RSAUtils.java

package cn.wisenergy.chnmuseum.party.common.util;

import javax.crypto.Cipher;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;

/**
 * https://www.jianshu.com/p/62804d9c265c
 */
public final class RSAUtils {

    //加密算法KEY
    private static final String KEY_ALGORITHM = "RSA";
    //密钥长度:512bit/1024bit/2048bit/4096bit
    private static final int KEY_SIZE = 2048;
    //http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html
    //RSA签名算法:对RSA密钥的长度不限制，推荐使用2048位以上
    public static final String SIGNATURE_ALGORITHM_1 = "SHA1WithRSA";
    //RSA2签名算法:强制要求RSA密钥的长度至少为2048
    public static final String SIGNATURE_ALGORITHM_2 = "SHA256WithRSA";
    //密钥格式:PKCS#1/PKCS#8
    public static final String RSA_TYPE = "RSA/ECB/PKCS1Padding";

    private final static String PUBLIC_KEY_NAME = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTVgqPjswjCKU7kjOfZO/jB1Oiz3zrW0kLfjBiRXHnXrm3Br4cgpA78snK/isaVykOBJYL549JkgHqTo17RSdqdS2i0rjzEUtKEotSpoP9XzNxt3ufKSq1MxBU5ZVuJTJ4Juat9RKcgNvhTc5NYMjF7PsBrrqPolgOd9Y5VyMaNRch+3owlDNzck0zWXAWas8KNJuV68ZH6hqu0Lb0QfrWETkm4o3ah7A1ss/UB//XSg0wipMa2em9WI6hUxW87JKR3W63dx89q9aP589UeE5XpamDhr1fglIpzeS/SdA61cY4K5v9v+mGxI3jePc6RSETvwc8P68/XNViSgT+uJAwIDAQAB";
    private final static String PRIVATE_KEY_NAME = "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCxNWCo+OzCMIpTuSM59k7+MHU6LPfOtbSQt+MGJFcedeubcGvhyCkDvyycr+KxpXKQ4Elgvnj0mSAepOjXtFJ2p1LaLSuPMRS0oSi1Kmg/1fM3G3e58pKrUzEFTllW4lMngm5q31EpyA2+FNzk1gyMXs+wGuuo+iWA531jlXIxo1FyH7ejCUM3NyTTNZcBZqzwo0m5XrxkfqGq7QtvRB+tYROSbijdqHsDWyz9QH/9dKDTCKkxrZ6b1YjqFTFbzskpHdbrd3Hz2r1o/nz1R4TlelqYOGvV+CUinN5L9J0DrVxjgrm/2/6YbEjeN49zpFIRO/Bzw/rz9c1WJKBP64kDAgMBAAECggEAKf9ohSNZmTw/zE/YVWhWmE+LuNnncQoHXTT3jQEX1JRF3nTqXHw/nC+2tvvIUinP2R4OxereZ7nSrvCObnDCCnTlYefKpwkOyzBWoXkHc/mUxr6vxVYEBK6Ws5c5/SluY7K50IJUjf5no2D2aRWBq9LcjfQTXdzK/p3eTbehdLnHITIilY699lN0CIwPpvNjAIOwYzyoqI7xQ8S5bopl1A1gKK7MN9EQb6aqn7kNSQCkwRq+1dETlZpfl7He4Fc4Q7brEQf7Qzdk2s2ddnlOU8Q4An4A+m2NMow0abe7g1EnVlw4cag0E6/tbC21Hy6Oa/LpZmRMiZU4iuo/PvSYYQKBgQDXJUiM0ILUqGcv6FbKFEu6MjT2JgClK2xiMFv8MKPyDth+XxjhvqV1FKMVNXkdrtR8lw3qnTquaxqor4IQMLsZa775H2zefYuqiOnFD9W4NpjwxG7yWhtbpSgWIQSHXVDO6mIR6Qh0lAUk4AYwjEae1auZgBoM5YsKMxN7PFDUHwKBgQDS2+Jg9GP1j8cmO14J/f+wBqTme1oz4bkES9tGcFapdVdlkPf5ahVH+yDhrgGVCcO2w6sam06WrmxV4H4OV5wl94hr36NC6S2lmIIF9DuX21cZandWI5vJr6umxrlo3f5+tpSC9Ekgd7Yro44+DohlMrUbAFwm6+hSIin210hOnQKBgFMJEr02ZKhK7rhwxb5souWUJxixhiI5ZjVnULk+1KfBzxDHB0VpXVaYxnCTGNG5/kyvyDE6ycEzmTBtvJcfF7cx/J0N4ejlL5h8Cy2BdQ0KFXEnf2KOIGz4i0YvLB5Kh7u0fnFHLXpA/tNCm2D1YvQ+p2IxLNy5YzZmjChOGSwlAoGAYAyTYTDR+8DDqbGvU4PlHazZHrgfzbRLkB5xwvNXNpfh+L0BiBZ/nStSvhqCU/5/rVgSL+uA7/iCFthM84GK+mx4MxNLDiajiWQgDlBDeRgL4+Lwe0d7JnMkELNDL/a3f8bxfXmDegut6tD08WWzUc24W5VdZMlfKVKwpOVJ5a0CgYByPWRuA7yJ+cWkmZl9yMCpNziSJgm7A1TwI9SRpfgx+azrLVSPZAYKzwmpsiOmuD/SSyDS7YE2d4QT/C+jbGlGYa3pGN7XUqmJVPhn9sJzoCHQf5LPbS5cLRC0c0qjFwsOw5hTVa0pPTiyRjF7xKc4yzBotifs4VdhXSH5GurFJg==";
    private final static String SERVICE_PUBLIC_KEY_NAME = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTVgqPjswjCKU7kjOfZO/jB1Oiz3zrW0kLfjBiRXHnXrm3Br4cgpA78snK/isaVykOBJYL549JkgHqTo17RSdqdS2i0rjzEUtKEotSpoP9XzNxt3ufKSq1MxBU5ZVuJTJ4Juat9RKcgNvhTc5NYMjF7PsBrrqPolgOd9Y5VyMaNRch+3owlDNzck0zWXAWas8KNJuV68ZH6hqu0Lb0QfrWETkm4o3ah7A1ss/UB//XSg0wipMa2em9WI6hUxW87JKR3W63dx89q9aP589UeE5XpamDhr1fglIpzeS/SdA61cY4K5v9v+mGxI3jePc6RSETvwc8P68/XNViSgT+uJAwIDAQAB";

