java实现安全证书相关操作
https://blog.csdn.net/zhushanzhi/article/details/77864516
版权声明:本文为博主原创文章,未经博主允许不得转载。
- package test;
- import java.io.ByteArrayOutputStream;
- import java.io.File;
- import java.io.FileInputStream;
- import java.io.FileNotFoundException;
- import java.io.FileOutputStream;
- import java.io.IOException;
- import java.io.InputStream;
- import java.io.OutputStream;
- import java.io.PrintStream;
- import java.security.Key;
- import java.security.KeyPair;
- import java.security.KeyPairGenerator;
- import java.security.KeyStore;
- import java.security.Principal;
- import java.security.PrivateKey;
- import java.security.PublicKey;
- import java.security.SecureRandom;
- import java.security.Signature;
- import java.security.cert.Certificate;
- import java.security.cert.CertificateException;
- import java.security.cert.CertificateFactory;
- import java.security.cert.CertificateFactorySpi;
- import java.security.cert.X509Certificate;
- import java.util.ArrayList;
- import java.util.Calendar;
- import java.util.Collection;
- import java.util.Date;
- import java.util.Enumeration;
- import java.util.HashMap;
- import java.util.List;
- import java.util.Map;
- import java.util.regex.Matcher;
- import java.util.regex.Pattern;
- import javax.crypto.KeyGenerator;
- import javax.crypto.SecretKey;
- import javax.crypto.spec.SecretKeySpec;
- import org.junit.Test;
- import sun.misc.BASE64Decoder;
- import sun.misc.BASE64Encoder;
- import sun.security.pkcs.ContentInfo;
- import sun.security.pkcs.PKCS10;
- import sun.security.pkcs.PKCS7;
- import sun.security.tools.KeyStoreUtil;
- import sun.security.x509.AlgorithmId;
- import sun.security.x509.CertificateAlgorithmId;
- import sun.security.x509.CertificateIssuerName;
- import sun.security.x509.CertificateSerialNumber;
- import sun.security.x509.CertificateSubjectName;
- import sun.security.x509.CertificateValidity;
- import sun.security.x509.CertificateVersion;
- import sun.security.x509.CertificateX509Key;
- import sun.security.x509.X500Name;
- import sun.security.x509.X500Signer;
- import sun.security.x509.X509CertImpl;
- import sun.security.x509.X509CertInfo;
- public class ReadKeyStoreTest {
- /**
- * 列出store中所有的私钥和公钥 以及签名信息
- *
- * @param ks
- * @param storePass
- * @param priKeyPass
- * @throws Exception
- */
- private void listKeyAndCertificate(KeyStore ks, String storePass,
- String priKeyPass) throws Exception {
- System.out.println("size=" + ks.size());
- Enumeration<string> enum1 = ks.aliases();
- int i = 0;
- while (enum1.hasMoreElements()) {
- String alias = enum1.nextElement();
- System.out.println("第" + (++i) + "个");
- System.out.println("alias=" + alias);
- java.security.cert.Certificate c = ks.getCertificate(alias);// alias为条目的别名
- readX509Certificate((X509Certificate) c);
- readPriKey(ks, alias, priKeyPass);
- }
- }
- /**
- * 列出store中私钥和cert chain信息
- *
- * @param ks
- * @param alias
- * @param pass
- * @throws Exception
- */
- private void readPriKey(KeyStore ks, String alias, String pass)
- throws Exception {
- Key key = ks.getKey(alias, pass.toCharArray());
- if (null == key) {
- System.out.println("no priviate key of " + alias);
- return;
- }
- System.out.println();
- System.out.println("algorithm=" + key.getAlgorithm());
- System.out.println("format=" + key.getFormat());
- System.out.println("toString=" + key);
- readCertChain(ks, alias);
- }
- /**
- * 列出store中 cert chain信息
