package com.java110.acct.payment.adapt.bbgpay.lib;
|
|
import javax.crypto.Cipher;
|
import javax.crypto.KeyGenerator;
|
import javax.crypto.spec.SecretKeySpec;
|
|
import java.math.BigInteger;
|
import java.security.Key;
|
import java.security.KeyFactory;
|
import java.security.PrivateKey;
|
import java.security.PublicKey;
|
import java.security.SecureRandom;
|
import java.security.Security;
|
import java.security.Signature;
|
import java.security.spec.PKCS8EncodedKeySpec;
|
import java.security.spec.X509EncodedKeySpec;
|
|
import org.bouncycastle.asn1.gm.GMNamedCurves;
|
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
|
import org.bouncycastle.asn1.x9.X9ECParameters;
|
import org.bouncycastle.crypto.engines.SM2Engine;
|
import org.bouncycastle.crypto.params.ECDomainParameters;
|
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
|
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
|
import org.bouncycastle.crypto.params.ParametersWithRandom;
|
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
|
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.bouncycastle.jce.spec.ECParameterSpec;
|
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
|
import org.bouncycastle.jce.spec.ECPublicKeySpec;
|
import org.bouncycastle.util.encoders.Hex;
|
|
/**
|
* 国密加密算法
|
*/
|
public class GmUtil {
|
private static final String DEFAULT_CHARSET = "UTF-8";
|
public static final String ALGORITHM_NAME = "SM4";
|
// 加密算法/分组加密模式/分组填充方式
|
// PKCS5Padding-以8个字节为一组进行分组加密
|
// 定义分组加密模式使用:PKCS5Padding
|
public static final String ALGORITHM_NAME_ECB_PADDING = "SM4/ECB/PKCS7Padding";
|
// 128-32位16进制;256-64位16进制
|
public static final int DEFAULT_KEY_SIZE = 128;
|
// 椭圆曲线ECParameters ASN.1 结构
|
private static X9ECParameters x9ECParameters = GMNamedCurves.getByName("sm2p256v1");
|
// 椭圆曲线公钥或私钥的基本域参数。
|
private static ECParameterSpec ecDomainParameters = new ECParameterSpec(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
|
|
static {
|
Security.addProvider(new BouncyCastleProvider());
|
}
|
|
/**
|
* 将Base64转码的公钥串,转化为公钥对象
|
*
|
*/
|
public static PublicKey createPublicKey(String publicKey) {
|
PublicKey publickey = null;
|
try {
|
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64Util.decode(publicKey));
|
KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
|
publickey = keyFactory.generatePublic(publicKeySpec);
|
} catch (Exception e) {
|
e.printStackTrace();
|
}
|
return publickey;
|
}
|
|
/**
|
* 将Base64转码的私钥串,转化为私钥对象
|
*
|
*/
|
public static PrivateKey createPrivateKey(String privateKey) {
|
PrivateKey publickey = null;
|
try {
|
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64Util.decode(privateKey));
|
KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
|
publickey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
|
} catch (Exception e) {
|
e.printStackTrace();
|
}
|
return publickey;
|
}
|
|
/**
|
* 根据publicKey对原始数据data,使用SM2加密
|
*/
|
public static byte[] encrypt(byte[] data, PublicKey publicKey) {
|
ECPublicKeyParameters localECPublicKeyParameters = null;
|
|
if (publicKey instanceof BCECPublicKey) {
|
BCECPublicKey localECPublicKey = (BCECPublicKey) publicKey;
|
ECParameterSpec localECParameterSpec = localECPublicKey.getParameters();
|
ECDomainParameters localECDomainParameters = new ECDomainParameters(localECParameterSpec.getCurve(), localECParameterSpec.getG(), localECParameterSpec.getN());
|
localECPublicKeyParameters = new ECPublicKeyParameters(localECPublicKey.getQ(), localECDomainParameters);
|
}
|
SM2Engine localSM2Engine = new SM2Engine();
|
localSM2Engine.init(true, new ParametersWithRandom(localECPublicKeyParameters, new SecureRandom()));
