package com.security;
import java.security.*;
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.cert.*;
import sun.security.x509.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
public class Test
{
/**
* @param args
*/
public static void main(String[] args)
{
// TODO Auto-generated method stub
Test t = new Test();
//t.createCert("qihongce", "qihongce");
//t.show();
t.method1();
}
public void createCert(String username, String password)
{
//默认情况下MyKeyStore.keystore密码为WorldHello 密钥库密码为KeytoolHello123
String name = "e:/qhc/tools/MyKeyStore.keystore";
String certPass = "KeytoolHello123";//WorldHello
String pass = "WorldHello";//KeytoolHello123
// 根证书
String alias = "HelloKeytool";
// String name = "e:/qhc/tools/MyKeyStoreQHCTest.keystore";
// String pass = "qihongce";
// String certPass = "qihongce";
// // 根证书
// String alias = "QHCKeytool";
String newCert = username + password;
System.out.println(newCert);
try
{
// 载入证书库
FileInputStream in = new FileInputStream(name);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, pass.toCharArray());
// 得到签发者
Certificate c = (Certificate) ks.getCertificate(alias);
byte[] encode1 = ((Certificate) c).getEncoded();
X509CertImpl cimp1 = new X509CertImpl(encode1);
X509CertInfo cinfo1 = (X509CertInfo) cimp1.get(X509CertImpl.NAME
+ "." + X509CertImpl.INFO);
X500Name issuer = (X500Name) cinfo1.get(X509CertInfo.SUBJECT + "."
+ CertificateIssuerName.DN_NAME);
PrivateKey pk = (PrivateKey) ks.getKey(alias, certPass
.toCharArray());
// PublicKey pubk = (PublicKey) ks.getKey(alias, certPass.toCharArray());
System.out.println("私钥: " + pk.getEncoded().toString());
Calendar calendar = Calendar.getInstance();
Date begindate = calendar.getTime();
calendar.add(Calendar.YEAR, 1);
Date enddate = calendar.getTime();
System.out.println("证书有效期为: " + begindate + " -- " + enddate);
// 设置新证书的有效期
CertificateValidity cv = new CertificateValidity(begindate, enddate);
cinfo1.set(X509CertInfo.VALIDITY, cv);
// 设置SN号
int sn = (int) (begindate.getTime() / 1000);
CertificateSerialNumber csn = new CertificateSerialNumber(sn);
cinfo1.set(X509CertInfo.SERIAL_NUMBER, csn);
System.out.println("证书SN: " + csn);
// 设置新证书的签发者
cinfo1.set(X509CertInfo.ISSUER + "."
+ CertificateIssuerName.DN_NAME, issuer);
System.out.println("签发者: "
+ issuer
+ " ISSUER: "
+ X509CertInfo.ISSUER
+ "name"
+ cinfo1.getName()
+ cinfo1.get(X509CertInfo.ISSUER + "."
+ CertificateIssuerName.DN_NAME));
// 设置新证书的算法
AlgorithmId algorithm = new AlgorithmId(
AlgorithmId.md5WithRSAEncryption_oid);
cinfo1.set(CertificateAlgorithmId.NAME + "."
