最近项目组给了一个需要,须要我这边写一个接口,给第三方应用。过后就想,这不是很简略嘛,唰唰唰,就写好了。忽然想到,没有限度条件,那岂不是太不平安了,谁都能够调我这个接口了啊。而后就想了想,emmmm,ras如同能够用的啊,那就间接写写看吧。
RSA的加密过程如下:
(1)A生成一对密钥(公钥和私钥),私钥不公开,A本人保留。公钥为公开的,任何人能够获取。
(2)A传递本人的公钥给B,B用A的公钥对音讯进行加密。
(3)A接管到B加密的音讯,利用A本人的私钥对音讯进行解密。
先上代码:

public static void main(String[] args) throws Exception {        //生成公钥和私钥 genKeyPair(); //加密字符串 String message = "df723820"; System.out.println("随机生成的公钥为:" + keyMap.get(0)); System.out.println("随机生成的私钥为:" + keyMap.get(1)); }    /** * 随机生成密钥对 * @throws NoSuchAlgorithmException */ public static void genKeyPair() throws NoSuchAlgorithmException {        // KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象 KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); // 初始化密钥对生成器,密钥大小为96-1024位 keyPairGen.initialize(1024,new SecureRandom()); // 生成一个密钥对,保留在keyPair中 KeyPair keyPair = keyPairGen.generateKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 失去私钥 RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 失去公钥 String publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded())); // 失去私钥字符串 String privateKeyString = new String(Base64.encodeBase64((privateKey.getEncoded()))); // 将公钥和私钥保留到Map keyMap.put(0,publicKeyString); //0示意公钥 keyMap.put(1,privateKeyString); //1示意私钥 }

公钥,私钥生成后,公钥可对外公开,私钥需本人保留。
加密,解密办法:

/** * RSA公钥加密 * * @param str * 加密字符串 * 公钥 * @return 密文 * @throws Exception * 加密过程中的异样信息 */public String encrypt( String str ) throws Exception{    //base64编码的公钥 byte[] decoded = Base64.decodeBase64(publicKey); RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded)); //RSA加密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, pubKey); String outStr = Base64.encodeBase64String(cipher.doFinal(str.getBytes("UTF-8"))); return outStr;}/** * RSA私钥解密 * * @param str * 加密字符串 * 私钥 * @return 铭文 * @throws Exception * 解密过程中的异样信息 */public String decrypt(String str) throws Exception{    //64位解码加密后的字符串 byte[] inputByte = Base64.decodeBase64(str.getBytes("UTF-8")); //base64编码的私钥 byte[] decoded = Base64.decodeBase64(privateKey); RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); //RSA解密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, priKey); String outStr = new String(cipher.doFinal(inputByte)); return outStr;}

这段代码中的 publicKey 和 privateKey,就是咱们上段代码中获取到的,只需生成一次。这个时候咱们就能够在咱们的接口里进行验证了。
附上本人应用时的代码:
我这边是把加密解密的办法放到了一个工具类里,应用的时候间接调用工具类的办法就能够了,残缺如下:

package com.pactera.rms.util;import org.apache.commons.codec.binary.Base64;import org.springframework.beans.factory.annotation.Value;import org.springframework.stereotype.Component;import javax.crypto.Cipher;import java.security.*;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map;/** * @author qps * Date 2020/10/25 19:30 */@Componentpublic class RSAEncrypt {    @Value("${rms.rsa.publicKey.key}")   private String publicKey; @Value("${rms.rsa.privateKey.key}")    private String privateKey; private static Map<Integer, String> keyMap = new HashMap<Integer, String>(); //用于封装随机产生的公钥与私钥 public static void main(String[] args) throws Exception {        //生成公钥和私钥 genKeyPair(); //加密字符串 String message = "df723820"; System.out.println("随机生成的公钥为:" + keyMap.get(0)); System.out.println("随机生成的私钥为:" + keyMap.get(1));//        String messageEn = encrypt(message,keyMap.get(0));//        System.out.println(message + "t加密后的字符串为:" + messageEn);//        String messageDe = decrypt(messageEn,keyMap.get(1));//        System.out.println("还原后的字符串为:" + messageDe); }    /** * 随机生成密钥对 * @throws NoSuchAlgorithmException */ public static void genKeyPair() throws NoSuchAlgorithmException {        // KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象 KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); // 初始化密钥对生成器,密钥大小为96-1024位 keyPairGen.initialize(1024,new SecureRandom()); // 生成一个密钥对,保留在keyPair中 KeyPair keyPair = keyPairGen.generateKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 失去私钥 RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 失去公钥 String publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded())); // 失去私钥字符串 String privateKeyString = new String(Base64.encodeBase64((privateKey.getEncoded()))); // 将公钥和私钥保留到Map keyMap.put(0,publicKeyString); //0示意公钥 keyMap.put(1,privateKeyString); //1示意私钥 }    /** * RSA公钥加密 * * @param str * 加密字符串 * 公钥 * @return 密文 * @throws Exception * 加密过程中的异样信息 */ public String encrypt( String str ) throws Exception{        //base64编码的公钥 byte[] decoded = Base64.decodeBase64(publicKey); RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded)); //RSA加密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, pubKey); String outStr = Base64.encodeBase64String(cipher.doFinal(str.getBytes("UTF-8"))); return outStr; }    /** * RSA私钥解密 * * @param str * 加密字符串 * 私钥 * @return 铭文 * @throws Exception * 解密过程中的异样信息 */ public String decrypt(String str) throws Exception{        //64位解码加密后的字符串 byte[] inputByte = Base64.decodeBase64(str.getBytes("UTF-8")); //base64编码的私钥 byte[] decoded = Base64.decodeBase64(privateKey); RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); //RSA解密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, priKey); String outStr = new String(cipher.doFinal(inputByte)); return outStr; }}