- *
- * @param ks
- * @param alias
- * @throws Exception
- */
- private void readCertChain(KeyStore ks, String alias) throws Exception {
- Certificate[] certChain = ks.getCertificateChain(alias);
- System.out.println("chain of " + alias);
- if (null == certChain) {
- System.out.println("no chain");
- return;
- }
- int i = 0;
- for (Certificate c : certChain) {
- System.out.println("index " + (i++) + " in chain of " + alias);
- readX509Certificate((X509Certificate) c);
- }
- }
- /**
- * 列出x509Certificate的基本信息
- *
- * @param t
- */
- private void readX509Certificate(X509Certificate t) {
- System.out.println(t);
- System.out.println("输出证书信息:\n" + t.toString());
- System.out.println("版本号:" + t.getVersion());
- System.out.println("序列号:" + t.getSerialNumber().toString(16));
- System.out.println("主体名:" + t.getSubjectDN());
- System.out.println("签发者:" + t.getIssuerDN());
- System.out.println("有效期:" + t.getNotBefore());
- System.out.println("签名算法:" + t.getSigAlgName());
- byte[] sig = t.getSignature();// 签名值
- PublicKey pk = t.getPublicKey();
- byte[] pkenc = pk.getEncoded();
- System.out.println("签名 :");
- for (int i = 0; i < sig.length; i++)
- System.out.print(sig[i] + ",");
- System.out.println();
- System.out.println("公钥: ");
- for (int i = 0; i < pkenc.length; i++)
- System.out.print(pkenc[i] + ",");
- System.out.println();
- }
- /**
- * 创建一个新的keystore
- *
- * @param storePass
- * @param storeType
- * PKCS12/JKS
- * @return
- * @throws Exception
- */
- private KeyStore createKeyStore(String storePass, String storeType)
- throws Exception {
- KeyStore ks = KeyStore.getInstance(storeType);
- ks.load(null, storePass.toCharArray());
- return ks;
- }
- /**
- * 加载一个已有的keyStore
- *
- * @param path
- * @param storePass
- * @param storeType
- * PKCS12/JKS
- * @return
- * @throws Exception
- */
- private KeyStore loadKeyStore(String path, String storePass,
- String storeType) throws Exception {
- FileInputStream in = new FileInputStream(path);
- KeyStore ks = KeyStore.getInstance(storeType);
- ks.load(in, storePass.toCharArray());
- in.close();
- return ks;
- }
- /**
- * 从文件加载一个证书
- *
- * @param path
- * @param certType
- * @return
- * @throws Exception
- */
- private Certificate loadCert(String path, String certType) throws Exception {
- CertificateFactory cf = CertificateFactory.getInstance(certType);
- FileInputStream in = new FileInputStream(path);
- Certificate c = cf.generateCertificate(in);
- in.close();
- return c;
- }
- /**
- * 生成一个由根证书签名的store
- *
- * @param rootStore
- * @param rootAlias
- * @param rootKeyPass
- * @param subjectStr
- * @param storeType
- * @param storePass
- * @param alg
- * @param keySize
- * @param keyPass
- * @return
- * @throws Exception
- */
- public KeyStore generateSignedKeyStore(KeyStore rootStore,
- String rootAlias, String rootKeyPass, String subjectStr,
- String storeType, String storePass, String alias, String alg,
- int keySize, String keyPass) throws Exception {
- PrivateKey rootKey = null;
- X509CertImpl rootCert = null;
- X509CertInfo rootInfo = null;
- CertificateSubjectName rootsubject = null;
- // 签发者
- X500Name issueX500Name = new X500Name(subjectStr);
- if (null != rootStore) {
- rootKey = (PrivateKey) rootStore.getKey(rootAlias,
- rootKeyPass.toCharArray());
- rootCert = (X509CertImpl) rootStore.getCertificate(rootAlias);
- rootInfo = (X509CertInfo) rootCert.get(X509CertImpl.NAME + "."