|
byte[] arrayOfByte2;
|
try {
|
arrayOfByte2 = localSM2Engine.processBlock(data, 0, data.length);
|
return arrayOfByte2;
|
} catch (Exception e) {
|
e.printStackTrace();
|
return null;
|
}
|
}
|
|
/**
|
* 根据privateKey对加密数据encodedata,使用SM2解密
|
*/
|
public static byte[] decrypt(byte[] encodedata, PrivateKey privateKey) {
|
SM2Engine localSM2Engine = new SM2Engine();
|
BCECPrivateKey sm2PriK = (BCECPrivateKey) privateKey;
|
ECParameterSpec localECParameterSpec = sm2PriK.getParameters();
|
ECDomainParameters localECDomainParameters = new ECDomainParameters(localECParameterSpec.getCurve(), localECParameterSpec.getG(), localECParameterSpec.getN());
|
ECPrivateKeyParameters localECPrivateKeyParameters = new ECPrivateKeyParameters(sm2PriK.getD(), localECDomainParameters);
|
localSM2Engine.init(false, localECPrivateKeyParameters);
|
try {
|
byte[] arrayOfByte3 = localSM2Engine.processBlock(encodedata, 0, encodedata.length);
|
return arrayOfByte3;
|
} catch (Exception e) {
|
e.printStackTrace();
|
return null;
|
}
|
}
|
|
/**
|
* 私钥签名
|
*/
|
public static byte[] signByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception {
|
Signature sig = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), BouncyCastleProvider.PROVIDER_NAME);
|
sig.initSign(privateKey);
|
sig.update(data);
|
return sig.sign();
|
}
|
|
/**
|
* 公钥验签
|
*/
|
public static boolean verifyByPublicKey(byte[] data, PublicKey publicKey, byte[] signature) throws Exception {
|
Signature sig = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), BouncyCastleProvider.PROVIDER_NAME);
|
sig.initVerify(publicKey);
|
sig.update(data);
|
return sig.verify(signature);
|
}
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
/**
|
* @Description 公钥字符串转换为 BCECPublicKey 公钥对象
|
* @param pubKeyHex
|
* 64字节十六进制公钥字符串(如果公钥字符串为65字节首个字节为0x04:表示该公钥为非压缩格式,操作时需要删除)
|
* @return BCECPublicKey SM2公钥对象
|
*/
|
private static BCECPublicKey getECPublicKeyByPublicKeyHex(String pubKeyHex) {
|
// 截取64字节有效的SM2公钥(如果公钥首个字节为0x04)
|
if (pubKeyHex.length() > 128) {
|
pubKeyHex = pubKeyHex.substring(pubKeyHex.length() - 128);
|
}
|
// 将公钥拆分为x,y分量(各32字节)
|
String stringX = pubKeyHex.substring(0, 64);
|
String stringY = pubKeyHex.substring(stringX.length());
|
// 将公钥x、y分量转换为BigInteger类型
|
BigInteger x = new BigInteger(stringX, 16);
|
BigInteger y = new BigInteger(stringY, 16);
|
// 通过公钥x、y分量创建椭圆曲线公钥规范
|
ECPublicKeySpec ecPublicKeySpec = new ECPublicKeySpec(x9ECParameters.getCurve().createPoint(x, y), ecDomainParameters);
|
// 通过椭圆曲线公钥规范,创建出椭圆曲线公钥对象(可用于SM2加密及验签)
|
return new BCECPublicKey("EC", ecPublicKeySpec, BouncyCastleProvider.CONFIGURATION);
|
}
|
|
/**
|
* @Description 私钥字符串转换为 BCECPrivateKey 私钥对象
|
* @param privateKeyHex
|
* 32字节十六进制私钥字符串
|
* @return BCECPrivateKey SM2私钥对象
|
*/
|
private static BCECPrivateKey getBCECPrivateKeyByPrivateKeyHex(String privateKeyHex) {
|
// 将十六进制私钥字符串转换为BigInteger对象
|
BigInteger d = new BigInteger(privateKeyHex, 16);
|
// 通过私钥和私钥域参数集创建椭圆曲线私钥规范
|
ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(d, ecDomainParameters);
|
// 通过椭圆曲线私钥规范,创建出椭圆曲线私钥对象(可用于SM2解密和签名)
|
return new BCECPrivateKey("EC", ecPrivateKeySpec, BouncyCastleProvider.CONFIGURATION);
|
}
|
|
/**
|
* @Description 公钥加密
|
*/
|
public static String encryptSm2(String data, String publicKeyHex) {
|
BCECPublicKey publicKey = getECPublicKeyByPublicKeyHex(publicKeyHex);
|
// 加密模式
|
SM2Engine.Mode mode = SM2Engine.Mode.C1C3C2;
|
// 通过公钥对象获取公钥的基本域参数。
|
ECParameterSpec ecParameterSpec = publicKey.getParameters();
|
ECDomainParameters ecDomainParameters = new ECDomainParameters(ecParameterSpec.getCurve(), ecParameterSpec.getG(), ecParameterSpec.getN());
