Commit d1f18992 authored by maqing's avatar maqing

RSA密码加密

parent d7fa84c9
...@@ -8,6 +8,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; ...@@ -8,6 +8,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint; import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.security.NoSuchAlgorithmException;
import java.security.Principal; import java.security.Principal;
import java.util.Map; import java.util.Map;
...@@ -26,7 +27,7 @@ public class AuthController { ...@@ -26,7 +27,7 @@ public class AuthController {
@SneakyThrows @SneakyThrows
public Result<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam Map<String, String> parameters) { public Result<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam Map<String, String> parameters) {
String password = parameters.get("password"); String password = parameters.get("password");
String decrypt = CsoftSecurityUtil.decrypt(password); String decrypt = CsoftSecurityUtil.decryptRSADefault(password);
parameters.put("password", decrypt); parameters.put("password", decrypt);
OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody(); OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
return Result.success(oAuth2AccessToken); return Result.success(oAuth2AccessToken);
...@@ -38,7 +39,7 @@ public class AuthController { ...@@ -38,7 +39,7 @@ public class AuthController {
*/ */
@GetMapping("/genKeyPair") @GetMapping("/genKeyPair")
public Result<String> genKeyPair() { public Result<String> genKeyPair() {
Map keyMap = CsoftSecurityUtil.genKeyPair(); Map keyMap = CsoftSecurityUtil.createKeyPairs();
return Result.success(keyMap.get(0).toString()); return Result.success(keyMap.get(0).toString());
} }
......
...@@ -33,14 +33,4 @@ public class PublicKeyController { ...@@ -33,14 +33,4 @@ public class PublicKeyController {
return new JWKSet(key).toJSONObject(); return new JWKSet(key).toJSONObject();
} }
/**
* 获取公钥
* @return
*/
@GetMapping("/genKeyPair")
public Result<String> genKeyPair() {
Map keyMap = CsoftSecurityUtil.genKeyPair();
return Result.success(keyMap.get(0).toString());
}
} }
package com.hungraim.ltc.util; package com.hungraim.ltc.util;
import java.nio.charset.StandardCharsets;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.KeyPairGenerator; import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Map.Entry;
import java.util.TreeMap;
import javax.crypto.BadPaddingException; import javax.crypto.BadPaddingException;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException; import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException; import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
/** /**
* @Description: 通用加密工具 RSA+ASE+SHA256(非对称加密(对称秘钥),对称加密数据,Sha256消息摘要,RSA签名) * @Description: 中研通用加密工具 RSA+ASE+SHA256(非对称加密(对称秘钥),对称加密数据,Sha256消息摘要,RSA签名)
* @author * @author wh.huang DateTime 2018年11月15日 下午3:00:21
* @version 1.0 * @version 1.0
*/ */
@Slf4j
public class CsoftSecurityUtil { public class CsoftSecurityUtil {
private static Map<Integer, String> keyMap = new HashMap<>(); // 用于封装随机产生的公钥与私钥 private static Map<Integer, String> keyMap = new HashMap<>(); // 用于封装随机产生的公钥与私钥
public static void main(String[] args) {
//生成公钥和私钥
genKeyPair();
//加密字符串
String message = "Hg123admin";
System.out.println("随机生成的公钥为:" + keyMap.get(0));
System.out.println("随机生成的私钥为:" + keyMap.get(1));
String messageEn = encrypt(message, keyMap.get(0));
System.out.println("加密后的字符串为:" + messageEn);
String messageDe = decrypt(messageEn);
System.out.println("还原后的字符串为:" + messageDe);
}
//随机生成密钥对 // 加密数据和秘钥的编码方式
public static Map genKeyPair() { public static final String UTF_8 = "UTF-8";
// KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象
KeyPairGenerator keyPairGen = null;
try { // 填充方式
