YTOTW 2016-01-26 12:08 采纳率: 0%
浏览 3027

ping++ java验签(签名,公钥,charge)怎么获取

这是官网demo

 package example;

import java.io.FileInputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.X509EncodedKeySpec;

import org.apache.commons.codec.binary.Base64;

import Decoder.BASE64Decoder;

/**
 * Created by sunkai on 15/5/19. webhooks 验证签名示例
 * 
 * 该实例演示如何对 ping++ webhooks 通知进行验证。
 * 验证是为了让开发者确认该通知来自 ping++ ,防止恶意伪造通知。用户如果有别的验证机制,可以不进行验证签名。
 * 
 * 验证签名需要 签名、公钥、验证信息,该实例采用文件存储方式进行演示。
 * 实际项目中,需要用户从异步通知的 HTTP header 中读取签名,从 HTTP body 中读取验证信息。公钥的存储方式也需要用户自行设定。
 * 
 *  该实例仅供演示如何验证签名,请务必不要直接 copy 到实际项目中使用。
 * 
 */
public class WebHooksVerifyExample {
    private static String filePath = "src/my-server.pub";
    private static String eventPath = "src/charge";
    private static String signPath = "src/sign";

    /**
     * 验证webhooks 签名,仅供参考
     * @param args
     * @throws Exception
     */
    public static void main(String[] args) throws Exception {

        boolean result = verifyData(getByteFromFile(eventPath, false), getByteFromFile(signPath, true), getPubKey());
        System.out.println("验签结果:"+result);
    }

    /**
     * 读取文件,部署web程序的时候,签名和验签内容需要从request中获得
     * @param file
     * @param base64
     * @return
     * @throws Exception
     */
    public static byte[] getByteFromFile(String file, boolean base64) throws Exception {
        FileInputStream in = new FileInputStream(file);
        byte[] fileBytes = new byte[in.available()];
        in.read(fileBytes);
        in.close();
        String pubKey = new String(fileBytes, "UTF-8");
        if (base64) {
            BASE64Decoder decoder = new BASE64Decoder();
            fileBytes = decoder.decodeBuffer(pubKey);
//          fileBytes = Base64.decodeBase64(pubKey);
        }
        return fileBytes;
    }

    /**
     * 获得公钥
     * @return
     * @throws Exception
     */
    public static PublicKey getPubKey() throws Exception {
        // read key bytes
        FileInputStream in = new FileInputStream(filePath);
        byte[] keyBytes = new byte[in.available()];
        in.read(keyBytes);
        in.close();

        String pubKey = new String(keyBytes, "UTF-8");
        pubKey = pubKey.replaceAll("(-+BEGIN PUBLIC KEY-+\\r?\\n|-+END PUBLIC KEY-+\\r?\\n?)", "");

        keyBytes = Base64.decodeBase64(pubKey);

        // generate public key
        X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(spec);
        return publicKey;
    }

    /**
     * 验证签名
     * @param data
     * @param sigBytes
     * @param publicKey
     * @return
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeyException
     * @throws SignatureException
     */
    public static boolean verifyData(byte[] data, byte[] sigBytes, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(publicKey);
        signature.update(data);
        return signature.verify(sigBytes);
    }

}
  • 写回答

2条回答

  • devmiao 2016-01-26 15:55
    关注

    http://www.blogjava.net/icewee/archive/2012/05/21/378719.html

    评论

报告相同问题?

悬赏问题

  • ¥30 matlab解优化问题代码
  • ¥15 写论文,需要数据支撑
  • ¥15 identifier of an instance of 类 was altered from xx to xx错误
  • ¥100 反编译微信小游戏求指导
  • ¥15 docker模式webrtc-streamer 无法播放公网rtsp
  • ¥15 学不会递归,理解不了汉诺塔参数变化
  • ¥15 基于图神经网络的COVID-19药物筛选研究
  • ¥30 软件自定义无线电该怎样使用
  • ¥15 R语言mediation包做中介分析,直接效应和间接效应都很小,为什么?
  • ¥15 Jenkins+k8s部署slave节点offline