+ CertificateAlgorithmId.ALGORITHM, algorithm);
// 创建新证书
X509CertImpl newcert = new X509CertImpl(cinfo1);
newcert.sign(pk, "DSA");//MD5WithRSA
System.out.println(newcert);
ks.setCertificateEntry(newCert, newcert);
FileOutputStream out = new FileOutputStream(name);
ks.store(out, certPass.toCharArray());
System.out.println("成功啦 hello world");
} catch (Exception e)
{
e.printStackTrace();
}
}
// 上面的代码是利用根证书的private key
// 完成证书的签发。所以签发的证书都是trustedCertEntry。而不是keyEntry。
// google了很多文档。都是和此代码类似。大多是利用ssl来完成加密通信的。而不是利用数字证书的公钥和私钥来完成加密和解密的。。。。
// 希望能得到大家的帮助。谢谢、
public String show()
{
try
{
String name = "e:/qhc/tools/MyKeyStore.keystore";
String certpass = "KeytoolHello123";//WorldHello
String pass = "WorldHello";// "KeytoolHello123";
// 根证书
String alias = "HelloKeytool";//
// String pass = "qihongce";
// String certpass = "qihongce";
// String name = "e:/qhc/tools/MyKeyStoreQHCTest.keystore";
// // 根证书
// String alias = "QHCKeytool";
System.out.println("aaaaaaaaaaaaaaaaaaaaaaa");
File file = new File(name);
// ObjectInputStream in = (new ObjectInputStream(new FileInputStream(
// name)));
FileInputStream in = new FileInputStream(
name);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, pass.toCharArray());
// 得到签发者
Certificate c = (Certificate) ks.getCertificate(alias);
byte[] encode1 = ((Certificate) c).getEncoded();
// 现在实现身份验证,通过数字签名来验证了。利用数字证书的私钥来完成签名,引用发出的公钥来验证签名。也是可以完成身份验证的。。。
Signature s = Signature.getInstance("DSA");
// 或得数字证书的私钥
PrivateKey prk = (PrivateKey) ks.getKey(alias, certpass
.toCharArray());
// PublicKey pubk = (PublicKey) ks.getKey(alias, certpass
// .toCharArray());
// 用私钥初始化Signature
s.initSign(prk);
// 传入要签名的数据
s.update(encode1);
// 执行签名
// String sig = (String) in.readObject();
byte[] signaturedata = s.sign();
// 利用公钥验证
PublicKey pbk = c.getPublicKey();
Signature s1 = Signature.getInstance("DSA");//MD5WithRSA
s1.initVerify(pbk);
// 传入要签名的数据
s1.update(signaturedata);
s1.verify(signaturedata);
System.out.println("成功啦 啦 啦 啦 啦 啦 啦");
return "身份验证成功:" + s.toString();
} catch (Exception e)
{
System.out.println("失败啦 啦 啦 啦 啦 啦 啦\n");
e.printStackTrace();
return "身份验证失败";
}
}
// ///
public void method1()
{
// JAVA对数字证书的常用操作
// 阅读提示:本文介绍JAVA对数字证书的常用操作
// 一需要包含的包
// 二 从文件中读取证书
String name = "e:/qhc/tools/MyKeyStore.keystore";
String cer = "e:/qhc/tools/HelloKeytool.cer";
String certpass = "KeytoolHello123";
String pass = "WorldHello";//
// 根证书
String alias = "HelloKeytool";// "HelloWorld";
//
String oldkeypass = "KeytoolHello123";
String newkeypass = "123456";
try
{
// 用keytool将.keystore中的证书写入文件中,然后从该文件中读取证书信息
/*
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(cer);//HelloKeytool.cer
Certificate c = cf.generateCertificate(in);
String s = c.toString();
System.out.println("s: " + s);
*/
// 三 从密钥库中直接读取证书
/*
FileInputStream in1 = new FileInputStream(name);//
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in1, pass.toCharArray());
Certificate c1 = ks.getCertificate(alias);// alias为条目的别名
// 四 JAVA程序中显示证书指定信息
X509Certificate t = (X509Certificate) c1;
System.out.println("输出证书信息:\n" + c1.toString());
System.out.println("版本号:" + t.getVersion());
System.out.println("序列号:" + t.getSerialNumber().toString(16));
System.out.println("主体名:" + t.getSubjectDN());
System.out.println("签发者:" + t.getIssuerDN());
System.out.println("有效期:" + t.getNotBefore());
System.out.println("签名算法:" + t.getSigAlgName());
byte[] sig = t.getSignature();// 签名值
PublicKey pk = t.getPublicKey();
byte[] pkenc = pk.getEncoded();
System.out.println("公钥");
for (int i = 0; i < pkenc.length; i++)
{
System.out.print(pkenc[i] + ",");
}
