Java是一个面向对象的语言。对程序员来说,这意味着要注意应中的数据和操纵数据的方法(method),而不是严格地用过程来思考。以下是关于JAVA对数字证书的常用操作,欢迎大家参考!
一:需要包含的包
import rity. * ;
import . * ;
import . * ;
import rity. * ;
import . * ;
import rity.x509. *
import ificate;
import ificateFactory;
二:从文件中读取证书
用keytool将tore中的证书写入文件中,然后从该文件中读取证书信息
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in = new FileInputStream( " " );
Certificate c = rateCertificate(in);
String s = ring();
三:从密钥库中直接读取证书
String pass = " 123456 " ;
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
ificate c = ertificate(alias); // alias为条目的别名
四:JAVA程序中显示证书指定信息
tln( " 输出证书信息:n " + ring());
tln( " 版本号: " + ersion());
tln( " 序列号: " + erialNumber()ring( 16 ));
tln( " 主体名: " + ubjectDN());
tln( " 签发者: " + ssuerDN());
tln( " 有效期: " + otBefore());
tln( " 签名算法: " + igAlgName());
byte [] sig = ignature(); // 签名值
PublicKey pk = ublicKey();
byte [] pkenc = ncoded();
tln( " 公钥 " );
for ( int i = 0 ;i < th;i ++ )t(pkenc[i] + " , " );
五:JAVA程序列出密钥库所有条目
String pass = " 123456 " ;
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
Enumeration e = ses();
while (oreElements())
ificate c = ertificate((String)Element());
六:JAVA程序修改密钥库口令
String oldpass = " 123456 " ;
String newpass = " 654321 " ;
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
e();
FileOutputStream output = new FileOutputStream( " tore " );
e(output,arArray());
e();
七:JAVA程序修改密钥库条目的口令及添加条目
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
Certificate [] cchain = ertificate(alias);获取别名对应条目的证书链
PrivateKey pk = (PrivateKey)ey(alias,arArray());获取别名对应条目的私钥
eyEntry(alias,pk,arArray(),cchain);向密钥库中添加条目
第一个参数指定所添加条目的别名,假如使用已存在别名将覆盖已存在条目,使用新别名将增加一个新条目,第二个参数为条目的私钥,第三个为设置的新口令,第四个为该私钥的公钥的证书链
FileOutputStream output=new FileOutputStream("another");
e(output,arArray())将keystore对象内容写入新文件
八:JAVA程序检验别名和删除条目
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
ainsAlias( " sage " );检验条目是否在密钥库中,存在返回true
teEntry( " sage " );删除别名对应的条目
FileOutputStream output = new FileOutputStream( " tore " );
e(output,arArray())将keystore对象内容写入文件,条目删除成功
九:JAVA程序签发数字证书
(1)从密钥库中读取CA的证书
FileInputStream in = new FileInputStream( " tore " );
KeyStore ks = nstance( " JKS " );
(in,arArray());
ificate c1 = ertificate( " caroot " );
(2)从密钥库中读取CA的私钥
PrivateKey caprk = (PrivateKey)ey(alias,arArray());
(3)从CA的证书中提取签发者的信息
byte [] encod1 = ncoded(); 提取CA证书的编码
X509CertImpl cimp1 = new X509CertImpl(encod1); 用该编码创建X509CertImpl类型对象
X509CertInfo cinfo1 = (X509CertInfo)( + " . " + ); 获取X509CertInfo对象
X500Name issuer = (X500Name)(ECT + " . " + _NAME); 获取X509Name类型的'签发者信息
(4)获取待签发的证书
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in2 = new FileInputStream( " " );
ificate c2 = rateCertificate(in);
(5)从待签发的证书中提取证书信息
byte [] encod2 = ncoded();
X509CertImpl cimp2 = new X509CertImpl(encod2); 用该编码创建X509CertImpl类型对象
X509CertInfo cinfo2 = (X509CertInfo)( + " . " + ); 获取X509CertInfo对象
(6)设置新证书有效期
Date begindate = new Date(); 获取当前时间
Date enddate = new Date(ime() + 3000 * 24 * 60 * 60 * 1000L ); 有效期为3000天
CertificateValidity cv = new CertificateValidity(begindate,enddate); 创建对象
(DITY,cv); 设置有效期
(7)设置新证书序列号
int sn = ( int )(ime() / 1000 ); 以当前时间为序列号
CertificateSerialNumber csn = new CertificateSerialNumber(sn);
(AL_NUMBER,csn);
(8)设置新证书签发者
(ER+"."+_NAME,issuer);应用第三步的结果
(9)设置新证书签名算法信息
AlgorithmId algorithm=new AlgorithmId(5WithRSAEncryption_oid);
(+"."+RITHM,algorithm);
(10)创建证书并使用CA的私钥对其签名
X509CertImpl newcert=new X509CertImpl(cinfo2);
(caprk,"MD5WithRSA"); 使用CA私钥对其签名
(11)将新证书写入密钥库
ertificateEntry( " lf_signed " ,newcert);
FileOutputStream out = new FileOutputStream( " newstore " );
e(out, " newpass " arArray()); 这里是写入了新的密钥库,也可以使用第七条来增加条目
十:数字证书的检验
(1)验证证书的有效期
(a)获取X509Certificate类型对象
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in1 = new FileInputStream( " " );
ificate c1 = rateCertificate(in1);
X509Certificate t = (X509Certificate)c1;
e();
(b)获取日期
Date TimeNow=new Date();
(c)检验有效性
try {
kValidity(TimeNow);
tln( " OK " );
} catch (CertificateExpiredException e) { // 过期
tln( " Expired " );
tln(essage());
} catch ((CertificateNotYetValidException e) { // 尚未生效
tln( " Too early " );
tln(essage());}
(2)验证证书签名的有效性
(a)获取CA证书
CertificateFactory cf = nstance( " X.509 " );
FileInputStream in2 = new FileInputStream( " " );
ificate cac = rateCertificate(in2);
e();
(c)获取CA的公钥
PublicKey pbk=ublicKey();
(b)获取待检验的证书(上步已经获取了,就是C1)
(c)检验证书
boolean pass = false ;
try {
fy(pbk);
pass = true ;
} catch (Exception e) {
pass = false ;
tln(e);