{"id":1395,"date":"2023-03-19T11:12:42","date_gmt":"2023-03-19T03:12:42","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1395"},"modified":"2023-04-28T21:10:46","modified_gmt":"2023-04-28T13:10:46","slug":"alipay-access-rsa-add-verify-sign-and-illegal-sign","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/19\/alipay-access-rsa-add-verify-sign-and-illegal-sign\/","title":{"rendered":"\u652f\u4ed8\u5b9d\u5bf9\u63a5RSA\u52a0\u89e3\u7b7e\u53caILLEGAL_SIGN\u8e29\u5751"},"content":{"rendered":"
\n

ILLEGAL_SIGN<\/code>\u8e29\u5751\u8bb0\uff1a\u9700\u5bf9sign\u503c\u8fdb\u884cURLEncoder<\/code>\u7f16\u7801<\/p>\n<\/blockquote>\n

RSA\u52a0\u89e3\u7b7e<\/h2>\n

<\/p>\n

import org.apache.commons.codec.binary.Base64;\nimport org.apache.commons.lang.StringUtils;\n\nimport java.io.*;\nimport java.security.KeyFactory;\nimport java.security.PrivateKey;\nimport java.security.PublicKey;\nimport java.security.Signature;\nimport java.security.spec.PKCS8EncodedKeySpec;\nimport java.security.spec.X509EncodedKeySpec;\n\npublic class RSA {\n\n    private static final String SIGN_TYPE_RSA = "RSA";\n\n    private static final String SIGN_TYPE_RSA2 = "RSA2";\n\n    private static final String SIGN_ALGORITHMS = "SHA1WithRSA";\n\n    private static final String SIGN_SHA256RSA_ALGORITHMS = "SHA256WithRSA";\n\n    private static final int DEFAULT_BUFFER_SIZE = 8192;\n\n    \/**\n     * RSA\/RSA2 \u52a0\u7b7e\n     * @param signType\n     * @param privateKey\n     * @param content\n     * @param charset\n     * @return\n     * @throws Exception\n     *\/\n    public static String rsaSign(String signType, String privateKey, String content, String charset) throws Exception {\n        PrivateKey priKey = null;\n        Signature signature = null;\n        if (SIGN_TYPE_RSA.equals(signType)) {\n            priKey = getPrivateKeyFromPKCS8(SIGN_TYPE_RSA, new ByteArrayInputStream(privateKey.getBytes()));\n            signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);\n        } else if (SIGN_TYPE_RSA2.equals(signType)) {\n            priKey = getPrivateKeyFromPKCS8(SIGN_TYPE_RSA, new ByteArrayInputStream(privateKey.getBytes()));\n            signature = java.security.Signature.getInstance(SIGN_SHA256RSA_ALGORITHMS);\n        } else {\n            throw new Exception("\u4e0d\u662f\u652f\u6301\u7684\u7b7e\u540d\u7c7b\u578b: signType=" + signType);\n        }\n        signature.initSign(priKey);\n\n        if (StringUtils.isEmpty(charset)) {\n            signature.update(content.getBytes());\n        } else {\n            signature.update(content.getBytes(charset));\n        }\n\n        byte[] signed = signature.sign();\n\n        return new String(Base64.encodeBase64(signed));\n    }\n\n    \/**\n     * \u9a8c\u7b7e\u65b9\u6cd5\n     *\n     * @param content \u53c2\u6570\u7684\u5408\u6210\u5b57\u7b26\u4e32\u683c\u5f0f: key1=value1&key2=value2&key3=value3\n     * @param signType\n     * @param sign\n     * @param publicKey\n     * @param content\n     * @param charset\n     * @return\n     *\/\n    public static boolean rsaVerify(String signType, String sign, String publicKey, String content, String charset) throws Exception {\n        java.security.Signature signature = null;\n        PublicKey pubKey = getPublicKeyFromX509("RSA", new ByteArrayInputStream(publicKey.getBytes()));\n        if (SIGN_TYPE_RSA.equals(signType)) {\n            signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);\n        } else if (SIGN_TYPE_RSA2.equals(signType)) {\n            signature = java.security.Signature.getInstance(SIGN_SHA256RSA_ALGORITHMS);\n        } else {\n            throw new Exception("\u4e0d\u662f\u652f\u6301\u7684\u7b7e\u540d\u7c7b\u578b: signType=" + signType);\n        }\n        signature.initVerify(pubKey);\n\n        if (StringUtils.isEmpty(charset)) {\n            signature.update(content.getBytes());\n        } else {\n            signature.update(content.getBytes(charset));\n        }\n\n        return signature.verify(Base64.decodeBase64(sign.getBytes()));\n    }\n\n    private static PrivateKey getPrivateKeyFromPKCS8(String algorithm, InputStream ins) throws Exception {\n        if (ins == null || StringUtils.isEmpty(algorithm)) {\n            return null;\n        }\n\n        KeyFactory keyFactory = KeyFactory.getInstance(algorithm);\n\n        byte[] encodedKey = readText(ins).getBytes();\n\n        encodedKey = Base64.decodeBase64(encodedKey);\n\n        return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));\n    }\n\n    private static PublicKey getPublicKeyFromX509(String algorithm, InputStream ins) throws Exception {\n        KeyFactory keyFactory = KeyFactory.getInstance(algorithm);\n\n        StringWriter writer = new StringWriter();\n        io(new InputStreamReader(ins), writer, -1);\n\n        byte[] encodedKey = writer.toString().getBytes();\n\n        encodedKey = Base64.decodeBase64(encodedKey);\n\n        return keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));\n    }\n\n    private static String readText(InputStream ins) throws IOException {\n        Reader reader = new InputStreamReader(ins);\n        StringWriter writer = new StringWriter();\n\n        io(reader, writer, -1);\n        return writer.toString();\n    }\n\n    private static void io(Reader in, Writer out, int bufferSize) throws IOException {\n        if (bufferSize == -1) {\n            bufferSize = DEFAULT_BUFFER_SIZE >> 1;\n        }\n\n        char[] buffer = new char[bufferSize];\n        int amount;\n\n        while ((amount = in.read(buffer)) >= 0) {\n            out.write(buffer, 0, amount);\n        }\n    }\n\n}<\/code><\/pre>\n
ILLEGAL_SIGN\u89e3\u51b3<\/h2>\n
private String getSign(String signType, String signKey, String content, String inputCharset) {\n    String sign = "";\n    if ("MD5".equalsIgnoreCase(signType)) {\n        sign = MD5.sign(content, signKey, inputCharset);\n    } else if ("RSA".equalsIgnoreCase(signType) || "RSA2".equalsIgnoreCase(signType)) {\n        try {\n            sign = RSA.rsaSign(signType, privateKey, content, inputCharset);\n            sign = URLEncoder.encode(sign, inputCharset);  \/\/\u89e3\u51b3ILLEGAL_SIGN\n        } catch (Exception e) {\n        }\n    }\n    return sign;\n}<\/code><\/pre>\n
MD5\u52a0\u89e3\u7b7e<\/h2>\n
import org.apache.commons.codec.digest.DigestUtils;\n\nimport java.io.UnsupportedEncodingException;\nimport java.security.SignatureException;\n\npublic class MD5 {\n\n    \/**\n     * \u7b7e\u540d\u5b57\u7b26\u4e32\n     *\n     * @param text    \u9700\u8981\u7b7e\u540d\u7684\u5b57\u7b26\u4e32\n     * @param key     \u5bc6\u94a5\n     * @param charset \u7f16\u7801\u683c\u5f0f\n     * @return \u7b7e\u540d\u7ed3\u679c\n     *\/\n    public static String sign(String text, String key, String charset) {\n        text = text + key;\n        return DigestUtils.md5Hex(getContentBytes(text, charset));\n    }\n\n    \/**\n     * \u7b7e\u540d\u5b57\u7b26\u4e32\n     *\n     * @param text    \u9700\u8981\u7b7e\u540d\u7684\u5b57\u7b26\u4e32\n     * @param sign    \u7b7e\u540d\u7ed3\u679c\n     * @param key     \u5bc6\u94a5\n     * @param charset \u7f16\u7801\u683c\u5f0f\n     * @return \u7b7e\u540d\u7ed3\u679c\n     *\/\n    public static boolean verify(String text, String sign, String key, String charset) {\n        text = text + key;\n        String mySign = DigestUtils.md5Hex(getContentBytes(text, charset));\n        if (mySign.equals(sign)) {\n            return true;\n        } else {\n            return false;\n        }\n    }\n\n    \/**\n     * @param content\n     * @param charset\n     * @return\n     * @throws SignatureException\n     * @throws UnsupportedEncodingException\n     *\/\n    private static byte[] getContentBytes(String content, String charset) {\n        if (charset == null || "".equals(charset)) {\n            return content.getBytes();\n        }\n        try {\n            return content.getBytes(charset);\n        } catch (UnsupportedEncodingException e) {\n            throw new RuntimeException("MD5\u7b7e\u540d\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u9519\u8bef,\u6307\u5b9a\u7684\u7f16\u7801\u96c6\u4e0d\u5bf9,\u60a8\u76ee\u524d\u6307\u5b9a\u7684\u7f16\u7801\u96c6\u662f:" + charset);\n        }\n    }\n\n}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
ILLEGAL_SIGN\u8e29\u5751\u8bb0\uff1a\u9700\u5bf9sign\u503c\u8fdb\u884cURLEncoder\u7f16\u7801 RSA\u52a0\u89e3\u7b7e import org […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[108,348],"class_list":["post-1395","post","type-post","status-publish","format-standard","hentry","category-java-basic","tag-rsa","tag-348"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1395"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1395\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}