- + X509CertImpl.INFO);
- rootsubject = (CertificateSubjectName) rootInfo
- .get(X509CertInfo.SUBJECT);
- issueX500Name = (X500Name) rootsubject
- .get(CertificateIssuerName.DN_NAME);
- }
- // 签发者
- CertificateIssuerName issuerName = new CertificateIssuerName(
- issueX500Name);
- // 被签发者
- X500Name subjectX500Name = new X500Name(subjectStr);
- CertificateSubjectName subjectName = new CertificateSubjectName(
- subjectX500Name);
- // 有效期设置
- Calendar calendar = Calendar.getInstance();
- Date startDate = calendar.getTime();
- calendar.add(Calendar.DATE, 85);
- Date endDate = calendar.getTime();
- CertificateValidity certificateValidity = new CertificateValidity(
- startDate, endDate);
- // 序列号
- CertificateSerialNumber sn = new CertificateSerialNumber(
- (int) (startDate.getTime() / 1000L));
- // 版本
- CertificateVersion certVersion = new CertificateVersion(
- CertificateVersion.V3);
- // 算法
- // TODO 获取算法的代码有问题
- AlgorithmId algorithmId = new AlgorithmId(
- "RSA".equals(alg) ? AlgorithmId.sha1WithRSAEncryption_oid
- : AlgorithmId.sha1WithDSA_oid);
- // 密钥对
- KeyPairGenerator keygen = KeyPairGenerator.getInstance(alg);
- keygen.initialize(keySize, new SecureRandom());
- KeyPair kp = keygen.genKeyPair();
- X509CertInfo certInfo = new X509CertInfo();
- certInfo.set("version", certVersion);
- certInfo.set("serialNumber", sn);
- // localX500Signer.getAlgorithmId();
- certInfo.set("algorithmID", new CertificateAlgorithmId(algorithmId));
- certInfo.set("key", new CertificateX509Key(kp.getPublic()));
- certInfo.set("validity", certificateValidity);
- certInfo.set("subject", subjectName);
- certInfo.set("issuer", issuerName);
- // 扩展信息
- // if (System.getProperty("sun.security.internal.keytool.skid") !=
- // null)
- // {
- // CertificateExtensions localCertificateExtensions = new
- // CertificateExtensions();
- // localCertificateExtensions.set("SubjectKeyIdentifier", new
- // SubjectKeyIdentifierExtension(new
- // KeyIdentifier(this.publicKey).getIdentifier()));
- // certInfo.set("extensions", localCertificateExtensions);
- // }
- X509CertImpl newcert = new X509CertImpl(certInfo);
- // TODO 这里的签名算法可能有问题 貌似应该用rootcert的签名算法 待测试
- KeyStore ks = this.createKeyStore(storePass, storeType);
- Certificate[] certChain = null;
- // 如果rootStore为空 则生成自签名证书
- if (null == rootStore) {
- newcert.sign(kp.getPrivate(), "SHA1WithRSA");
- certChain = new Certificate[] { newcert };
- } else {
- newcert.sign(rootKey, "SHA1WithRSA");
- certChain = new Certificate[] { newcert, rootCert };
- }
- // ks.setCertificateEntry("zrbin", newcert);
- ks.setKeyEntry(alias, kp.getPrivate(), keyPass.toCharArray(), certChain);
- return ks;
- }
- @Test
- public void testReadCer() throws Exception {
- String path = "d:\\test.cer";
- String certType = "X.509";
- CertificateFactory cf = CertificateFactory.getInstance(certType);
- FileInputStream in = new FileInputStream(path);
- Collection<certificate> cs = (Collection<certificate>) cf
- .generateCertificates(in);
- in.close();
- System.out.println("size=" + cs.size());
- for (Certificate c : cs) {
- readX509Certificate((X509Certificate) c);
- }
- }
- @Test
- public void testReadP12() throws Exception {
- String storePass = "123456";
- String keyPass = "123456";
- String path = "d:\\zrbin.p12";
- KeyStore ks = loadKeyStore(path, storePass, "PKCS12");
- listKeyAndCertificate(ks, storePass, keyPass);
- }
- @Test
- public void testReadKeyStore() throws Exception {