另外,还有一段代码,是我用来获取传过来的headers 中的key和value的:

package com.pactera.rms.util;import org.apache.commons.io.IOUtils;import javax.servlet.ReadListener;import javax.servlet.ServletInputStream;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import java.io.BufferedReader;import java.io.ByteArrayInputStream;import java.io.IOException;import java.io.InputStreamReader;/** * @author qps */public class MultiReadHttpServletRequest extends HttpServletRequestWrapper {    private final byte[] bytes; public MultiReadHttpServletRequest(HttpServletRequest request) throws IOException {        super(request); bytes = IOUtils.toByteArray(request.getInputStream()); }    @Override public ServletInputStream getInputStream() throws IOException {        return new ServletInputStream() {            private int lastIndexRetrieved = -1; private ReadListener readListener = null; @Override public boolean isFinished() {                return (lastIndexRetrieved == bytes.length-1); }            @Override public boolean isReady() {                // This implementation will never block // We also never need to call the readListener from this method, as this method will never return false return isFinished(); }            @Override public void setReadListener(ReadListener readListener) {                this.readListener = readListener; if (!isFinished()) {                    try {                        readListener.onDataAvailable(); } catch (IOException e) {                        readListener.onError(e); }                } else {                    try {                        readListener.onAllDataRead(); } catch (IOException e) {                        readListener.onError(e); }                }            }            @Override public int read() throws IOException {                int i; if (!isFinished()) {                    i = bytes[lastIndexRetrieved+1]; lastIndexRetrieved++; if (isFinished() && (readListener != null)) {                        try {                            readListener.onAllDataRead(); } catch (IOException ex) {                            readListener.onError(ex); throw ex; }                    }                    return i; } else {                    return -1; }            }        }; }    @Override public BufferedReader getReader() throws IOException {        ByteArrayInputStream is = new ByteArrayInputStream(bytes); BufferedReader temp = new BufferedReader(new InputStreamReader(is)); return temp; }}

这两个文件放好之后,就能够在本人办法应用了:

@ApiOperation("简历解析")@ApiParam(name = "files", value = "files", required = true)@RequestMapping(value = "/resume", method = RequestMethod.POST, consumes = {"multipart/*"}, headers = {"content-type=multipart/form-data"})public ListOutput resumeAnalysis(@RequestParam("files") MultipartFile[] files, ServletRequest servletRequest) throws Exception {    MultiReadHttpServletRequest request = new MultiReadHttpServletRequest((HttpServletRequest) servletRequest); String sign = request.getHeader("Authorization"); String decrypt = rsaEncrypt.decrypt(sign); StringBuilder params = new StringBuilder(); for (int i = 0; i < files.length; i++) {        String originalFilename = files[i].getOriginalFilename(); int i1 = originalFilename.lastIndexOf("."); String substring = originalFilename.substring((i1 + 1), originalFilename.length()); params.append("&").append(substring); }    //源数据 String data = params.toString().replaceFirst("&", "");//        String encrypt = rsaEncrypt.encrypt(data);//        System.out.println(encrypt); //校验 System.out.println(data.equals(decrypt)); if(data.equals(decrypt)){        logger.info("调用接口胜利,开始执行....." + files); String type = "Campus"; List jsonObject = service.resume(files, type); return new ListOutput(200, "胜利", null, jsonObject); }else {        return new ListOutput(407, "身份验证失败,请从新提交", null, null); }}

这时就功败垂成了。
PS:RSA加密对明文的长度有所限度,规定需加密的明文最大长度=密钥长度-11(单位是字节,即byte),所以在加密和解密的过程中须要分块进行。而密钥默认是1024位,即1024位/8位-11=128-11=117字节。所以默认加密前的明文最大长度117字节,解密密文最大长度为128字。那么为啥两者相差11字节呢?是因为RSA加密应用到了填充模式(padding),即内容有余117字节时会主动填满,用到填充模式天然会占用肯定的字节,而且这部分字节也是参加加密的。