouncycastle.cms.SignerInformation;importorg.bouncycastle.cms.SignerInformationStore;importorg.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;importorg.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;importorg.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;importorg.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;importorg.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;importorg.bouncycastle.jce.provider.BouncyCastleProvider;importorg.bouncycastle.operator.ContentSigner;importorg.bouncycastle.operator.jcajce.JcaContentSignerBuilder;importorg.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;importorg.bouncycastle.util.Store;importorg.bouncycastle.util.encoders.Base64;public classMessageUtil {private String ksType = "PKCS12";/*** 生成数字签名
*@paramsrcMsg 源信息
*@paramcharSet 字符编码
*@paramcertPath 证书路径
*@paramcertPwd 证书密码
*@return
*/
public byte[] signMessage(String srcMsg, String charSet, String certPath, String certPwd) {
String priKeyName= null;char passphrase[] =certPwd.toCharArray();try{
Provider provider= newBouncyCastleProvider();//添加BouncyCastle作为安全提供
Security.addProvider(provider);//加载证书
KeyStore ks =KeyStore.getInstance(ksType);
ks.load(newFileInputStream(certPath), passphrase);if(ks.aliases().hasMoreElements()) {
priKeyName=ks.aliases().nextElement();
}
Certificate cert=(Certificate) ks.getCertificate(priKeyName);//获取私钥
PrivateKey prikey =(PrivateKey) ks.getKey(priKeyName, passphrase);
X509Certificate cerx509=(X509Certificate) cert;
List certList = new ArrayList();
certList.add(cerx509);
CMSTypedData msg= (CMSTypedData) newCMSProcessableByteArray(
srcMsg.getBytes(charSet));
Store certs= newJcaCertStore(certList);
CMSSignedDataGenerator gen= newCMSSignedDataGenerator();
ContentSigner sha1Signer= newJcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(prikey);
gen.addSignerInfoGenerator(newJcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC")
.build()).build(sha1Signer, cerx509));
gen.addCertificates(certs);
CMSSignedData sigData= gen.generate(msg, true);returnBase64.encode(sigData.getEncoded());
}catch(Exception e) {
e.printStackTrace();return null;
}
}/*** 验证数字签名
*@paramsignedData
*@return
*/
public boolean signedDataVerify(byte[] signedData) {boolean verifyRet = true;try{//新建PKCS#7签名数据处理对象
CMSSignedData sign = newCMSSignedData(signedData);//添加BouncyCastle作为安全提供
Security.addProvider(neworg.bouncycastle.jce.provider.BouncyCastleProvider());//获得证书信息
Store certs =sign.getCertificates();//获得签名者信息
SignerInformationStore signers =sign.getSignerInfos();
Collection c=signers.getSigners();
Iterator it=c.iterator();//当有多个签名者信息时需要全部验证
while(it.hasNext()) {
SignerInformation signer=(SignerInformation) it.next();//证书链
Collection certCollection =certs.getMatches(signer.getSID());
Iterator certIt=certCollection.iterator();
X509CertificateHolder cert=(X509CertificateHolder) certIt
.next();//验证数字签名
if (signer.verify(newJcaSimpleSignerInfoVerifierBuilder()
.setProvider("BC").build(cert))) {
verifyRet= true;
}else{
verifyRet= false;
}
}
}catch(Exception e) {
verifyRet= false;
e.printStackTrace();
System.out.println("验证数字签名失败");
}returnverifyRet;
}/*** 加密数据
*@paramsrcMsg 源信息
*@paramcertPath 证书路径
*@paramcharSet 字符编码
*@return*@throwsException*/
public String envelopeMessage(String srcMsg, String certPath, String charSet) throwsException {
CertificateFactory certificatefactory;
X509Certificate cert;//使用公钥对对称密钥进行加密//若此处不加参数 "BC" 会报异常:CertificateException -
certificatefactory = CertificateFactory.getInstance("X.509", "BC");//读取.crt文件;你可以读取绝对路径文件下的crt,返回一个InputStream(或其子类)即可。
InputStream bais = newFileInputStream(certPath);
cert=(X509Certificate) certificatefactory.generateCertificate(bais);//添加数字信封
CMSTypedData msg = newCMSProcessableByteArray(srcMsg.getBytes(charSet));
CMSEnvelopedDataGenerator edGen= newCMSEnvelopedDataGenerator();
edGen.addRecipientInfoGenerator(newJceKeyTransRecipientInfoGenerator(
cert).setProvider("BC"));
CMSEnvelopedData ed=edGen.generate(msg,newJceCMSContentEncryptorBuilder(PKCSObjectIdentifiers.rc4)
.setProvider("BC").build());
String rslt= newString(Base64.encode(ed.getEncoded()));
System.out.println(rslt);returnrslt;
}/*** 解密数据
*@paramencode 加密后的密文
*@paramcertPath 证书路径
*@paramcertPwd 证书密码
*@paramcharSet 字符编码
*@return*@throwsException*/
public String openEnvelope(String encode, String certPath, String certPwd, String charSet) throwsException {//获取密文
CMSEnvelopedData ed = newCMSEnvelopedData(Base64.decode(encode.getBytes()));
RecipientInformationStore recipients=ed.getRecipientInfos();
Collection c=recipients.getRecipients();
Iterator it=c.iterator();//加载证书
KeyStore ks =KeyStore.getInstance(ksType);
ks.load(newFileInputStream(certPath), certPwd.toCharArray());
String priKeyName= null;if(ks.aliases().hasMoreElements()) {
priKeyName=ks.aliases().nextElement();
}//获取私钥
PrivateKey prikey =(PrivateKey) ks.getKey(priKeyName, certPwd.toCharArray());byte[] recData = null;//解密
if(it.hasNext()) {
RecipientInformation recipient=(RecipientInformation) it.next();
recData= recipient.getContent(newJceKeyTransEnvelopedRecipient(
prikey).setProvider("BC"));
}return newString(recData, charSet);
}publicMessageUtil() {
Security.addProvider(neworg.bouncycastle.jce.provider.BouncyCastleProvider());
}
}