package com.ruoyi.shop.util;
|
|
import cn.hutool.core.codec.Base64;
|
import cn.hutool.core.io.FileUtil;
|
import java.io.BufferedInputStream;
|
import java.io.FileInputStream;
|
import java.io.IOException;
|
import java.io.InputStream;
|
import java.security.KeyFactory;
|
import java.security.NoSuchAlgorithmException;
|
import java.security.PrivateKey;
|
import java.security.cert.*;
|
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.PKCS8EncodedKeySpec;
|
|
|
/**
|
* @date 2020-03-18 11:25
|
* @description 证书相关
|
*/
|
public class CertificateUtils {
|
|
|
/**
|
* 获取商户私钥
|
* @param priKeyPath 商户私钥证书路径
|
* @return
|
*/
|
public static String getPrivateKey(String priKeyPath) throws Exception {
|
String originalKey = FileUtil.readUtf8String(priKeyPath);
|
String privateKey = originalKey
|
.replace("-----BEGIN PRIVATE KEY-----", "")
|
.replace("-----END PRIVATE KEY-----", "")
|
.replaceAll("\\s+", "");
|
return getPrivateKeyStr(loadPrivateKey(privateKey));
|
}
|
|
|
private static String getPrivateKeyStr(PrivateKey privateKey) {
|
return Base64.encode(privateKey.getEncoded());
|
}
|
|
|
/**
|
* 从字符串中加载私钥
|
* @param privateKeyStr 私钥
|
* @return
|
*/
|
public static PrivateKey loadPrivateKey(String privateKeyStr) throws Exception {
|
try {
|
byte[] buffer = Base64.decode(privateKeyStr);
|
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
|
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
|
return keyFactory.generatePrivate(keySpec);
|
} catch (NoSuchAlgorithmException e) {
|
throw new Exception("无此算法");
|
} catch (InvalidKeySpecException e) {
|
throw new Exception("私钥非法");
|
} catch (NullPointerException e) {
|
throw new Exception("私钥数据为空");
|
}
|
}
|
|
|
/**
|
* 获取证书
|
* @param fileName 证书文件路径 (required)
|
* @return
|
*/
|
public static X509Certificate getCertificate(String fileName) throws IOException {
|
InputStream fis = new FileInputStream(fileName);
|
try (BufferedInputStream bis = new BufferedInputStream(fis)) {
|
CertificateFactory cf = CertificateFactory.getInstance("X509");
|
X509Certificate cert = (X509Certificate) cf.generateCertificate(bis);
|
cert.checkValidity();
|
return cert;
|
} catch (CertificateExpiredException e) {
|
throw new RuntimeException("证书已过期", e);
|
} catch (CertificateNotYetValidException e) {
|
throw new RuntimeException("证书尚未生效", e);
|
} catch (CertificateException e) {
|
throw new RuntimeException("无效的证书文件", e);
|
}
|
}
|
|
|
/**
|
* 获取证书
|
* @param inputStream 证书文件
|
* @return
|
*/
|
public static X509Certificate getCertificate(InputStream inputStream) {
|
try {
|
CertificateFactory cf = CertificateFactory.getInstance("X509");
|
X509Certificate cert = (X509Certificate) cf.generateCertificate(inputStream);
|
cert.checkValidity();
|
return cert;
|
} catch (CertificateExpiredException e) {
|
throw new RuntimeException("证书已过期", e);
|
} catch (CertificateNotYetValidException e) {
|
throw new RuntimeException("证书尚未生效", e);
|
} catch (CertificateException e) {
|
throw new RuntimeException("无效的证书", e);
|
}
|
}
|
}
|