keyPairGen = KeyPairGenerator.getInstance("RSA"); public static final String AES_ALGORITHM = "AES/CFB/PKCS5Padding";
} catch (NoSuchAlgorithmException e) { public static final String RSA_ALGORITHM = "RSA/ECB/PKCS1Padding";
e.printStackTrace(); public static final String RSA_ALGORITHM_NOPADDING = "RSA";
/**
* Description: 解密接收数据
* @author wh.huang DateTime 2018年11月15日 下午5:06:42
* @param externalPublicKey
* @param selfPrivateKey
* @param
* @throws InvalidKeyException
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws UnsupportedEncodingException
* @throws InvalidAlgorithmParameterException
* @throws DecoderException
*/
public static String decryptReceivedData(PublicKey externalPublicKey, PrivateKey selfPrivateKey, String receiveData) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidAlgorithmParameterException, DecoderException {
@SuppressWarnings("unchecked")
Map<String, String> receivedMap = (Map<String, String>) JSON.parse(receiveData);
// receivedMap为请求方通过from urlencoded方式,请求过来的参数列表
String inputSign = receivedMap.get("sign");
// 用请求方提供的公钥验签,能配对sign,说明来源正确
inputSign = decryptRSA(externalPublicKey, inputSign);
// 校验sign是否一致
String sign = sha256(receivedMap);
if (!sign.equals(inputSign)) {
// sign校验不通过,说明双方发送出的数据和对方收到的数据不一致
System.out.println("input sign: " + inputSign + ", calculated sign: " + sign);
return null;
} }
// 初始化密钥对生成器,密钥大小为96-1024位 // 解密请求方在发送请求时,加密data字段所用的对称加密密钥
assert keyPairGen != null; String key = receivedMap.get("key");
keyPairGen.initialize(1024, new SecureRandom()); String salt = receivedMap.get("salt");
// 生成一个密钥对,保存在keyPair中 key = decryptRSA(selfPrivateKey, key);
KeyPair keyPair = keyPairGen.generateKeyPair(); salt = decryptRSA(selfPrivateKey, salt);
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到私钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 得到公钥
String publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()));
// 得到私钥字符串
String privateKeyString = new String(Base64.encodeBase64((privateKey.getEncoded())));
// 将公钥和私钥保存到Map
keyMap.put(0, publicKeyString); //0表示公钥
keyMap.put(1, privateKeyString); //1表示私钥
return keyMap; // 解密data数据
String data = decryptAES(key, salt, receivedMap.get("data"));
System.out.println("接收到的data内容:" + data);
return data;
} }
/** RSA公钥加密 /**
* @param str 加密字符串 * Description: 加密数据组织示例
* @param publicKey 公钥 * @author wh.huang DateTime 2018年11月15日 下午5:20:11
* @return 密文 * @param externalPublicKey
* @param selfPrivateKey
* @return 加密后的待发送数据
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws InvalidKeyException
* @throws NoSuchPaddingException
* @throws UnsupportedEncodingException
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws InvalidAlgorithmParameterException
*/ */
public static String encrypt(String str, String publicKey) { public static String encryptSendData(PublicKey externalPublicKey, PrivateKey selfPrivateKey,JSONObject sendData) throws NoSuchAlgorithmException, InvalidKeySpecException,
//base64编码的公钥 InvalidKeyException, NoSuchPaddingException, UnsupportedEncodingException, BadPaddingException,
byte[] decoded = Base64.decodeBase64(publicKey); IllegalBlockSizeException, InvalidAlgorithmParameterException {
RSAPublicKey pubKey = null;
String outStr = null; // 随机生成对称加密的密钥和IV (IV就是加盐的概念,加密的偏移量)
String aesKeyWithBase64 = genRandomAesSecretKey();
String aesIVWithBase64 = genRandomIV();
// 用接收方提供的公钥加密key和salt,接收方会用对应的私钥解密
String key = encryptRSA(externalPublicKey, aesKeyWithBase64);
String salt = encryptRSA(externalPublicKey, aesIVWithBase64);
// 组织业务数据信息,并用上面生成的对称加密的密钥和IV进行加密
System.out.println("发送的data内容:" + sendData.toJSONString());
String cipherData = encryptAES(aesKeyWithBase64, aesIVWithBase64, sendData.toJSONString());
// 组织请求的key、value对
Map<String, String> requestMap = new TreeMap<String, String>();
requestMap.put("key", key);