- String storePass = "123456";
- String keyPass = "123456";
- String path = "d:\\test.keystore";
- KeyStore ks = loadKeyStore(path, storePass, "JCEKS");
- listKeyAndCertificate(ks, storePass, keyPass);
- }
- @Test
- public void testExportCert() throws FileNotFoundException, Exception {
- String pass = "123456";
- FileInputStream in = new FileInputStream("d:\\zrbin.p12");
- boolean rfc = true;
- KeyStore ks = KeyStore.getInstance("PKCS12");
- ks.load(in, pass.toCharArray());
- Certificate cert = ks.getCertificate("zrbin");
- PrintStream out = new PrintStream("D:\\zrbin.cer");
- if (rfc) {
- BASE64Encoder encoder = new BASE64Encoder();
- out.println("-----BEGIN CERTIFICATE-----");
- encoder.encodeBuffer(cert.getEncoded(),
- out);
- out.println("-----END CERTIFICATE-----");
- } else {
- out.write(cert.getEncoded());
- }
- out.write(cert.getEncoded());
- }
- @Test
- public void testImportCert() throws Exception {
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- FileInputStream storeIn = new FileInputStream("d:\\server.keystore");
- FileInputStream in = new FileInputStream("d:\\zrbin.cer");
- FileInputStream rootin = new FileInputStream("d:\\root.cer");
- X509CertImpl cert = (X509CertImpl) cf.generateCertificate(in);
- X509CertImpl rootcert = (X509CertImpl) cf.generateCertificate(rootin);
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(null, "123456".toCharArray());
- ks.deleteEntry("zrbin");
- // ks.setCertificateEntry("zrbin", cert);
- ks.setCertificateEntry("root", rootcert);
- in.close();
- FileOutputStream out = new FileOutputStream("d:\\server.keystore");
- ks.store(out, "123456".toCharArray());
- }
- @Test
- public void testImportSigenedCert() throws Exception {
- String alias = "test";
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- FileInputStream storeIn = new FileInputStream("d:\\test.keystore");
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(storeIn, "123456".toCharArray());
- PrivateKey priKey = (PrivateKey) ks.getKey(alias,
- "123456".toCharArray());
- FileInputStream in = new FileInputStream("d:\\test.cer");
- Collection<certificate> certCollection = (Collection<certificate>) cf
- .generateCertificates(in);
- System.out.println(certCollection.size());
- if (certCollection.size() == 0) {
- System.out.println("没有要导入的证书");
- return;
- }
- // 如果没有对应的私钥,直接导入certficateEntry
- if (null == priKey) {
- for (Certificate _cert : certCollection) {
- ks.setCertificateEntry(alias, _cert);
- break;
- }
- } else {
- Certificate importCert = null;
- for (Certificate cert : certCollection) {
- if (ks.getCertificate(alias).getPublicKey()
- .equals(cert.getPublicKey())) {
- importCert = cert;
- break;
- }
- }
- if (null == importCert) {
- System.out.println("错误:no replay cert");
- }
- certCollection.remove(importCert);
- if (X509CertImpl.isSelfSigned((X509Certificate) importCert, null)) {
- System.out.println("证书未被ca签名,无需导入");
- } else {
- // 构建认证链
- List<certificate> certList = new ArrayList<certificate>(
- ks.size());
- Map<principal certificate=""> cerMap = new HashMap<principal certificate="">();
- Enumeration<string> aliasEnum = ks.aliases();
- // 把不包括当前回复的都加到map里
- while (aliasEnum.hasMoreElements()) {
- String _alias = aliasEnum.nextElement();
- if (!_alias.equals(alias)) {
- X509CertImpl _cert = (X509CertImpl) ks
- .getCertificate(_alias);
- cerMap.put(_cert.getSubjectDN(), _cert);
- }
- }
