亚洲人成色777777老人头,亚洲图片一区二区,亚洲熟妇无码一区二区三区导航

JAVA對數字證書的常用操作

一：需要包含的包???

import ?java.security. * ;

???? import ?java.io. * ;

???? import ?java.util. * ;

???? import ?java.security. * ;

???? import ?java.security.cert. * ;

???? import ?sun.security.x509. *

???? import ?java.security.cert.Certificate;

???? import ?java.security.cert.CertificateFactory;

二：從文件中讀取證書
??? 用keytool將.keystore中的證書寫入文件中，然后從該文件中讀取證書信息???

?CertificateFactory?cf = CertificateFactory.getInstance( " X.509 " );

????FileInputStream?in = new ?FileInputStream( " out.csr " );

????Certificate?c = cf.generateCertificate(in);

????String?s = c.toString();

三：從密鑰庫中直接讀取證書
???

String?pass = " 123456 " ;

????FileInputStream?in = new ?FileInputStream( " .keystore " );

????KeyStore?ks = KeyStore.getInstance( " JKS " );

????ks.load(in,pass.toCharArray());

????java.security.cert.Certificate?c = ks.getCertificate(alias); // alias為條目的別名

四：JAVA程序中顯示證書指定信息
???

?System.out.println( " 輸出證書信息:\n " + c.toString());

????System.out.println( " 版本號: " + t.getVersion());

????System.out.println( " 序列號: " + t.getSerialNumber().toString( 16 ));

????System.out.println( " 主體名： " + t.getSubjectDN());

????System.out.println( " 簽發者： " + t.getIssuerDN());

????System.out.println( " 有效期： " + t.getNotBefore());

????System.out.println( " 簽名算法： " + t.getSigAlgName());

???? byte ?[]?sig = t.getSignature(); // 簽名值?

????PublicKey?pk = t.getPublicKey();

???? byte ?[]?pkenc = pk.getEncoded();??

????System.out.println( " 公鑰 " );

???? for ( int ?i = 0 ;i < pkenc.length;i ++ )System.out.print(pkenc[i] + " , " );

五：JAVA程序列出密鑰庫所有條目
???

String?pass = " 123456 " ;

????FileInputStream?in = new ?FileInputStream( " .keystore " );

????KeyStore?ks = KeyStore.getInstance( " JKS " );

????ks.load(in,pass.toCharArray());

????Enumeration?e = ks.aliases();

???? while (e.hasMoreElements())

????java.security.cert.Certificate?c = ks.getCertificate((String)e.nextElement());

六：JAVA程序修改密鑰庫口令
???

String?oldpass = " 123456 " ;

????String?newpass = " 654321 " ;

????FileInputStream?in = new ?FileInputStream( " .keystore " );

????KeyStore?ks = KeyStore.getInstance( " JKS " );

????ks.load(in,oldpass.toCharArray());

????in.close();

????FileOutputStream?output = new ?FileOutputStream( " .keystore " );

????ks.store(output,newpass.toCharArray());

????output.close();

七：JAVA程序修改密鑰庫條目的口令及添加條目????

FileInputStream?in = new ?FileInputStream( " .keystore " );

????KeyStore?ks = KeyStore.getInstance( " JKS " );

????ks.load(in,storepass.toCharArray());

????Certificate?[]?cchain = ks.getCertificate(alias);獲取別名對應條目的證書鏈

????PrivateKey?pk = (PrivateKey)ks.getKey(alias,oldkeypass.toCharArray());獲取別名對應條目的私鑰

????ks.setKeyEntry(alias,pk,newkeypass.toCharArray(),cchain);向密鑰庫中添加條目

??? 第一個參數指定所添加條目的別名，假如使用已存在別名將覆蓋已存在條目，使用新別名將增加一個新條目，第二個參數為條目的私鑰，第三個為設置的新口令，第四個為該私鑰的公鑰的證書鏈
??? FileOutputStream output=new FileOutputStream("another");
??? ks.store(output,storepass.toCharArray())將keystore對象內容寫入新文件

八：JAVA程序檢驗別名和刪除條目
???

?FileInputStream?in = new ?FileInputStream( " .keystore " );

????KeyStore?ks = KeyStore.getInstance( " JKS " );

????ks.load(in,storepass.toCharArray());

????ks.containsAlias( " sage " );檢驗條目是否在密鑰庫中，存在返回true

????ks.deleteEntry( " sage " );刪除別名對應的條目

????FileOutputStream?output = new ?FileOutputStream( " .keystore " );

????ks.store(output,storepass.toCharArray())將keystore對象內容寫入文件,條目刪除成功

九：JAVA程序簽發數字證書
???（1）從密鑰庫中讀取CA的證書??????

?FileInputStream?in = new ?FileInputStream( " .keystore " );

????KeyStore?ks = KeyStore.getInstance( " JKS " );

????ks.load(in,storepass.toCharArray());

????java.security.cert.Certificate?c1 = ks.getCertificate( " caroot " );

（2）從密鑰庫中讀取CA的私鑰
????

PrivateKey?caprk = (PrivateKey)ks.getKey(alias,cakeypass.toCharArray());

?（3）從CA的證書中提取簽發者的信息???