requestMap.put("salt", salt);
requestMap.put("data", cipherData);
requestMap.put("source", "由接收方提供"); // 添加来源标识
// 计算sign,并用请求方的私钥加签,接收方会用请求方发放的公钥验签
String sign = sha256(requestMap);
requestMap.put("sign", encryptRSA(selfPrivateKey, sign));
// TODO: 以form urlencoded方式调用,参数为上面组织出来的requestMap
// 注意:请务必以form urlencoded方式,否则base64转码后的个别字符可能会被转成空格,对方接收后将无法正常处理
JSONObject json = new JSONObject();
json.putAll(requestMap);
return json.toString();
}
/**
* Description: 获取随机的对称加密的密钥
* @author wh.huang DateTime 2018年11月15日 下午5:25:53
* @return 对称秘钥字符
* @throws NoSuchAlgorithmException
* @throws UnsupportedEncodingException
* @throws IllegalBlockSizeException
* @throws BadPaddingException
* @throws InvalidKeyException
* @throws NoSuchPaddingException
*/
private static String genRandomAesSecretKey() throws NoSuchAlgorithmException, UnsupportedEncodingException,
IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchPaddingException {
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);
SecretKey secretKey = keyGen.generateKey();
String keyWithBase64 = Base64.encodeBase64(secretKey.getEncoded()).toString();
return keyWithBase64;
try {
pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded));
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
outStr = Base64.encodeBase64String(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
} catch (InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException | NoSuchPaddingException | NoSuchAlgorithmException e) {
e.printStackTrace();
}
//RSA加密
return outStr;
} }
/** RSA私钥解密 private static String genRandomIV() {
* @param str 加密字符串 SecureRandom r = new SecureRandom();
* @return 铭文 byte[] iv = new byte[16];
r.nextBytes(iv);
String ivParam = Base64.encodeBase64(iv)+"";
return ivParam;
}
/**
* 对称加密数据
*
* @param keyWithBase64
* @param
* @param plainText
* @return
* @throws NoSuchAlgorithmException
* @throws NoSuchPaddingException
* @throws InvalidKeyException
* @throws IllegalBlockSizeException
* @throws BadPaddingException
* @throws UnsupportedEncodingException
* @throws InvalidAlgorithmParameterException
*/
private static String encryptAES(String keyWithBase64, String ivWithBase64, String plainText)
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException, InvalidAlgorithmParameterException {
byte[] keyWithBase64Arry = keyWithBase64.getBytes();
byte[] ivWithBase64Arry = ivWithBase64.getBytes();
SecretKeySpec key = new SecretKeySpec(Base64.decodeBase64(keyWithBase64Arry), "AES");
IvParameterSpec iv = new IvParameterSpec(Base64.decodeBase64(ivWithBase64Arry));
Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
return Base64.encodeBase64(cipher.doFinal(plainText.getBytes(UTF_8))).toString();
}
/**
* 对称解密数据
*
* @param keyWithBase64
* @param cipherText
* @return
* @throws NoSuchAlgorithmException
* @throws NoSuchPaddingException
* @throws InvalidKeyException
* @throws IllegalBlockSizeException
* @throws BadPaddingException
* @throws UnsupportedEncodingException
* @throws InvalidAlgorithmParameterException
*/ */
public static String decrypt(String str) { private static String decryptAES(String keyWithBase64, String ivWithBase64, String cipherText)
//64位解码加密后的字符串 throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException,
byte[] inputByte = Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8)); BadPaddingException, UnsupportedEncodingException, InvalidAlgorithmParameterException {
//base64编码的私钥 byte[] keyWithBase64Arry = keyWithBase64.getBytes();
byte[] decoded = Base64.decodeBase64(keyMap.get(1)); byte[] ivWithBase64Arry = ivWithBase64.getBytes();
RSAPrivateKey priKey = null; byte[] cipherTextArry = cipherText.getBytes();
//RSA解密 SecretKeySpec key = new SecretKeySpec(Base64.decodeBase64(keyWithBase64Arry), "AES");
Cipher cipher = null; IvParameterSpec iv = new IvParameterSpec(Base64.decodeBase64(ivWithBase64Arry));
String outStr = null;
Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key, iv);
return new String(cipher.doFinal(Base64.decodeBase64(cipherTextArry)), UTF_8);
}
/**
* 非对称加密,根据公钥和原始内容产生加密内容
*
* @param key
* @param
* @return
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* @throws UnsupportedEncodingException
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws InvalidAlgorithmParameterException
*/
private static String encryptRSA(Key key, String plainText)
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException,
BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key);
return Base64.encodeBase64(cipher.doFinal(plainText.getBytes(UTF_8))).toString();
}
/**
* 根据私钥和加密内容产生原始内容
* @param key
* @param content
* @return
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* @throws DecoderException
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws UnsupportedEncodingException
* @throws InvalidAlgorithmParameterException
*/
private static String decryptRSA(Key key, String content) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, DecoderException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidAlgorithmParameterException {
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] contentArry = content.getBytes();
return new String(cipher.doFinal(Base64.decodeBase64(contentArry)), UTF_8);
}
/**
* 计算sha256值
*
* @param paramMap
* @return 签名后的所有数据,原始数据+签名
*/
private static String sha256(Map<String, String> paramMap) {
Map<String, String> params = new TreeMap<String, String>(paramMap);
StringBuilder concatStr = new StringBuilder();
for (Entry<String, String> entry : params.entrySet()) {
if ("sign".equals(entry.getKey())) {
continue;
}
concatStr.append(entry.getKey() + "=" + entry.getValue() + "&");
}
return DigestUtils.md5Hex(concatStr.toString());
}
/**
* 创建RSA的公钥和私钥示例 将生成的公钥和私钥用Base64编码后打印出来
* @throws NoSuchAlgorithmException
*/
public static Map createKeyPairs() {
try { try {
priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
cipher = Cipher.getInstance("RSA"); keyPairGenerator.initialize(2048);
cipher.init(Cipher.DECRYPT_MODE, priKey); KeyPair keyPair = keyPairGenerator.generateKeyPair();
outStr = new String(cipher.doFinal(inputByte)); //公钥
} catch (InvalidKeySpecException | NoSuchAlgorithmException | NoSuchPaddingException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException e) { RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
//私钥
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
String publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()));
String privateKeyString = new String(Base64.encodeBase64((privateKey.getEncoded())));
keyMap.put(0, publicKeyString); //0表示公钥
keyMap.put(1, privateKeyString); //1表示私钥
}catch (NoSuchAlgorithmException e){
e.printStackTrace(); e.printStackTrace();
} }
return outStr;
return keyMap;
} }
/**
* Description:默认的RSA解密方法 一般用来解密 参数 小数据
* @author wh.huang DateTime 2018年12月14日 下午3:43:11
* @param
* @param data
* @return
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws NoSuchPaddingException
* @throws InvalidKeyException
* @throws IllegalBlockSizeException
* @throws BadPaddingException
*/
public static String decryptRSADefault(String data) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM_NOPADDING);
byte[] privateKeyArray = keyMap.get(1).getBytes();
byte[] dataArray = data.getBytes();
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyArray));
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM_NOPADDING);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(cipher.doFinal(Base64.decodeBase64(dataArray)), UTF_8);
}
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment