Java是一個面向物件的語言。對程式設計師來說,這意味著要注意應中的資料和操縱資料的方法(method),而不是嚴格地用過程來思考。以下是關於JAVA對數字證書的常用操作,歡迎大家參考!
一:需要包含的包
import rity. * ;
import . * ;
import . * ;
import rity. * ;
import . * ;
import rity.x509. *
import ificate;
import ificateFactory;
二:從檔案中讀取證書
用keytool將tore中的證書寫入檔案中,然後從該檔案中讀取證書資訊
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in = new FileInputStream( " " );
Certificate c = rateCertificate(in);
String s = ring();
三:從金鑰庫中直接讀取證書
String pass = " 123456 " ;
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
ificate c = ertificate(alias); // alias為條目的別名
四:JAVA程式中顯示證書指定資訊
tln( " 輸出證書資訊:n " + ring());
tln( " 版本號: " + ersion());
tln( " 序列號: " + erialNumber()ring( 16 ));
tln( " 主體名: " + ubjectDN());
tln( " 簽發者: " + ssuerDN());
tln( " 有效期: " + otBefore());
tln( " 簽名演算法: " + igAlgName());
byte [] sig = ignature(); // 簽名值
PublicKey pk = ublicKey();
byte [] pkenc = ncoded();
tln( " 公鑰 " );
for ( int i = 0 ;i < th;i ++ )t(pkenc[i] + " , " );
五:JAVA程式列出金鑰庫所有條目
String pass = " 123456 " ;
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
Enumeration e = ses();
while (oreElements())
ificate c = ertificate((String)Element());
六:JAVA程式修改金鑰庫口令
String oldpass = " 123456 " ;
String newpass = " 654321 " ;
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
e();
FileOutputStream output = new FileOutputStream( " tore " );
e(output,arArray());
e();
七:JAVA程式修改金鑰庫條目的口令及新增條目
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
Certificate [] cchain = ertificate(alias);獲取別名對應條目的證書鏈
PrivateKey pk = (PrivateKey)ey(alias,arArray());獲取別名對應條目的私鑰
eyEntry(alias,pk,arArray(),cchain);向金鑰庫中新增條目
第一個引數指定所新增條目的別名,假如使用已存在別名將覆蓋已存在條目,使用新別名將增加一個新條目,第二個引數為條目的私鑰,第三個為設定的新口令,第四個為該私鑰的公鑰的證書鏈
FileOutputStream output=new FileOutputStream("another");
e(output,arArray())將keystore物件內容寫入新檔案
八:JAVA程式檢驗別名和刪除條目
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
ainsAlias( " sage " );檢驗條目是否在金鑰庫中,存在返回true
teEntry( " sage " );刪除別名對應的條目
FileOutputStream output = new FileOutputStream( " tore " );
e(output,arArray())將keystore物件內容寫入檔案,條目刪除成功
九:JAVA程式簽發數字證書
(1)從金鑰庫中讀取CA的證書
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
ificate c1 = ertificate( " caroot " );
(2)從金鑰庫中讀取CA的私鑰
PrivateKey caprk = (PrivateKey)ey(alias,arArray());
(3)從CA的證書中提取簽發者的資訊
byte [] encod1 = ncoded(); 提取CA證書的編碼
X509CertImpl cimp1 = new X509CertImpl(encod1); 用該編碼建立X509CertImpl型別物件
X509CertInfo cinfo1 = (X509CertInfo)( + " . " + ); 獲取X509CertInfo物件
X500Name issuer = (X500Name)(ECT + " . " + _NAME); 獲取X509Name型別的'簽發者資訊
(4)獲取待簽發的證書
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in2 = new FileInputStream( " " );
ificate c2 = rateCertificate(in);
(5)從待簽發的證書中提取證書資訊
byte [] encod2 = ncoded();
X509CertImpl cimp2 = new X509CertImpl(encod2); 用該編碼建立X509CertImpl型別物件
X509CertInfo cinfo2 = (X509CertInfo)( + " . " + ); 獲取X509CertInfo物件
(6)設定新證書有效期
Date begindate = new Date(); 獲取當前時間
Date enddate = new Date(ime() + 3000 * 24 * 60 * 60 * 1000L ); 有效期為3000天
CertificateValidity cv = new CertificateValidity(begindate,enddate); 建立物件
(DITY,cv); 設定有效期
(7)設定新證書序列號
int sn = ( int )(ime() / 1000 ); 以當前時間為序列號
CertificateSerialNumber csn = new CertificateSerialNumber(sn);
(AL_NUMBER,csn);
(8)設定新證書籤發者
(ER+"."+_NAME,issuer);應用第三步的結果
(9)設定新證書籤名演算法資訊
AlgorithmId algorithm=new AlgorithmId(5WithRSAEncryption_oid);
(+"."+RITHM,algorithm);
(10)建立證書並使用CA的私鑰對其簽名
X509CertImpl newcert=new X509CertImpl(cinfo2);
(caprk,"MD5WithRSA"); 使用CA私鑰對其簽名
(11)將新證書寫入金鑰庫
ertificateEntry( " lf_signed " ,newcert);
FileOutputStream out = new FileOutputStream( " newstore " );
e(out, " newpass " arArray()); 這裡是寫入了新的金鑰庫,也可以使用第七條來增加條目
十:數字證書的檢驗
(1)驗證證書的有效期
(a)獲取X509Certificate型別物件
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in1 = new FileInputStream( " " );
ificate c1 = rateCertificate(in1);
X509Certificate t = (X509Certificate)c1;
e();
(b)獲取日期
Date TimeNow=new Date();
(c)檢驗有效性
try {
kValidity(TimeNow);
tln( " OK " );
} catch (CertificateExpiredException e) { // 過期
tln( " Expired " );
tln(essage());
} catch ((CertificateNotYetValidException e) { // 尚未生效
tln( " Too early " );
tln(essage());}
(2)驗證證書籤名的有效性
(a)獲取CA證書
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in2 = new FileInputStream( " " );
ificate cac = rateCertificate(in2);
e();
(c)獲取CA的公鑰
PublicKey pbk=ublicKey();
(b)獲取待檢驗的證書(上步已經獲取了,就是C1)
(c)檢驗證書
boolean pass = false ;
try {
fy(pbk);
pass = true ;
} catch (Exception e) {
pass = false ;
tln(e);