RsaHelper.java

package com.yanzuoguang.util.helper;

import com.yanzuoguang.util.contants.SystemContants;
import com.yanzuoguang.util.exception.CodeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;

import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * RSA
 * # 知识点
 * 1. 从一个固定长度的字节数组转换为另外一个固定长度的字节数组。如117的加密对应128的解密
 * 2. RSA分为公钥+私钥
 * 3. 可以用公钥加密+私钥解密 或者 私钥加密+公钥解密
 * 4. 因为加密只有字节，所以需要转换为base64
 * <p>
 * # 流程
 * 1. 生成公钥私钥
 * 2. 将公钥转换为字节,然后转换为base64字符串
 * 3. 将私钥转换为字节,然后转换为base64字符串
 * 4. 将来源字符串转换为字节，并按照固定加密长度截断，依次用公钥字符串生成的公钥进行加密。将加密后的字节转换为base64字符串。
 * 5. 将需要解密的字符串转换为字节，按照固定解密长度阶段，依次用私钥字符串生成的私钥进行解密。
 *
 * @author 颜佐光
 */
public final class RsaHelper {

    private static final Logger logger = LoggerFactory.getLogger(RsaHelper.class);

    private static final String ALGORITHM_RSA = "RSA";

    private static final String ALGORITHM_SIGN = "MD5withRSA";

    private static final int KEYPAIR_LEN = 1024;
    /**
     * RSA最大加密明文大小
     */
    private static final int MAX_ENCRYPT_BLOCK = 117;

    /**
     * RSA最大解密密文大小
     */
    private static final int MAX_DECRYPT_BLOCK = 128;

    private RsaHelper() {
        super();
    }

    private interface HandleBytes {
        byte[] handle(byte[] from, int offset, int len) throws Exception;
    }

    private static byte[] handle(byte[] froms, int size, HandleBytes handle) throws Exception {
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        int inputLen = froms.length;
        int offSet = 0;
        byte[] cache;
        int i = 0;
        // 对数据分段加密
        while (inputLen - offSet > 0) {
            if (inputLen - offSet > size) {
                cache = handle.handle(froms, offSet, size);
            } else {
                cache = handle.handle(froms, offSet, inputLen - offSet);
            }
            out.write(cache, 0, cache.length);
            i++;
            offSet = i * size;
        }
        byte[] to = out.toByteArray();
        out.close();
        return to;
    }

    /**
     * 生成密钥对
     *
     * @throws Exception
     */
    public static void generatorKeyPair() {
        try {
            KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGORITHM_RSA);
            keyPairGen.initialize(KEYPAIR_LEN);
            KeyPair keyPair = keyPairGen.generateKeyPair();
            RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();

            byte[] keyBs = rsaPublicKey.getEncoded();
            String publicKey = encodeBase64(keyBs);
            logger.info("生成的公钥：\t{}", publicKey);
            keyBs = rsaPrivateKey.getEncoded();
            String privateKey = encodeBase64(keyBs);
            logger.info("生成的私钥：\t{}", privateKey);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * 获取公钥
     *
     * @return
     * @throws Exception
     */
    private static PublicKey getPublicKey(String publicKey) throws Exception {
        try {
            X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(decodeBase64(publicKey));
            KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
            return keyFactory.generatePublic(publicKeySpec);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * 获取私钥
     *
     * @return
     * @throws Exception
     */
    private static PrivateKey getPrivateKey(String privateKey) {
        try {
            PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(decodeBase64(privateKey));
            KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
            return keyFactory.generatePrivate(privateKeySpec);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * 公钥加密
     *
     * @param source
     * @param publicKeyStr
     * @return
     * @throws Exception
     */
    public static String encryptionByPublicKey(String source, String publicKeyStr) {
        try {
            PublicKey publicKey = getPublicKey(publicKeyStr);
            Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
            cipher.init(Cipher.ENCRYPT_MODE, publicKey);

            byte[] bytes = source.getBytes(SystemContants.UTF8);
            byte[] to = handle(bytes, MAX_ENCRYPT_BLOCK, new HandleBytes() {
                @Override
                public byte[] handle(byte[] from, int offset, int len) throws Exception {
                    return cipher.doFinal(from, offset, len);
                }
            });
            return encodeBase64(to);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * 公钥解密
     *
     * @param target
     * @throws Exception
     */
    public static String decryptionByPublicKey(String target, String publicKeyStr) {
        try {
            byte[] bytes = decodeBase64(target);

