📄 signatureclass.java
字号:
package com.bst.erp.signature;
import java.security.Signature;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.KeyStore;
import java.io.*;
import java.util.*;
import com.bst.erp.login.LoginViewModel;
import com.bst.erp.login.Staff;
/**
* 运行本例,需要先通过命令行工具keytool生成钥匙对。详见jdk文档keytool使用部分
*
* 创建KEYSTORE文件命令
* keytool -genkey -alias <钥匙对别名> -keypass <密码> -keystore <文件名扩展名是.keystore>
*
* 导出证书文件命令
* keytool -export -alias liuqiuli -file D:\signaturetest\liuqiuli.cert -keystore erp.keystore
*
* @author Administrator
*
*/
public class SignatureClass {
Staff staff = new Staff();
public Staff getStaff() {
return staff;
}
public void setStaff(Staff staff) {
this.staff = staff;
}
public SignatureClass() {
}
/**
* 通过程序生成钥匙对,测试数字签名。
* @throws Exception
*/
private void signTest() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
random.setSeed("userSeed".getBytes("UTF-8"));
keyGen.initialize(1024, random);
/*This class(KeyPair) is a simple holder for a key pair (a public key and a private key).
It does not enforce any security, and, when initialized,
should be treated like a PrivateKey.*/
KeyPair keyPair = keyGen.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
System.out.println("public key uses " + publicKey.getAlgorithm() +
" and is enclosed by " + publicKey.getFormat());
/* This Signature class is used to provide applications the functionality
of a digital signature algorithm. Digital signatures are used for authentication
and integrity assurance of digital data.*/
//Generates a Signature object that implements the specified digest algorithm.
Signature dsa = Signature.getInstance("SHA1withDSA");
dsa.initSign(privateKey);
dsa.update("testVerify".getBytes());
byte[] sig = dsa.sign();
dsa.initVerify(publicKey);
dsa.update("testVerify".getBytes());
boolean verifies = dsa.verify(sig);
System.out.println("signature verifies: " + verifies);
}
/**
* 通过别名signaturetest1以及对应私钥密码从keystore提取私钥,并通过该私钥对普通文档messageFile.txt
* 进行数字签名。签名被保存到testSignature.sig文件中
* @throws Exception
*/
public boolean createSigFileWithUserFile(String pw,String F_Login,String userFile,String sigFile,String keyStoreFile) throws Exception
{
// System.out.println("pw:"+pw);
// System.out.println("F_Login:"+F_Login);
// System.out.println("userFile:"+userFile);
// System.out.println("sigFile:"+sigFile);
// System.out.println("keyStoreFile:"+keyStoreFile);
boolean flag = false;
Signature dsa = Signature.getInstance("SHA1withDSA");
PrivateKey privateKey = getPrivateKey(keystore(pw,keyStoreFile),F_Login,pw);
// System.out.println("创建签名文件:=========21=====besssssgin:"+privateKey);
dsa.initSign(privateKey);
// System.out.println("创建签名文件:=========12======begin:");
//用户文件由个人自己建立,保存.并提交给管理员使用.
// byte[] msg = getFile("D:\\signaturetest\\liuqiuli.txt");
byte[] msg = getFile(userFile);
dsa.update(msg);
byte[] sig = dsa.sign();
//wirte sig to file "testSignature.sig"
//用户签名文件(.sig)- 管理员根据用户文件建立签名文件,并保存到服务器中。
// makeFile("D:\\signaturetest\\liuqiuli.sig",sig);
//String sigFile = sigPath+File.separator+F_Login+".sig";
flag = makeFile(sigFile,sig);
//System.out.println("创建签名文件ss--------end-------::"+flag);
return flag;
}
/**
* 从keystore通过别名signaturetest1提取对应的证书公钥,
* 对数字签名文件testSignature.sig数据以及被签名文件messageFile.txt进行验证
* @throws Exception
*/
private boolean verifyUserFileWithSigFile(String userFile,String sigFile,String certFile) throws Exception
{
Signature dsa = Signature.getInstance("SHA1withDSA");
//Certificate certificate = getCertificate(keystore(pw),"liuqiuli",pw);
//通过证书加载.