- for (Certificate cert : certCollection) {
- cerMap.put(((X509Certificate) cert).getSubjectDN(), cert);
- }
- certList.add(importCert);
- Principal issuerName = ((X509Certificate) importCert)
- .getIssuerDN();
- while (cerMap.keySet().contains(issuerName)) {
- X509Certificate _rootCert = (X509Certificate) cerMap
- .remove(issuerName);
- if (null == _rootCert) {
- System.out.println(issuerName + "的根证书为空");
- return;
- }
- certList.add(_rootCert);
- issuerName = _rootCert.getIssuerDN();
- }
- X509CertImpl rootCert = (X509CertImpl) certList.get(certList
- .size() - 1);
- if (!X509CertImpl.isSelfSigned(rootCert, null)) {
- System.out.println("构建证书链错误,请先导入颁发者(" + issuerName
- + ")的CA证书");
- return;
- }
- Certificate[] certChain = certList
- .toArray(new Certificate[certList.size()]);
- ks.setKeyEntry(alias, priKey, "123456".toCharArray(), certChain);
- }
- }
- in.close();
- FileOutputStream out = new FileOutputStream("d:\\test.keystore");
- ks.store(out, "123456".toCharArray());
- out.close();
- }
- @Test
- public void testGenerateKeyStore() throws Exception {
- KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA");
- KeyPair kp = kg.genKeyPair();
- System.out.println(KeyStoreUtil.niceStoreTypeName("PKCS12"));
- System.out.println(kp.getPrivate());
- System.out.println(kp.getPublic());
- KeyStore ks = KeyStore.getInstance("JKS");
- }
- @Test
- public void testX500Name() throws IOException, CertificateException {
- // for(byte i=48;i<=57;i++){
- // System.out.println((char)i);
- // }
- // RFC 1779 (CN, L, ST, O, OU, C, STREET)
- // RFC 2253 (CN/name, L/location, ST/station, O/org, OU/orgunit,
- // C/country, STREET, DC, UID)
- X500Name subjectName = new X500Name(
- "CN=www.jiangtech.com,L=ZuChongZhi road,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road");
- X500Name subjectName1 = new X500Name(
- "CN=www.jiangtech.com,L=ZuChongZhi road,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road");
- // X509CertInfo certInfo = new X509CertInfo();
- // certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- // subjectName));
- System.out.println(subjectName.hashCode());
- System.out.println(subjectName1.hashCode());
- }
- /**
- * 证书验证
- *
- * @throws Exception
- */
- @Test
- public void testValidate() throws Exception {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
- // kpg.initialize()
- KeyPair kp = kpg.genKeyPair();
- KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456",
- "JKS");
- PrivateKey rootKey = (PrivateKey) rootStore.getKey("jdcert",
- "123456".toCharArray());
- KeyStore store1 = this.loadKeyStore("d:/jd_signed.keystore", "123456",
- "JKS");
- X509CertImpl rootCert = (X509CertImpl) rootStore
- .getCertificate("jdcert");
- X509CertInfo rootInfo = (X509CertInfo) rootCert.get(X509CertImpl.NAME
- + "." + X509CertImpl.INFO);
- CertificateSubjectName rootsubject = (CertificateSubjectName) rootInfo
- .get(X509CertInfo.SUBJECT);
- Certificate[] chain = rootStore.getCertificateChain("jdcert");
- rootCert.verify(kp.getPublic());
- }
- /**
- * 测试签发证书
- */
- @Test
- public void testGenerateSignedKeyStore() {
- try {
- KeyStore rootStore = this.loadKeyStore("d:/root.keystore",
- "123456", "JKS");
- String rootAlias = "test";
- String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road";
- String alg = "RSA";
- String storeType = "JKS";
- int keySize = 1024;
- String keyPass = "123456";
- String rootKeyPass = "123456";
- String storePass = "123456";
