用java提供的api实现从证书文件(本实例实验对象为*.cer文件)中获取有效信息的方法.. public static X509Certificate getCert(String fileName) throws Exception {//从一个有效的证书文件来创建证书.. InputStream inStream = new FileInputStream(fileName); CertificateFactory cf = CertificateFactory.getInstance("X.509");//用证书工厂来创建证书.. X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); inStream.close(); return cert; } public static void showCert( X509Certificate cert ) {//输出证书的各项信息.. System.out.println("Version: " + cert.getVersion());//证书版本.. System.out.println("SerialNumber: " + cert.getSerialNumber().toString(16) );//证书序列号.. System.out.println("SignatureAlgorithm: " + cert.getSigAlgName());//证书签名算法.. X500Principal principal = cert.getIssuerX500Principal(); System.out.println("IssuerName: /n" + principal.getName(X500Principal.RFC1779));//证书颁发者 //System.out.println(principal.hashCode()); GregorianCalendar gcal = new GregorianCalendar(); System.out.print("ValidityFrom: "); gcal.setTime(cert.getNotBefore());//证书有效期从.. System.out.println(gcal.get(GregorianCalendar.YEAR)+"/"+gcal.get(GregorianCalendar.MONTH)+"/"+gcal.get(GregorianCalendar.DAY_OF_MONTH)+" "+gcal.get(GregorianCalendar.HOUR_OF_DAY)+":"+gcal.get(GregorianCalendar.MINUTE)+":"+gcal.get(GregorianCalendar.SECOND)); System.out.print("ValidityTo: "); gcal.setTime(cert.getNotAfter());//证书有效期到.. System.out.println(gcal.get(GregorianCalendar.YEAR)+"/"+gcal.get(GregorianCalendar.MONTH)+"/"+gcal.get(GregorianCalendar.DAY_OF_MONTH)+" "+gcal.get(GregorianCalendar.HOUR_OF_DAY)+":"+gcal.get(GregorianCalendar.MINUTE)+":"+gcal.get(GregorianCalendar.SECOND)); principal = cert.getSubjectX500Principal(); System.out.println("SubjectName: /n" + principal.getName(X500Principal.RFC1779));//证书使用者 PublicKey pkey = cert.getPublicKey();//获得公钥 System.out.println("PublicKeyAlgorithm: " + pkey.getAlgorithm() );//公钥算法 System.out.println("PublicKeyCode: " + pkey.getFormat());//公钥格式 byte[] pkeycode = pkey.getEncoded();//公钥的标准编码形式.. //System.out.println(pkeycode.length); /* * Maybe the First 22 bytes are Algorithm info.. * The rest 160 - 22 = 138 bytes are as same as those in Win7 Cert View.. */ for ( int i = 22; i < pkeycode.length; i++ ) { System.out.print(Integer.toHexString( pkeycode[i] & 0XFF)); System.out.print(" "); } System.out.println(""); GregorianCalendar exdate = new GregorianCalendar();; System.out.println(exdate.get(GregorianCalendar.YEAR)); Date date = (exdate.getTime()); try {//检测证书是否有效 cert.checkValidity(date); } catch ( CertificateExpiredException e ){//证书已经过期 System.out.println("Expired"); System.out.println(e.getMessage()); } catch ( CertificateNotYetValidException e ) {//证书还未生效 System.out.println("Too early"); System.out.println(e.getMessage()); } } 以上..下一步是要学习下如何创建.存储证书以及密钥的管理等...