Certificate certificate = genCertificate(certFile);
PublicKey publicKey = certificate.getPublicKey();
//加载用户文件.
dsa.initVerify(publicKey);
// byte[] msg = getFile("D:\\signaturetest\\liuqiuli.txt");
byte[] msg = getFile(userFile);
dsa.update(msg);
//加载用户签名文件。
// byte[] sig = getFile("D:\\signaturetest\\liuqiuli.sig");
byte[] sig = getFile(sigFile);
//通过公钥和用户签名文件进行验证。
boolean verifies = dsa.verify(sig);
//System.out.println("signature verifies: " + verifies);
return verifies;
}
/**
* 初始化keystore
* @return
* @throws Exception
*/
private KeyStore keystore(String Password,String keyStoreFile) throws Exception
{
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
// FileInputStream fis = new FileInputStream("D:\\signaturetest\\erp.keystore");
FileInputStream fis = new FileInputStream(keyStoreFile);
System.out.println(Password+"============== "+fis);
keystore.load(fis,Password.toCharArray());
fis.close();
return keystore;
}
private PrivateKey getPrivateKey(KeyStore keystore,String alias,String Password) throws Exception
{
PrivateKey prvKey = (PrivateKey)keystore.getKey(alias, Password.toCharArray());
return prvKey;
}
/**
* 从keystore中获取证书
* @param keystore
* @return
* @throws Exception
*/
private Certificate getCertificate(KeyStore keystore,String alias,String pw,String keyStoreFile) throws Exception
{
// KeyStore.TrustedCertificateEntry entry = (KeyStore.TrustedCertificateEntry)keystore.getEntry("signaturetest1", "password".toCharArray());
// return entry.getTrustedCertificate();
return keystore(pw,keyStoreFile).getCertificate(alias);
}
private boolean makeFile(String signaturefile,byte[] raw) throws Exception
{
boolean flag = false;
FileOutputStream out = new FileOutputStream(signaturefile);
out.write(raw);
out.close();
flag = true;
return flag;
}
private byte[] getFile(String filename)throws Exception
{
FileInputStream in = new FileInputStream(filename);
byte[] buffer = new byte[in.available()];
int length;
in.read(buffer);
in.close();
return buffer;
}
/**
* 从证书文件中提取证书信息
* @throws Exception
*/
private Certificate genCertificate(String certFile) throws Exception{
// 证书文件(.cert)管理员根据keystore创建个人证书,并保存到服务器中。
FileInputStream fis = new FileInputStream(certFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection c = cf.generateCertificates(fis);
Iterator i = c.iterator();
Certificate cert = null;
while (i.hasNext()) {
cert = (Certificate)i.next();
try
{
cert.verify(cert.getPublicKey());
}catch(Exception ex)
{
System.out.println("cert is not valid ");
}
//System.out.println(cert);
}
return cert;
}
public int verifyUserInfo(String userName,String password,String userFile,String sigFileDir,String certFileDir) throws Exception{
/**
* flag=0;userName or password error;
* flag=1;certification error;
* flag=2;system error;
* flag=3;successfully!
*/
int flag = 2;
Staff staff = LoginViewModel.getStaff(userName, password);
this.setStaff(staff);
String id = staff.getF_FullName();
String pwd = staff.getF_Password();
if((id!=null)&&(id.equals(userName))&&(pwd!=null)&&(pwd.equals(password))){
String sigFile = sigFileDir + File.separator + id + ".sig";
String certFile = certFileDir + File.separator + id + ".cert";
SignatureClass sig = new SignatureClass();
boolean isValid = sig.verifyUserFileWithSigFile(userFile, sigFile, certFile);
if(isValid == false){
flag = 1;
return flag;
}
flag = 3;
//System.out.println(" \nsigFile:"+sigFile+"\n"+certFile+"\nuserFile"+userFile);
}else{
flag = 0;
}
//System.out.println("flag:"+flag);
return flag;
}
/* public static void main(String[] args) throws Exception {
SignatureClass signaturetest = new SignatureClass();
// signaturetest.signTest();
// signaturetest.genCertificate();
String pw = "erp1220";
//signaturetest.createSigFileWithUserFile(pw);
String userFile = "D:\\signaturetest\\liuqiuli.txt";
String sigFile = "D:\\signaturetest\\liuqiuli.sig";
String certFile = "D:\\signaturetest\\liuqiuli.cert";
String keyStoreFile = "D:\\signaturetest\\erp.keystore";
//createSigFileWithUserFile(String pw,String F_Login,String userFile,String sigPath,String keyStoreFile)
// signaturetest.createSigFileWithUserFile("erp1220", "liuqiuli", userFile, "D:\\signaturetest", keyStoreFile);
signaturetest.verifyUserFileWithSigFile(userFile,sigFile,certFile);
}*/
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -