package com.tuputech.api;

import com.tuputech.api.util.Base64Util;
import net.sf.json.JSONObject;

import java.io.*;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;


/**
 * 鉴权
 *
 * @author soap
 */
public class SignatureVerify {

    //tupu public pem
    final static String publickKeyString = "-----BEGIN PUBLIC KEY-----" + "\n"
            + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDyZneSY2eGnhKrArxaT6zswVH9" + "\n"
            + "/EKz+CLD+38kJigWj5UaRB6dDUK9BR6YIv0M9vVQZED2650tVhS3BeX04vEFhThn" + "\n"
            + "NrJguVPidufFpEh3AgdYDzOQxi06AN+CGzOXPaigTurBxZDIbdU+zmtr6a8bIBBj" + "\n" + "WQ4v2JR/BA6gVHV5TwIDAQAB"
            + "\n" + "-----END PUBLIC KEY-----";


    /**
     * 进行验证
     *
     * @param signature 数字签名
     * @param json      真正的有效数据的字符串
     **/
    public boolean verify(String signature, String json) {
        try {

            InputStream inPublic = new ByteArrayInputStream(publickKeyString.getBytes("UTF-8"));
            String publicKeyStr = readKey(inPublic);
            byte[] buffer = Base64Util.decode(publicKeyStr);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
            // 获取公钥匙对象
            PublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
            Signature signer = Signature.getInstance("SHA256WithRSA");
            signer.initVerify(pubKey);
            signer.update(json.getBytes("UTF-8"));
            // 验证签名是否正常
            return signer.verify(Base64Util.decode(signature));
        } catch (Exception e) {
            return false;
        }
    }

    /**
     * @param in
     * @throws IOException
     */
    private String readKey(InputStream in) throws IOException {
        BufferedReader br = new BufferedReader(new InputStreamReader(in));
        String readLine = null;
        StringBuilder sb = new StringBuilder();
        while ((readLine = br.readLine()) != null) {
            if (readLine.charAt(0) == '-') {
                continue;
            } else {
                sb.append(readLine);
                sb.append('\r');
            }
        }
        return sb.toString();
    }

    /**
     * 读取用户私钥
     *
     * @param privateKey 私钥
     * @return
     */
    public PrivateKey readPrivateKey(String privateKey) {
        String privateKeyStr = "";
        PrivateKey pKey = null;

        if (privateKey.endsWith(".pem")) {
            // 读取你的密钥pkcs8_private_key.pem
            File private_key_pem = new File(privateKey);
            InputStream inPrivate = null;
            try {
                inPrivate = new FileInputStream(private_key_pem);
            } catch (FileNotFoundException e) {
                System.out.println(e);
            }
            try {
                privateKeyStr = readKey(inPrivate);
            } catch (IOException e) {
                System.out.println(e);
            }
        } else {
            privateKeyStr = privateKey;
        }

        try {

            byte[] buffer = Base64Util.decode(privateKeyStr);
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            // 获取密钥对象
            pKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
        } catch (Exception e) {
            System.out.println(e);
        }
        return pKey;
    }

    /**
     * 进行签名
     *
     * @param sign_string
     * @param privateKey  参与签名的文本
     **/
    public String signature(PrivateKey privateKey, String sign_string) {
        try {
            // 用私钥对信息生成数字签名
            Signature signer = Signature.getInstance("SHA256WithRSA");
            signer.initSign(privateKey);
            signer.update(sign_string.getBytes());
            byte[] signed = signer.sign();
            return new String(Base64Util.encode(signed));
        } catch (Exception e) {
            return "err";
        }
    }

    /**
     * 签名
     */
    private void testSign() {
        //私钥地址
        PrivateKey privateKey = readPrivateKey("/uri");
        //
        String secretId = "";
        String timestamp = Math.round(System.currentTimeMillis() / 1000.0) + "";
        String nonce = Math.random() + "";
        String sign_string = secretId + "," + timestamp + "," + nonce;
        String signature = signature(privateKey, sign_string);
    }

    /**
     * 验证结果
     */
    private void testVerify() {
        //返回的结果
        String response = "";
        //验证返回值
        //response
        JSONObject jsonObject = JSONObject.fromObject(response);

        String result_json = jsonObject.getString("json");
        String code = JSONObject.fromObject(result_json).getString("code");
        String message = JSONObject.fromObject(result_json).getString("message");
        if (Integer.valueOf(code) == 0) {
            String result_signature = jsonObject.getString("signature");
            // 进行验证
            boolean verify = verify(result_signature, result_json);
        }
    }


    public static void main(String[] args) {

        SignatureVerify signatureVerify = new SignatureVerify();
        //签名
        signatureVerify.testSign();

        //验证结果
        signatureVerify.testVerify();


    }
}

results matching ""

    No results matching ""