java常见的开源算法支持以及java默认支持的provider
java6支持了很多的加密算法，各大机构提供了很多的实现。但是大部分收费。
1、这里Bouncy Castle(http://www.bouncycastle.org)提供了一系列的算法实现，可以跻身于JCE的框架下，以提供者的方式纳入java安全实现的开源项目。
2、commons codec这个apache的项目对java6的api做了易用性改进，但是没有对java6提供扩展加密算法。
这里我们可以看到jdkhome下的jre/lib/security/java.security默认的支持的算法
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=sun.security.mscapi.SunMSCAPI
如果想把Bouncy Castle支持的算法加上去，也可以直接进行配置
security.provider.&n&=&classname&
但是这么做需要将Bouncy Castle的jar包放到jdk下的jre/lib/ext目录，最好jre home下的ext也放一个
写法雷同上边1-9的提供者
不过就算我们不在jdk的环境中配置上边的东东也没问题
我们直接在调用算法的时候显式指明我们用什么类的哪个算法即可
Copyright (C) , All Rights Reserved.
版权所有 闽ICP备号
processed in 0.049 (s). 12 q(s)xml签字验签模拟程序 - XML/SOAP
xml签名验签模拟程序
package com.kame.micropay.netbank.service.adapter.b2c;import java.io.ByteArrayInputSimport java.io.ByteArrayOutputSimport java.io.FileInputSimport java.io.FileNotFoundEimport java.io.IOEimport java.io.InputSimport java.io.UnsupportedEncodingEimport java.security.KeySimport java.security.KeyStoreEimport java.security.NoSuchAlgorithmEimport java.security.PrivateKimport java.security.PublicKimport java.security.UnrecoverableKeyEimport java.security.cert.CertificateEimport java.security.cert.CertificateFimport java.security.cert.X509Cimport java.util.Cimport java.util.Eimport javax.xml.crypto.dom.DOMSimport javax.xml.crypto.dsig.XMLSignatureFimport javax.xml.crypto.dsig.dom.DOMSignCimport javax.xml.crypto.dsig.dom.DOMValidateCimport javax.xml.crypto.dsig.spec.C14NMethodParameterSimport javax.xml.crypto.dsig.spec.TransformParameterSimport javax.xml.parsers.DocumentBuilderFimport javax.xml.transform.Timport javax.xml.transform.TransformerFimport javax.xml.transform.dom.DOMSimport javax.xml.transform.stream.StreamRimport org.w3c.dom.Dimport org.w3c.dom.Nimport org.w3c.dom.NodeL/** * xml签名验签模拟程序 */public class SignForXML {
public static void main(String[] args) throws Exception {
String pubKeyFile = "F:/home/weblogic/profiles/kame-bank/cert/pingan/kmpay.cer";
String priKeyFile = "F:/home/weblogic/profiles/kame-bank/cert/pingan/kmpay.pfx";
String priKeyPsw = "111111";
String signNode = "PAFPReq";
String forSignatureStr = "";
forSignatureStr = forSignatureStr+"&Fastpay&";
forSignatureStr = forSignatureStr+" &Message id=\"3\"&";
forSignatureStr = forSignatureStr+"
&PAFPReq id=\"PAFPReq\"&";
forSignatureStr = forSignatureStr+"
&date&:51:39&/date&";
forSignatureStr = forSignatureStr+"&&&&&
&tranCode&"+""+"&/tranCode&";
forSignatureStr = forSignatureStr+"&&&&&
&instId&1217&/instId&";
forSignatureStr = forSignatureStr+"&&&&&
&tradeCode&&/tradeCode&";
forSignatureStr = forSignatureStr+"&&&&&
&name&测试&/name&";
forSignatureStr = forSignatureStr+"&&&&&
&encryptData&WEGTFWEGDSAGHWERYUHWWEQEWGH&/encryptData&";
forSignatureStr = forSignatureStr+"
&/PAFPReq&";
forSignatureStr = forSignatureStr+" &/Message&";
forSignatureStr = forSignatureStr+"&/Fastpay&";
String signResult = signXML(priKeyFile,priKeyPsw,priKeyPsw,"",forSignatureStr,signNode);
boolean verifySignature = verifySignature("",signResult,pubKeyFile);
if(verifySignature){
System.out.println("验证签名成功");
System.out.println("验证签名失败");
public static String signXML(String priKeyName,String keyStorePsw,String priKeyPsw,
String partnerCode ,String xmlStr,String tagName) {
System.out.println("priKeyName:" + priKeyName);
FileInputStream priKeyStream =
priKeyStream = new FileInputStream(priKeyName);
} catch (FileNotFoundException e) {
System.out.println("文件不存在：" + priKeyName + e);
PrivateKey priKey =& getPrivateKey(priKeyStream,keyStorePsw,priKeyPsw);
System.out.println("签名前的报文:" + xmlStr);
//给XML签名
String signedXML = signXml(xmlStr, priKey, "#"+tagName);
System.out.println("签名后的报文:" + signedXML);
return signedXML; } &&& /**&&&& *& 校验对xml报文的签名&&&& * @return 校验失功返回true，否则返回false.&&&& */&&& public static& boolean verifySignature(String partnerCode , String signedXmlStr,String pubKeyName) { &&&
System.out.println("待验签的报文:" + signedXmlStr); &&&
ByteArrayInputStream inputS
inputStream = new ByteArrayInputStream(signedXmlStr.getBytes("UTF-8"));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(inputStream);
NodeList nl =& doc.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
Node signatureNode = nl.item(0);
XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
javax.xml.crypto.dsig.XMLSignature signature = factory.unmarshalXMLSignature(new DOMStructure(signatureNode));
FileInputStream pubKeyStream = new FileInputStream(pubKeyName);
PublicKey pubKey = getPublicKey(pubKeyStream);
DOMValidateContext valCtx = new DOMValidateContext(pubKey, signatureNode);
boolean coreValidity = signature.validate(valCtx);
System.out.println("验签结果:" + coreValidity);
return coreV
} catch (UnsupportedEncodingException e) {
System.out.println("验签异常： " + e);
e.printStackTrace();
}catch (Exception e){
System.out.println("验签异常： " + e);
e.printStackTrace();
private static String signXml(String msg_xml, PrivateKey priKey, String msgType) {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
ByteArrayInputStream inputStream = new ByteArrayInputStream(msg_xml.getBytes("UTF-8"));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document document = dbf.newDocumentBuilder().parse(inputStream);
StreamResult streamResult = new StreamResult(outputStream);
NodeList messageNodeList = document.getDocumentElement().getChildNodes();
for (int index = 0; index & messageNodeList.getLength(); index++)
Node messageNode = messageNodeList.item(index);
if (messageNode.getNodeType() != 1)
if (!"Message".equals(messageNode.getLocalName()))
System.out.println("messageNode=" + messageNode.getNodeValue());
XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
//jdk6.0适用上面的语句，jdk1.4改为下面的语句
//XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
DOMSignContext domSignContext = new DOMSignContext(priKey, messageNode);
javax.xml.crypto.dsig.Transform envelopedTransform = factory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature",
(TransformParameterSpec) null);
javax.xml.crypto.dsig.DigestMethod digestMethod = factory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
javax.xml.crypto.dsig.Reference ref = factory.newReference(msgType, digestMethod, Collections
.singletonList(envelopedTransform), null, null);
javax.xml.crypto.dsig.CanonicalizationMethod canonicalizationMethod = factory.newCanonicalizationMethod(
"http://www.w3.org/TR/2001/REC-xml-c14n-", (C14NMethodParameterSpec) null);
javax.xml.crypto.dsig.SignatureMethod signatureMethod = factory
.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", null);
javax.xml.crypto.dsig.SignedInfo si = factory.newSignedInfo(canonicalizationMethod, signatureMethod, Collections.singletonList(ref));
javax.xml.crypto.dsig.XMLSignature signature = factory.newXMLSignature(si, null);
signature.sign(domSignContext);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty("omit-xml-declaration", "no");
transformer.transform(new DOMSource(document), streamResult);
String signedXML = outputStream.toString("UTF-8");
outputStream.close();
return signedXML;
} catch (Exception e)
System.out.println("XML数字签名出错：" + e);
outputStream.close();
} catch (IOException e)
e.printStackTrace();
} &&& /**&&&& *获取证书私钥&&&& * @return&&&& */&&& private static PrivateKey getPrivateKey(InputStream priKeyName,String keyStorePsw,String priKeyPassword){&&&
PrivateKey priv=
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(priKeyName, keyStorePsw.toCharArray());
Enumeration en = ks.aliases();
String alias =
for (int i = 0; en.hasMoreElements(); i++) {
alias = en.nextElement().toString();
if (i &= 1) {
System.out.println("此文件中含有多个证书!");
priv = (PrivateKey) ks.getKey(alias,priKeyPassword.toCharArray());
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
&&& }&&& &&& private static PublicKey getPublicKey(InputStream pubKeyName){&&&
PublicKey pub=
CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate)certificatefactory.generateCertificate(pubKeyName);
pub = certificate.getPublicKey();
} catch (CertificateException e) {
System.out.println("获取公钥异常：" + e);
e.printStackTrace();Access denied | www.archivum.info used Cloudflare to restrict access
Please enable cookies.
What happened?
The owner of this website (www.archivum.info) has banned your access based on your browser's signature (3e0ac8e7819941bd-ua98).