? byte []?encod1 = c1.getEncoded();????提取CA證書的編碼

????X509CertImpl?cimp1 = new ?X509CertImpl(encod1);??用該編碼創建X509CertImpl類型對象

????X509CertInfo?cinfo1 = (X509CertInfo)cimp1.get(X509CertImpl.NAME + " . " + X509CertImpl.INFO);??獲取X509CertInfo對象

????X500Name?issuer = (X500Name)cinfo1.get(X509CertInfo.SUBJECT + " . " + CertificateIssuerName.DN_NAME);?獲取X509Name類型的簽發者信息

??? （4）獲取待簽發的證書
???

?CertificateFactory?cf = CertificateFactory.getInstance( " X.509 " );

????FileInputStream?in2 = new ?FileInputStream( " user.csr " );

????java.security.cert.Certificate?c2 = cf.generateCertificate(in);

??? （5）從待簽發的證書中提取證書信息
??

?? byte ?[]?encod2 = c2.getEncoded();

????X509CertImpl?cimp2 = new ?X509CertImpl(encod2);??用該編碼創建X509CertImpl類型對象

????X509CertInfo?cinfo2 = (X509CertInfo)cimp2.get(X509CertImpl.NAME + " . " + X509CertImpl.INFO);??獲取X509CertInfo對象

??? （6）設置新證書有效期
???

?Date?begindate = new ?Date();?獲取當前時間

????Date?enddate = new ?Date(begindate.getTime() + 3000 * 24 * 60 * 60 * 1000L );?有效期為3000天

????CertificateValidity?cv = new ?CertificateValidity(begindate,enddate);?創建對象

????cinfo2.set(X509CertInfo.VALIDITY,cv);??設置有效期

??? （7）設置新證書序列號
??

?? int ?sn = ( int )(begindate.getTime() / 1000 );????以當前時間為序列號

????CertificateSerialNumber?csn = new ?CertificateSerialNumber(sn);

????cinfo2.set(X509CertInfo.SERIAL_NUMBER,csn);

??? （8）設置新證書簽發者
??? cinfo2.set(X509CertInfo.ISSUER+"."+CertificateIssuerName.DN_NAME,issuer);應用第三步的結果
??? （9）設置新證書簽名算法信息
??? AlgorithmId algorithm=new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
??? cinfo2.set(CertificateAlgorithmId.NAME+"."+CertificateAlgorithmId.ALGORITHM,algorithm);
??? （10）創建證書并使用CA的私鑰對其簽名
??? X509CertImpl newcert=new X509CertImpl(cinfo2);
??? newcert.sign(caprk,"MD5WithRSA"); 使用CA私鑰對其簽名
??? （11）將新證書寫入密鑰庫?

???ks.setCertificateEntry( " lf_signed " ,newcert);

????FileOutputStream?out = new ?FileOutputStream( " newstore " );

????ks.store(out, " newpass " .toCharArray());??這里是寫入了新的密鑰庫，也可以使用第七條來增加條目

十：數字證書的檢驗
??? （1）驗證證書的有效期
?（a）獲取X509Certificate類型對象
?

CertificateFactory?cf = CertificateFactory.getInstance( " X.509 " );

????FileInputStream?in1 = new ?FileInputStream( " aa.crt " );

??java.security.cert.Certificate??c1 = cf.generateCertificate(in1);

?X509Certificate?t = (X509Certificate)c1;

??in2.close();

??????? （b）獲取日期
?Date TimeNow=new Date();
?（c）檢驗有效性
?

try {

????t.checkValidity(TimeNow);

???????????System.out.println( " OK " );

?} catch (CertificateExpiredException?e) {?? // 過期

????System.out.println( " Expired " );

????System.out.println(e.getMessage());

?} catch ((CertificateNotYetValidException?e) {? // 尚未生效

????System.out.println( " Too?early " );

????System.out.println(e.getMessage());}

???? （2）驗證證書簽名的有效性
?（a）獲取CA證書
???????

??CertificateFactory?cf = CertificateFactory.getInstance( " X.509 " );

?????FileInputStream?in2 = new ?FileInputStream( " caroot.crt " );

???java.security.cert.Certificate??cac = cf.generateCertificate(in2);

??in2.close();

?（c）獲取CA的公鑰
? PublicKey pbk=cac.getPublicKey();
?（b）獲取待檢驗的證書（上步已經獲取了，就是C1）
?（c）檢驗證書
????????

? boolean ?pass = false ;

????????? try {

??????c1.verify(pbk);

?????????????pass = true ;

?????????} catch (Exception?e) {

?????????????pass = false ;

?????????????System.out.println(e);

??} ?

posted on 2006-04-26 18:30 溫柔一刀閱讀(1127) 評論(0) 編輯收藏所屬分類: java相關

新用戶注冊刷新評論列表


只有注冊用戶登錄后才能發表評論。




網站導航: 博客園 IT新聞 Chat2DB C++博客博問管理
相關文章: 德比軟件(DerbySoft)誠聘java工程師（上海） jpivot中輸出pdf打印漢字、excel導出中文方法 Ant+Tomcat自動部署的小問題 FCKeditor-2.3在線編輯器，可以直接用的（java版） Eclipse快捷鍵指南 Java應用iText動態生成PDF文件將Excel文件內容寫入到數據庫 JXL操作Excel 件上傳組件commons-fileupload用戶指南隨機生成驗證碼

e代劍客——溫柔一刀

隨筆分類(78)

隨筆檔案(76)

java源碼

友情連接

開發文檔

搜索

最新評論

閱讀排行榜

評論排行榜