String sign="dfgfgh";
X509Certificate x509Certificate = (X509Certificate) CAUtil.getCfeformPfx("d:/TestingUser1_sign.pfx", "12345678"); //工具类根据PFX文件得到Certificate对象再强转
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
PrivateKey privateKey=CAUtil.GetPvkformPfx("d:/TestingUser1_sign.pfx", "12345678");//工具类根据PFX文件得到私钥
signature.initSign(privateKey);
signature.update(sign.getBytes());
byte[] data=signature.sign(); //签名
X509Certificate cf = (X509Certificate) CAUtil.getX509Certificate("d:/TestingUser1_sign_pub.cer"); //工具类
// 由证书构建签名
Signature s = Signature.getInstance(cf.getSigAlgName());
// 由证书初始化签名,实际上是使用了证书中的公钥
s.initVerify(cf);
s.update(data);
System.out.println( s.verify(sign.getBytes()));得到的结果却是是FALSE 不知道错在哪里,请各位大大指证.TestingUser1_sign_pub.cer为TestingUser1_sign.pfx的公钥证书
X509Certificate x509Certificate = (X509Certificate) CAUtil.getCfeformPfx("d:/TestingUser1_sign.pfx", "12345678"); //工具类根据PFX文件得到Certificate对象再强转
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
PrivateKey privateKey=CAUtil.GetPvkformPfx("d:/TestingUser1_sign.pfx", "12345678");//工具类根据PFX文件得到私钥
signature.initSign(privateKey);
signature.update(sign.getBytes());
byte[] data=signature.sign(); //签名
X509Certificate cf = (X509Certificate) CAUtil.getX509Certificate("d:/TestingUser1_sign_pub.cer"); //工具类
// 由证书构建签名
Signature s = Signature.getInstance(cf.getSigAlgName());
// 由证书初始化签名,实际上是使用了证书中的公钥
s.initVerify(cf);
s.update(data);
System.out.println( s.verify(sign.getBytes()));得到的结果却是是FALSE 不知道错在哪里,请各位大大指证.TestingUser1_sign_pub.cer为TestingUser1_sign.pfx的公钥证书
// 实例化密钥库
KeyStore ks =null;
FileInputStream is=null;
try {
ks = KeyStore.getInstance(KeyStore.getDefaultType());
// 获得密钥库文件流
is = new FileInputStream(keyStorePath);
// 加载密钥库
ks.load(is, password.toCharArray());
} catch (Exception e) {
e.printStackTrace();
} finally{
if(null!=is){try{is.close();}catch(Exception e){}}
}
return ks;
}
//通过PFX文件获得私钥
public static PrivateKey GetPvkformPfx(String strPfx, String strPassword){
PrivateKey prikey=null;
try {
char[] nPassword = null;
if ((strPassword == null) || strPassword.trim().equals("")){
nPassword = null;
}else{
nPassword = strPassword.toCharArray();
}
KeyStore ks = getKsformPfx(strPfx,strPassword);
String keyAlias = getAlsformPfx(strPfx,strPassword);
prikey = (PrivateKey) ks.getKey(keyAlias, nPassword);
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//System.out.println("private key = " + prikey);
return prikey;
}
//通过PFX文件获得KEYSTORE
public static KeyStore getKsformPfx(String strPfx, String strPassword){
FileInputStream fis=null;
try {
KeyStore ks = KeyStore.getInstance("PKCS12");
fis = new FileInputStream(strPfx);
// If the keystore password is empty(""), then we have to set
// to null, otherwise it won't work!!!
char[] nPassword = null;
if ((strPassword == null) || strPassword.trim().equals("")){
nPassword = null;
}
else {
nPassword = strPassword.toCharArray();
}
ks.load(fis, nPassword);
return ks;
}catch(Exception e){
e.printStackTrace();
}finally{
if(null!=fis){try {fis.close();} catch (IOException e) {e.printStackTrace();}}
}
return null;
}
//通过PFX文件获得别名
public static String getAlsformPfx(String strPfx, String strPassword){
String keyAlias=null;
try {
KeyStore ks = getKsformPfx(strPfx,strPassword);
Enumeration enumas = ks.aliases();
keyAlias = null;
// we are readin just one certificate.
if (enumas.hasMoreElements()) {
keyAlias = (String)enumas.nextElement();
}
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return keyAlias;
}
//通过PFX文件获得公钥
public static PublicKey getPukformPfx(String strPfx, String strPassword){
PublicKey pubkey=null;
try {
KeyStore ks = getKsformPfx(strPfx,strPassword);
String keyAlias = getAlsformPfx(strPfx,strPassword);
Certificate cert = ks.getCertificate(keyAlias);
pubkey = cert.getPublicKey();
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return pubkey;
}
//通过PFX文件获得Certificate
public static Certificate getCfeformPfx(String strPfx, String strPassword){
Certificate cert=null;
try {
KeyStore ks = getKsformPfx(strPfx,strPassword);
String keyAlias = getAlsformPfx(strPfx,strPassword);
cert = ks.getCertificate(keyAlias);
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return cert;
}
X509Certificate x509Certificate=null;
InputStream ism=null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ism=new FileInputStream(certPath);
x509Certificate = (X509Certificate)cf.generateCertificate(ism);
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
if(null!=ism){
try {
ism.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return x509Certificate;
}
应该是s.update(sign.getBytes());
System.out.println( s.verify(data));
System.out.println( s.verify(sign.getBytes()));呵呵,这里写反了。update 要 sign 的东西,verify 要 data 的东西。