supervision-edh/src/main/java/com/supervision/edh/utils/CertManager.java

package com.supervision.edh.utils;

import com.supervision.edh.config.CertConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.annotation.PostConstruct;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * @author Jason 证书管理
 * @date 2025年06月06日 14:24:09
 */
@Component
public class CertManager {

    private static volatile String privateKey;

    private static volatile String publicKey;

    @Autowired
    private CertConfig certConfig;


    /**
     * 私钥解密
     * @param key
     * @param data
     * @return
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeyException
     * @throws NoSuchPaddingException
     * @throws InvalidKeySpecException
     * @throws BadPaddingException
     * @throws IllegalBlockSizeException
     * @throws IOException
     */
    public  String keyDecrypt(String key,String data) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, InvalidKeySpecException, IllegalBlockSizeException, BadPaddingException, IOException{
        byte[] decode = java.util.Base64.getDecoder().decode(key);
        RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance(certConfig.getAlgorithm()).generatePrivate(new PKCS8EncodedKeySpec(decode));
        //RSA解密
        Cipher ci = Cipher.getInstance(certConfig.getAlgorithm());
        ci.init(Cipher.DECRYPT_MODE, priKey);


        byte[] bytes = java.util.Base64.getDecoder().decode(data);
        int inputLen = bytes.length;
        int offLen = 0;
        int i = 0;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while(inputLen - offLen > 0){
            byte[] cache;
            if(inputLen - offLen > 256){
                cache = ci.doFinal(bytes,offLen,256);
            }else{
                cache = ci.doFinal(bytes,offLen,inputLen - offLen);
            }
            byteArrayOutputStream.write(cache);
            i++;
            offLen = 256 * i;

        }
        byteArrayOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        return new String(byteArray);
    }

    /**
     * 公钥加密
     *
     * @param key
     * @param data
     * @return
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeySpecException
     * @throws NoSuchPaddingException
     * @throws IllegalBlockSizeException
     * @throws BadPaddingException
     * @throws InvalidKeyException
     * @throws IOException
     */
    public  String keyEncrypt(String key, String data) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, IOException {
        byte[] decode = java.util.Base64.getDecoder().decode(key);
        RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance(certConfig.getAlgorithm()).generatePublic(new X509EncodedKeySpec(decode));
        //RSA加密
        Cipher ci = Cipher.getInstance(certConfig.getAlgorithm());
        ci.init(Cipher.ENCRYPT_MODE, pubKey);


        byte[] bytes = data.getBytes();
        int inputLen = bytes.length;
        int offLen = 0;//偏移量
        int i = 0;
        ByteArrayOutputStream bops = new ByteArrayOutputStream();
        while (inputLen - offLen > 0) {
            byte[] cache;
            //2048 位密钥：2048 / 8 - 11 = 245 字节
            if (inputLen - offLen > 245) {
                cache = ci.doFinal(bytes, offLen, 245);
            } else {
                cache = ci.doFinal(bytes, offLen, inputLen - offLen);
            }
            bops.write(cache);
            i++;
            offLen = 245 * i;
        }
        bops.close();
        byte[] encryptedData = bops.toByteArray();
        String encodeToString = java.util.Base64.getEncoder().encodeToString(encryptedData);
        return encodeToString;
    }



    @PostConstruct
    public synchronized void init() throws Exception {
        if (privateKey == null) {
            privateKey = initPrivateKey();
        }
        if(publicKey == null) {
            publicKey = initPublicKey();
        }
    }




    /**
     * 获取私钥
     * @return
     * @throws Exception
     */
    public String initPrivateKey() throws Exception {
        KeyStore keyStore = KeyStoreUtil.loadKetStore(certConfig.getPath(),certConfig.getPassword());
        return Base64.encode(KeyStoreUtil.getPrivateKey(keyStore, certConfig.getPassword()).getEncoded());
    }

    public String getPrivateKey() {
        if (privateKey == null) {
            throw new IllegalStateException("获取私钥失败,证书未初始化");
        }
        return privateKey;
    }

    /**
     * 获取公钥
     * @return
     * @throws Exception
     */
    public  String initPublicKey() throws Exception {
        KeyStore keyStore = KeyStoreUtil.loadKetStore(certConfig.getPath(),certConfig.getPassword());
        PublicKey publicKey = KeyStoreUtil.getPublicKey(keyStore);
        return Base64.encode(publicKey.getEncoded());
    }

    public String getPublicKey() {
        if (publicKey == null) {
            throw new IllegalStateException("获取公钥失败，证书未初始化");
        }
        return publicKey;
    }
}