竹云IDaaS•开放平台
员工身份(EIAM)

签名代码示例

接口

# 步骤

  • 用获取公钥接口拿到应用公钥:publicKey

  • 调用登录接口拿到登录后的会话凭证:sessionToken

  • 调用获取服务器时间接口拿到当前服务器时间戳:timestamp 将当前服务器时间戳转成16进制:nonce = Long.toHexString(timestamp)

  • 拼接需要加密的串: String signature = "session_token="+sessionToken+"&timestamp="+timestamp+"&nonce="+nonce;

  • 调用加密方法拿到签名信息:
    String signatureEncrypt = RSAUtils.encrypt(signature, publicKey);

# 代码示例

RSAUtils.java:

package com.qin.sdk.utils;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.crypto.Cipher;
import java.nio.charset.Charset;
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;

import org.apache.commons.codec.binary.Base64;
/**
 * @author chenqin
 * @Package com.qin.sdk.utils
 * @date 2021/8/16 11:40
 * @description
 */
public class RSAUtils {

    public static final Provider provider = new BouncyCastleProvider();
    public static final String KEY_ALGORITHM = "RSA";
    public static final String BEGIN_PRI_KEY = "-----BEGIN RSA PRIVATE KEY-----";
    public static final String END_PRI_KEY = "-----END RSA PRIVATE KEY-----";

    public static final String BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
    public static final String END_PUB_KEY = "-----END PUBLIC KEY-----";
    //加密
    public static String encrypt(String jsonDecryptStr, String publicKeyStr) {
        publicKeyStr = publicKeyStr.replace("\\n", "");
        try {
            byte[] enStrByte =  encrypt(jsonDecryptStr, getPublicRSAKey(publicKeyStr));
            return Base64Utils.encodeToString(enStrByte);
        }catch (Exception e){
            throw new RuntimeException("Could not encrypt data ",e);
        }
    }

    public static PublicKey getPublicRSAKey(String key) throws NoSuchAlgorithmException, InvalidKeySpecException {
        X509EncodedKeySpec x509 = new X509EncodedKeySpec(Base64Utils.decodeFromString(key));
        KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
        return kf.generatePublic(x509);
    }

    public static byte[] encrypt(String input, PublicKey publicKey)
            throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", provider);
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        byte[] re = cipher.doFinal(input.getBytes("UTF-8"));
        return re;
    }

    //解密
    public String segmentdecrypt(String jsonEncryptStr, String privateKey) {
        privateKey = privateKey.replaceAll(BEGIN_PRI_KEY, "").replaceAll(END_PRI_KEY, "").replace("\\n", "");
        try {
            byte[] bt = Base64.decodeBase64(jsonEncryptStr);
            byte[] decryptedData = RSAUtils.decrypt(bt, RSAUtils.getPrivateRSAKey(privateKey));
            return validateData(decryptedData);
        }catch (Exception e){
            return e.getMessage();
        }
    }

    private static byte[] decrypt(byte[] encrypted, PrivateKey privateKey)
            throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", provider);
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        return cipher.doFinal(encrypted);
    }

    public static PrivateKey getPrivateRSAKey(String key) throws InvalidKeySpecException, NoSuchAlgorithmException {
        PKCS8EncodedKeySpec pkcs8 = new PKCS8EncodedKeySpec(Base64Utils.decodeFromString(key));
        KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
        return kf.generatePrivate(pkcs8);
    }

    private static String validateData(byte[] decryptedData) {
        String dataStr = new String(decryptedData, Charset.defaultCharset());
        if (dataStr!=null && dataStr.length() > 0){
            String[] split = dataStr.split("#");
            if (split.length > 1 && split[split.length-1].length() == String.valueOf(new Date().getTime()).length()) {
                try {
                    if (new Date().getTime() - Long.parseLong(split[split.length-1]) < 5*60*1000L){
                        return dataStr.substring(0,dataStr.length()-1-split[split.length-1].length());
                    }else {
                        throw new RuntimeException("operate time out");
                    }
                } catch (Exception e) {
                    throw new  RuntimeException("wrong timestamp ", e);
                }
            }else {
                return dataStr;
            }
        }
        return null;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

返回码