            PublicKey publicKey = getPublicKey(publicKeyStr);
            Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
            cipher.init(Cipher.DECRYPT_MODE, publicKey);

            byte[] to = handle(bytes, MAX_DECRYPT_BLOCK, new HandleBytes() {
                @Override
                public byte[] handle(byte[] from, int offset, int len) throws Exception {
                    return cipher.doFinal(from, offset, len);
                }
            });

            return new String(to, SystemContants.UTF8);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * 公钥验证签名
     *
     * @return
     * @throws Exception
     */
    public static void verifyByPublicKey(String target, String sign, String publicKeyStr) {
        try {
            PublicKey publicKey = getPublicKey(publicKeyStr);
            Signature signature = Signature.getInstance(ALGORITHM_SIGN);
            signature.initVerify(publicKey);
            signature.update(target.getBytes(SystemContants.UTF8));
            if (signature.verify(decodeBase64(sign))) {
                logger.info("sign true");
            } else {
                logger.info("sign false");
            }
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * 私钥加密
     *
     * @param source
     * @return
     * @throws Exception
     */
    public static String encryptionByPrivateKey(String source, String privateKeyStr) {
        try {
            byte[] bytes = source.getBytes(SystemContants.UTF8);

            PrivateKey privateKey = getPrivateKey(privateKeyStr);
            Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
            cipher.init(Cipher.ENCRYPT_MODE, privateKey);

            byte[] to = handle(bytes, MAX_ENCRYPT_BLOCK, new HandleBytes() {
                @Override
                public byte[] handle(byte[] from, int offset, int len) throws Exception {
                    return cipher.doFinal(from, offset, len);
                }
            });

            String target = encodeBase64(to);
            return target;
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * 私钥解密
     *
     * @param target
     * @throws Exception
     */
    public static String decryptionByPrivateKey(String target, String privateKeyStr) {
        try {
            byte[] bytes = decodeBase64(target);

            PrivateKey privateKey = getPrivateKey(privateKeyStr);
            Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
            cipher.init(Cipher.DECRYPT_MODE, privateKey);

            byte[] to = handle(bytes, MAX_DECRYPT_BLOCK, new HandleBytes() {
                @Override
                public byte[] handle(byte[] from, int offset, int len) throws Exception {
                    return cipher.doFinal(from, offset, len);
                }
            });

            return new String(to, SystemContants.UTF8);
        } catch (Exception ex) {
            throw new CodeException("解密失败:" + ex.getMessage(), ex);
        }
    }

    /**
     * 私钥签名
     *
     * @param target
     * @return
     * @throws Exception
     */
    public static String signByPrivateKey(String target, String privateKeyStr) {
        try {
            PrivateKey privateKey = getPrivateKey(privateKeyStr);
            Signature signature = Signature.getInstance(ALGORITHM_SIGN);
            signature.initSign(privateKey);
            signature.update(target.getBytes(SystemContants.UTF8));
            String sign = encodeBase64(signature.sign());
            return sign;
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * base64编码
     *
     * @param source
     * @return
     * @throws Exception
     */
    public static String encodeBase64(byte[] source) {
        try {
            byte[] to = Base64Utils.encode(source);
            return new String(to, SystemContants.UTF8);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    /**
     * Base64解码
     *
     * @param target
     * @return
     * @throws Exception
     */
    public static byte[] decodeBase64(String target) {
        try {
            byte[] from = target.getBytes(SystemContants.UTF8);
            return Base64Utils.decode(from);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }
}