- String alias = "test";
- KeyStore ks = this.generateSignedKeyStore(null, rootAlias,
- rootKeyPass, subjectStr, storeType, storePass, alias, alg,
- keySize, keyPass);
- OutputStream out = new FileOutputStream(
- new File("d:/test.keystore"));
- ks.store(out, "123456".toCharArray());
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- /**
- * 测试签发证书
- */
- @Test
- public void testGenerateSecKeyStore() {
- try {
- String rootAlias = "test";
- String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road";
- String alg = "DES";
- String storeType = "JKS";
- int keySize = 1024;
- String keyPass = "123456";
- String rootKeyPass = "123456";
- String storePass = "123456";
- String alias = "test";
- KeyStore ks = this.createKeyStore("123456", "JCEKS");
- KeyGenerator keygen = KeyGenerator.getInstance("DES");
- SecretKey secKey = keygen.generateKey();
- ks.setKeyEntry(alias, secKey, "123456".toCharArray(),null);
- OutputStream out = new FileOutputStream(
- new File("d:/test.keystore"));
- ks.store(out, "123456".toCharArray());
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- @Test
- /**
- * 关于p7b的操作 未实现
- */
- public void testGeneratePKCS7KeyStore() {
- try {
- /*ContentInfo info = new ContentInfo(arg0);
- //PKCS7 pkcs7 = new PKCS7()
- String rootAlias = "test";
- String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road";
- String alg = "DES";
- String storeType = "JKS";
- int keySize = 1024;
- String keyPass = "123456";
- String rootKeyPass = "123456";
- String storePass = "123456";
- String alias = "test";
- KeyStore ks = this.createKeyStore("123456", "PKCS7");
- KeyGenerator keygen = KeyGenerator.getInstance("RSA");
- //SecretKey secKey = keygen.generateKey();
- //ks.setKeyEntry(alias, secKey, "123456".toCharArray(),null);
- OutputStream out = new FileOutputStream(
- new File("d:/test.keystore"));
- ks.store(out, "123456".toCharArray());*/
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- @Test
- public void testReadJCEKS() throws Exception{
- KeyStore ks = this.loadKeyStore("D:/test.keystore","123456", "JCEKS");
- Enumeration<string> aliasEnum = ks.aliases();
- while(aliasEnum.hasMoreElements()){
- String alias = aliasEnum.nextElement();
- SecretKeySpec secKey = (SecretKeySpec) ks.getKey(alias, "123456".toCharArray());
- System.out.println(ks.getCertificate(alias));
- //System.out.println(ks.);
- System.out.println(secKey.getClass());
- System.out.println(secKey.getFormat());
- System.out.println(secKey.getEncoded());
- }
- }
- public PKCS10 readCsr() throws Exception {
- File f = new File("D:/test.csr");
- InputStream in = new FileInputStream(f);
- ByteArrayOutputStream out = new ByteArrayOutputStream(1024);
- byte[] bytes = new byte[(int) f.length()];
- in.read(bytes);
- String base64String = new String(bytes, "ISO-8859-1");
- System.out.println(base64String);
- Pattern p = Pattern
- .compile("-----BEGIN NEW CERTIFICATE REQUEST-----([\\s\\S]*?)-----END NEW CERTIFICATE REQUEST-----([\\s\\S]*)");
- BASE64Decoder decoder = new BASE64Decoder();
- Matcher m = p.matcher(base64String);
- if (m.find()) {
- String s = m.group(1);
- System.out.println(s.trim());
- byte[] bArray = decoder.decodeBuffer(s);
- PKCS10 csr = new PKCS10(bArray);
- System.out.println(csr);
- return csr;
- }
- throw new Exception("文件错误 ,无法读取csr");
- }
- @Test
- public void testReadCsr() throws Exception {
- PKCS10 csr = readCsr();
- }
- @Test