|
// 通过公钥值和公钥基本参数创建公钥参数对象
|
ECPublicKeyParameters ecPublicKeyParameters = new ECPublicKeyParameters(publicKey.getQ(), ecDomainParameters);
|
// 根据加密模式实例化SM2公钥加密引擎
|
SM2Engine sm2Engine = new SM2Engine(mode);
|
// 初始化加密引擎
|
sm2Engine.init(true, new ParametersWithRandom(ecPublicKeyParameters, new SecureRandom()));
|
byte[] arrayOfBytes = null;
|
try {
|
// 将明文字符串转换为指定编码的字节串
|
byte[] in = Hex.decode(data);
|
// 通过加密引擎对字节数串行加密
|
arrayOfBytes = sm2Engine.processBlock(in, 0, in.length);
|
} catch (Exception e) {
|
e.printStackTrace();
|
}
|
// 将加密后的字节串转换为十六进制字符串
|
return Hex.toHexString(arrayOfBytes).toUpperCase();
|
}
|
|
/**
|
* @Description 私钥解密
|
*/
|
public static String decryptSm2(String cipherData, String privateKeyHex) {
|
BCECPrivateKey privateKey = getBCECPrivateKeyByPrivateKeyHex(privateKeyHex);
|
// 解密模式
|
SM2Engine.Mode mode = SM2Engine.Mode.C1C3C2;
|
// 将十六进制字符串密文转换为字节数组(需要与加密一致,加密是:加密后的字节数组转换为了十六进制字符串)
|
byte[] cipherDataByte = Hex.decode(cipherData);
|
// 通过私钥对象获取私钥的基本域参数。
|
ECParameterSpec ecParameterSpec = privateKey.getParameters();
|
ECDomainParameters ecDomainParameters = new ECDomainParameters(ecParameterSpec.getCurve(), ecParameterSpec.getG(), ecParameterSpec.getN());
|
// 通过私钥值和私钥钥基本参数创建私钥参数对象
|
ECPrivateKeyParameters ecPrivateKeyParameters = new ECPrivateKeyParameters(privateKey.getD(), ecDomainParameters);
|
// 通过解密模式创建解密引擎并初始化
|
SM2Engine sm2Engine = new SM2Engine(mode);
|
sm2Engine.init(false, ecPrivateKeyParameters);
|
String result = null;
|
try {
|
// 通过解密引擎对密文字节串进行解密
|
byte[] arrayOfBytes = sm2Engine.processBlock(cipherDataByte, 0, cipherDataByte.length);
|
result = new String(arrayOfBytes, "utf-8");
|
} catch (Exception e) {
|
e.printStackTrace();
|
}
|
return result;
|
}
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
/**
|
* 自动生成sm4密钥
|
*
|
*/
|
public static String generateSm4Key() throws Exception {
|
KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM_NAME, BouncyCastleProvider.PROVIDER_NAME);
|
kg.init(DEFAULT_KEY_SIZE, new SecureRandom());
|
byte[] sm4Key = kg.generateKey().getEncoded();
|
return new String(Hex.encode(sm4Key)).toUpperCase();
|
}
|
|
/**
|
* 生成ECB暗号
|
*
|
*/
|
private static Cipher generateSm4Cipher(String algorithmName, int mode, byte[] key) throws Exception {
|
Cipher cipher = Cipher.getInstance(algorithmName, BouncyCastleProvider.PROVIDER_NAME);
|
Key sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);
|
cipher.init(mode, sm4Key);
|
return cipher;
|
}
|
|
/**
|
* sm4加密
|
*
|
*/
|
public static String encryptSm4(String data, String hexKey) {
|
try {
|
// 16进制字符串-->byte[]
|
byte[] keyData = Hex.decode(hexKey);
|
// String-->byte[]
|
byte[] srcData = data.getBytes(DEFAULT_CHARSET);
|
// 加密后的数组
|
Cipher cipher = generateSm4Cipher(ALGORITHM_NAME_ECB_PADDING, Cipher.ENCRYPT_MODE, keyData);
|
byte[] cipherArray = cipher.doFinal(srcData);
|
// byte[]-->hexString
|
return Hex.toHexString(cipherArray).toUpperCase();
|
} catch (Exception e) {
|
return null;
|
}
|
}
|
|
/**
|
* sm4解密
|
*
|
*/
|
public static String decryptSm4(String cipherText, String hexKey) {
|
// 用于接收解密后的字符串
|
String decryptStr = null;
|
// hexString-->byte[]
|
byte[] keyData = Hex.decode(hexKey);
|
// hexString-->byte[]
|
byte[] cipherData = Hex.decode(cipherText);
|
try {
|
// 解密
|
Cipher cipher = generateSm4Cipher(ALGORITHM_NAME_ECB_PADDING, Cipher.DECRYPT_MODE, keyData);
|
byte[] srcData = cipher.doFinal(cipherData);
|
decryptStr = new String(srcData, DEFAULT_CHARSET);
|
} catch (Exception e) {
|
e.printStackTrace();
|
}
|
return decryptStr;
|
}
|
|
}
|