    /**
     * 生成公、私钥
     * 根据需要返回String或byte[]类型
     *
     * @return
     */
    public static ArrayList<String> createRSAKeys() {
        ArrayList<String> array = new ArrayList<>();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
            keyPairGenerator.initialize(KEY_SIZE, new SecureRandom());
            KeyPair keyPair = keyPairGenerator.generateKeyPair();

            PublicKey publicKey = keyPair.getPublic();
            PrivateKey privateKey = keyPair.getPrivate();

            //获取公、私钥值
            String publicKeyValue = Base64.getEncoder().encodeToString(publicKey.getEncoded());
            String privateKeyValue = Base64.getEncoder().encodeToString(privateKey.getEncoded());

            //存入
            array.add(publicKeyValue);
            array.add(privateKeyValue);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return array;
    }

    //获取本地RSA公钥
    public static PublicKey getPublicKey() {
        try {
            return getPublicKey(PUBLIC_KEY_NAME);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    //获取本地RSA公钥
    public static String getPublicKeyString() {
        try {
            return PUBLIC_KEY_NAME;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    //获取服务器RSA公钥
    public static PublicKey getServicePublicKey() {
        try {
            return getPublicKey(SERVICE_PUBLIC_KEY_NAME);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    //获取RSA公钥 根据钥匙字段
    public static PublicKey getPublicKey(String key) {
        try {
            byte[] byteKey = Base64.getDecoder().decode(key);
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(byteKey);
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
            return keyFactory.generatePublic(x509EncodedKeySpec);

        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    //获取RSA私钥   根据钥匙字段
    private static PrivateKey getPrivateKey(String key) {
        try {
            byte[] byteKey = Base64.getDecoder().decode(key);
            PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(byteKey);
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);

            return keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        } catch (Exception e) {
            e.printStackTrace();
        }

        return null;
    }

    //本地RSA私钥 签名
    public static String sign(String requestData) {
        String signature = null;
        byte[] signed;
        try {
            PrivateKey privateKey = getPrivateKey(PRIVATE_KEY_NAME);
            Signature Sign = Signature.getInstance(SIGNATURE_ALGORITHM_2);
            Sign.initSign(privateKey);
            Sign.update(requestData.getBytes());
            signed = Sign.sign();
            signature = Base64.getEncoder().encodeToString(signed);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return signature;
    }

    //公钥验证签名   base64签名 signature   签名内容requestData
    public static boolean verifySign(String requestData, String signature) {
        boolean verifySignSuccess = false;
        try {
            PublicKey publicKey = getServicePublicKey();
            Signature verifySign = Signature.getInstance(SIGNATURE_ALGORITHM_2);
            verifySign.initVerify(publicKey);
            verifySign.update(requestData.getBytes());

            verifySignSuccess = verifySign.verify(Base64.getDecoder().decode(signature));
        } catch (Exception e) {
            e.printStackTrace();
        }

        return verifySignSuccess;
    }

    public static String encrypt(String clearText) {
        String encryptedBase64 = "";
        try {
            Key key = getServicePublicKey();
            final Cipher cipher = Cipher.getInstance(RSA_TYPE);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] encryptedBytes = cipher.doFinal(clearText.getBytes(StandardCharsets.UTF_8));
            encryptedBase64 = Base64.getEncoder().encodeToString(encryptedBytes);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return encryptedBase64;
    }

    public static String encrypt(String clearText, String publicKey) {
        String encryptedBase64 = "";
        try {
            Key key = getPublicKey(publicKey);
            final Cipher cipher = Cipher.getInstance(RSA_TYPE);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] encryptedBytes = cipher.doFinal(clearText.getBytes(StandardCharsets.UTF_8));
            encryptedBase64 = Base64.getEncoder().encodeToString(encryptedBytes);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return encryptedBase64;
    }

    public static String decrypt(String encryptedBase64, String privateKey) {
        String decryptedString = "";
        try {
            Key key = getPrivateKey(privateKey);
            final Cipher cipher = Cipher.getInstance(RSA_TYPE);
            cipher.init(Cipher.DECRYPT_MODE, key);
            byte[] encryptedBytes = Base64.getDecoder().decode(encryptedBase64);
            byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
            decryptedString = new String(decryptedBytes);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return decryptedString;
    }

}