- public void createCsr() throws Exception {
- String storePass = "123456";
- String alias = "test";
- String alg = null;
- KeyStore ks = this.loadKeyStore("d:/test.keystore", storePass, "JKS");
- Certificate cert = ks.getCertificate(alias);
- PrivateKey priKey = (PrivateKey) ks.getKey(alias,
- "123456".toCharArray());
- PublicKey pubKey = cert.getPublicKey();
- PKCS10 csr = new PKCS10(pubKey);
- String signAlg = null;
- if (alg == null) {
- alg = priKey.getAlgorithm();
- if (("DSA".equalsIgnoreCase(alg)) || ("DSS".equalsIgnoreCase(alg)))
- signAlg = "SHA1WithDSA";
- else if ("RSA".equalsIgnoreCase((String) alg))
- signAlg = "SHA1WithRSA";
- else
- throw new Exception("Cannot derive signature algorithm");
- }
- Signature signature = Signature.getInstance(signAlg);
- signature.initSign(priKey);
- X500Name x500Name = new X500Name(((X509Certificate) cert)
- .getSubjectDN().toString());
- X500Signer x500Signer = new X500Signer(signature, x500Name);
- ((PKCS10) csr).encodeAndSign(x500Signer);
- File f = new File("D:/test.csr");
- if (f.exists()) {
- f.delete();
- }
- ((PKCS10) csr).print(new PrintStream(new File("D:/test.csr")));
- }
- /**
- * 签名
- *
- * @throws Exception
- */
- @Test
- public void testSignature() throws Exception {
- KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456",
- "JKS");
- PrivateKey rootKey = (PrivateKey) rootStore.getKey("root",
- "123456".toCharArray());
- X509CertImpl rootX509Cert = (X509CertImpl) rootStore
- .getCertificate("root");
- X500Name issuerX500Name = (X500Name) rootX509Cert.get(X509CertImpl.NAME
- + "." + X509CertImpl.INFO + "." + X509CertInfo.SUBJECT + "."
- + CertificateSubjectName.DN_NAME);
- // 有效期设置
- Calendar calendar = Calendar.getInstance();
- Date startDate = calendar.getTime();
- calendar.add(Calendar.DATE, 85);
- Date endDate = calendar.getTime();
- CertificateValidity certificateValidity = new CertificateValidity(
- startDate, endDate);
- // 序列号
- CertificateSerialNumber sn = new CertificateSerialNumber(
- (int) (startDate.getTime() / 1000L));
- PKCS10 csr = this.readCsr();
- PublicKey pubKey = csr.getSubjectPublicKeyInfo();
- X500Name subjectX500Name = csr.getSubjectName();
- // TODO 未实现
- Signature signature = Signature.getInstance("Sha1WithRSA");
- X500Signer signer = new X500Signer(signature, subjectX500Name);
- AlgorithmId algorithmId = signer.getAlgorithmId();
- X509CertInfo info = new X509CertInfo();
- info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
- algorithmId));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- subjectX500Name));
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerX500Name));
- info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));
- info.set(X509CertInfo.VERSION, new CertificateVersion(
- CertificateVersion.V3));
- info.set(X509CertInfo.VALIDITY, certificateValidity);
- info.set(X509CertInfo.SERIAL_NUMBER, sn);
- X509CertImpl newCert = new X509CertImpl(info);
- newCert.sign(rootKey, "SHA1WithRSA");
- OutputStream out = new FileOutputStream("d:/test.cer");
- out.write(newCert.getEncoded());
- out.write(rootX509Cert.getEncoded());
- out.close();
- }
- }
java实现安全证书相关操作的更多相关文章
- java 线程 原子类相关操作演示样例 thinking in java4 文件夹21.3.4
java 线程 原子类相关操作演示样例 package org.rui.thread.volatiles; import java.util.Timer; import java.util.Time ...
- 数据结构Java实现04---树及其相关操作
首先什么是树结构? 树是一种描述非线性层次关系的数据结构,树是n个数据结点的集合,这些集结点包含一个根节点,根节点下有着互相不交叉的子集合,这些子集合便是根节点的子树. 树的特点 在一个树结构中,有且 ...
