Java tutorial
/* * @(#)CtSignature.java 2009-6-30 * * Copyright 2008 LINKAGE, Inc. All rights reserved. * LINKAGE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package com.linkage.crm.csb.sign; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** * com.lianchuang.sso.ct.domain. * SIGNER. * * @author * @version 1.0.0, 2009-7-1 * @since 1.0 */ public final class CtSignature { private static Log logger = LogFactory.getLog(CtSignature.class); /** * . */ private CtSignature() { } /** * . * * @param pwd String * @param alias String * @param priKeyFile * @return Signature */ public static Signature createSignatureForSign(String pwd, String alias, String priKeyFile) { try { logger.debug("keypath=============" + priKeyFile); KeyStore ks = KeyStore.getInstance("JKS"); FileInputStream ksfis = new FileInputStream(priKeyFile); BufferedInputStream ksbufin = new BufferedInputStream(ksfis); char[] kpass = pwd.toCharArray(); ks.load(ksbufin, kpass); PrivateKey priKey = (PrivateKey) ks.getKey(alias, kpass); Signature rsa = Signature.getInstance("SHA1withDSA"); rsa.initSign(priKey); return rsa; } catch (Exception ex) { logger.error("errors appeared while trying to signature", ex); return null; } } /** * . * * @param pubKeyFile String * @return Signature */ public static Signature createSignatureForVerify(String pubKeyFile) { try { CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509"); FileInputStream fin = new FileInputStream(pubKeyFile); X509Certificate certificate = (X509Certificate) certificatefactory.generateCertificate(fin); PublicKey pub = certificate.getPublicKey(); Signature dsa = Signature.getInstance("SHA1withDSA"); dsa.initVerify(pub); return dsa; } catch (Exception ex) { logger.error("errors appeared while trying to verify a signature", ex); return null; } } /** * @param originalText String * @param pwd String * @param alias String * @param priKeyFile * @return String */ public static String signature(String originalText, String pwd, String alias, String priKeyFile) { try { KeyStore ks = KeyStore.getInstance("JKS"); FileInputStream ksfis = new FileInputStream(priKeyFile); BufferedInputStream ksbufin = new BufferedInputStream(ksfis); char[] kpass = pwd.toCharArray(); ks.load(ksbufin, kpass); PrivateKey priKey = (PrivateKey) ks.getKey(alias, kpass); Signature rsa = Signature.getInstance("SHA1withDSA"); rsa.initSign(priKey); rsa.update(originalText.getBytes()); byte[] signedText = rsa.sign(); return HexUtils.toHexString(signedText); } catch (Exception ex) { logger.error("errors appeared while trying to signature", ex); return null; } } /** * . * * @param originalText String * @param signedText String * @param pubKeyFile String * @return boolean */ public static boolean verify(String originalText, String signedText, String pubKeyFile) { try { CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509"); FileInputStream fin = new FileInputStream(pubKeyFile); X509Certificate certificate = (X509Certificate) certificatefactory.generateCertificate(fin); PublicKey pub = certificate.getPublicKey(); Signature dsa = Signature.getInstance("SHA1withDSA"); dsa.initVerify(pub); dsa.update(originalText.getBytes()); return dsa.verify(HexUtils.fromHexString(signedText)); } catch (Exception ex) { logger.error("errors appeared while trying to verify a signature", ex); return false; } } /** * CAP. * * @param cap String CAP * @param pwd String * @param alias String * @param keystorePath * @return String . */ public static String signatureCAP(String cap, String pwd, String alias, String keystorePath) { String priKeyFile = keystorePath.lastIndexOf(File.separator) < keystorePath.length() - 1 ? (keystorePath + File.separator + "uacKeystorer") : (keystorePath + "uacKeystore"); return cap.replaceAll("<DigitalSign/>", "<DigitalSign>" + CtSignature.signature(cap, pwd, alias, priKeyFile) + "</DigitalSign>"); } /** * CAP. * * @param cap String CAP * @param keystorePath String (CER) * @return boolean */ public static boolean verifyCAP(String cap, String keystorePath) { String originalText = cap.replaceAll(cap.substring(cap.indexOf("<DigitalSign>"), cap.indexOf("</DigitalSign>") + "</DigitalSign>".length()), "<DigitalSign/>"); String signedText = cap.substring(cap.indexOf("<DigitalSign>") + "<DigitalSign>".length(), cap.indexOf("</DigitalSign>")); String pubKeyFile = keystorePath.lastIndexOf(File.separator) < keystorePath.length() - 1 ? (keystorePath + File.separator + "uac.cer") : (keystorePath + "uac.cer"); return CtSignature.verify(originalText, signedText, pubKeyFile); } public static void main(String[] args) { String KeyStorePath = "D:\\work\\SEclipse\\workspace\\MBOSS\\com.lianchuang.sso.ct.lib\\keystore\\ct10000Keystore"; String CertPath = "D:\\work\\SEclipse\\workspace\\MBOSS\\com.lianchuang.sso.ct.lib\\keystore\\ct10000.cer"; String sigedData = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<CAPRoot><SessionHeader><ServiceCode>CAP02001</ServiceCode><Version>1230001234567890</Version><ActionCode>0</ActionCode><TransactionID>11123200902190000000002</TransactionID><SrcSysID>123</SrcSysID><DstSysID>11</DstSysID><ReqTime>20090219200657</ReqTime><DigitalSign/></SessionHeader><SessionBody><AssertionQueryReq><Ticket>ddddddddddddddddddddddd</Ticket></AssertionQueryReq></SessionBody></CAPRoot>"; System.out.println(":" + sigedData); String res = signature(sigedData, "12345678", "ct10000", KeyStorePath); if (res != null) { // String strRes = HexUtils.toHexString(res); System.out.println(":" + res); System.out.println(verify(sigedData, res, CertPath)); // sigedData = sigedData + "1"; System.out.println(":" + sigedData); System.out.println(verify(sigedData, res, CertPath)); } } }