- java 的Date 日期相关操作
String 与 Date互转(1)基于SimpleDateFormat实现: package com.bky.df; import java.text.ParseException; import ...
- BizTalk证书相关操作
OPEN SSL 神技能 从PFX文件中导出私钥 openssl pkcs12 -in Cert.pfx -nocerts -nodes -out private_pc.key 从PFX文件中导出CS ...
- openssl和Java的keytool证书相关的命令总结
Java的keytool keytool -genkey -alias myserver -keyalg RSA -keysize -keystore oauth-server.keystore -v ...
- java实现二叉树的相关操作
import java.util.ArrayDeque; import java.util.Queue; public class CreateTree { /** * @param args */ ...
- POI开发:Java中的Excel相关操作
一.Apache POI 1.简介: Apache POI支持大多数中小规模的应用程序开发,提供API给Java程序对Microsoft Office格式档案读和写的功能,呈现和文本提取是它的主要特点 ...
- elasticsearch Java High Level REST 相关操作封装
pox.xml文件添加以下内容 <dependency> <groupId>org.elasticsearch.client</groupId> <artif ...
- java关于时间的相关操作
/** * 获取当天时间零点 * @return */ public Date gettoday(){ SimpleDateFormat sdf = new SimpleDateFormat(&quo ...
随机推荐
- mysql 根据一张表更新另一张表
between 是>= and <=,即包含两个边界
- 【胡思乱想】命令模式 与 Thread Runnable
实现线程任务有两种方式,一种是创建Runnable/Callable对象,传递给Thread.另一种是子类重写Thread的run方法. 我觉得前一种像极了命令模式,或者说应该是命令模式的一个使用案例 ...
- 解析Resources.arsc
一.前言 对于APK里面的Resources.arsc文件大家应该都知道是干什么的(不知道的请看我的另一篇文章Android应用程序资源文件的编译和打包原理),它实际上就是App的资源索引表.下面我会 ...
- web api中访问数据库的内存释放问题
在使用web api开发微信后台的时候,本来想像MVC一样在controller中申明dbcontext全局变量,其它地方直接使用就可以了,结果调试过程中发现使用dbcontext访问数据库并获取qu ...
- 读jQuery源码释疑笔记2
本释疑笔记是针对自己在看源码的过程中遇到的一些问题的解答,对大众可能不具有参考性,不过可以看看有没有你也不懂得地方,相互学习,相互进步. 1.函数init <div id="one&q ...
- DataGridView列标题(列标头)不能居中的解决方法
winform DataGridView列标题(列标头)不能完全居中的解决方法,一般列标题的居中我们都使用 DgvDemo.ColumnHeadersDefaultCellStyle.Alignmen ...
- 爬虫、网页分析解析辅助工具 Xpath-helper
每一个写爬虫.或者是做网页分析的人,相信都会因为在定位.获取xpath路径上花费大量的时间,甚至有时候当爬虫框架成熟之后,基本上主要的时间都花费在了页面的解析上.在没有这些辅助工具的日子里,我们只能通 ...
- winform窗体 控件 【ListView】
ListView 表格试图 1.设置视图属性 Details 试图可见 2.设置列 Columns集合 编辑列—— 添加列,修改列名 3.添加行数据 Items 集 ...
- 【14】代理模式(Proxy Pattern)
一.引言 在软件开发过程中,有些对象有时候会由于网络或其他的障碍,以至于不能够或者不能直接访问到这些对象,如果直接访问对象给系统带来不必要的复杂性.这时候可以在客户端和目标对象之间增加一层中间层,让代 ...
- 【 js 基础 】【读书笔记】Javascript “继承”
是时候写一写 “继承”了,为什么加引号,因为当你阅读完这篇文章,你会知道,说是 继承 其实是不准确的. 一.类1.传统的面向类的语言中的类:类/继承 描述了一种代码的组织结构形式.举个例子:“汽车”可 ...