// 五 JAVA程序列出密钥库所有条目
FileInputStream in2 = new FileInputStream(name);//.keystore
KeyStore ks1 = KeyStore.getInstance("JKS");
ks1.load(in2, pass.toCharArray());
Enumeration e = ks1.aliases();
System.out.println("--------------------");
while (e.hasMoreElements())
{
Certificate c2 = ks1.getCertificate((String) e.nextElement());
System.out.println("c2: " + c2.getPublicKey());
}
System.out.println("=====================================");
*/
// 六 JAVA程序修改密钥库口令
/*
String oldpass = "WorldHello";
String newpass = "123456";
FileInputStream in3 = new FileInputStream(name);
KeyStore ks2 = KeyStore.getInstance("JKS");
ks2.load(in3, oldpass.toCharArray());
in3.close();
FileOutputStream output = new FileOutputStream(name);
ks2.store(output, newpass.toCharArray());
output.close();
System.out.println("密码修改成功!!!!!");
*/
// 七 JAVA程序修改密钥库条目的口令及添加条目
/*
FileInputStream in4 = new FileInputStream(name);
KeyStore ks3 = KeyStore.getInstance("JKS");
ks3.load(in4, storepass.toCharArray());
Certificate[] cchain = ks3.getCertificateChain(alias);// 获取别名对应条目的证书链
PrivateKey pk1 = (PrivateKey) ks3.getKey(alias, oldkeypass
.toCharArray());// 获取别名对应条目的私钥
ks3.setKeyEntry(alias, pk1, newkeypass.toCharArray(), cchain);// 向密钥库中添加条目
// 第一个参数指定所添加条目的别名,假如使用已存在别名将覆盖已存在条目,
// 使用新别名将增加一个新条目,第二个参数为条目的私钥,第三个为设置的新口令,第四个为该私钥的公钥的证书链
FileOutputStream output1 = new FileOutputStream("e:/qhc/tools/another.keystore");
ks3.store(output1, storepass.toCharArray());// 将keystore对象内容写入新文件
System.out.println("密钥库条目口令修改成功、添加条目成功!!!!");
*/
// 八 JAVA程序检验别名和删除条目
/*
FileInputStream in8 = new FileInputStream(name);
KeyStore ks8 = KeyStore.getInstance("JKS");
// 检验条目是否在密钥库中,存在返回true
ks8.load(in8, storepass.toCharArray());
if(ks8.containsAlias("sage"))
{
ks8.deleteEntry("sage");// 删除别名对应的条目
}
FileOutputStream output8 = new FileOutputStream(name);
ks8.store(output8, storepass.toCharArray());// 将keystore对象内容写入文件,条目删除成功
System.out.println("程序检测别名、删除条目成功!!!!");
*/
// 九 JAVA程序签发数字证书
/*
// (1)从密钥库中读取CA的证书
String cakeypass = "KeytoolHello123";//
FileInputStream in9 = new FileInputStream(name);
KeyStore ks9 = KeyStore.getInstance("JKS");
ks9.load(in9, pass.toCharArray());
Certificate c9 = ks9.getCertificate(alias);
// (2)从密钥库中读取CA的私钥
PrivateKey caprk = (PrivateKey) ks9.getKey(alias, certpass
.toCharArray());
// (3)从CA的证书中提取签发者的信息
byte[] encod1 = c9.getEncoded(); // 提取CA证书的编码
X509CertImpl cimp1 = new X509CertImpl(encod1); // 用该编码创建X509CertImpl类型对象
X509CertInfo cinfo1 = (X509CertInfo) cimp1.get(X509CertImpl.NAME
+ "." + X509CertImpl.INFO); // 获取X509CertInfo对象
X500Name issuer = (X500Name) cinfo1.get(X509CertInfo.SUBJECT + "."
+ CertificateIssuerName.DN_NAME); // 获取X509Name类型的签发者信息
// (4)获取待签发的证书
CertificateFactory cf9 = CertificateFactory.getInstance("X.509");
FileInputStream in91 = new FileInputStream(cer);
Certificate c29 = cf9.generateCertificate(in91);
// (5)从待签发的证书中提取证书信息
byte[] encod2 = c29.getEncoded();
X509CertImpl cimp2 = new X509CertImpl(encod2); // 用该编码创建X509CertImpl类型对象
X509CertInfo cinfo2 = (X509CertInfo) cimp2.get(X509CertImpl.NAME
+ "." + X509CertImpl.INFO); // 获取X509CertInfo对象
// (6)设置新证书有效期
Date begindate = new Date(); // 获取当前时间
Date enddate = new Date(begindate.getTime() + 3000 * 24 * 60 * 60
* 1000L); // 有效期为3000天
CertificateValidity cv = new CertificateValidity(begindate, enddate); // 创建对象
cinfo2.set(X509CertInfo.VALIDITY, cv); // 设置有效期
// (7)设置新证书序列号
int sn = (int) (begindate.getTime() / 1000);// 以当前时间为序列号
CertificateSerialNumber csn = new CertificateSerialNumber(sn);
cinfo2.set(X509CertInfo.SERIAL_NUMBER, csn);
// (8)设置新证书签发者
cinfo2.set(X509CertInfo.ISSUER + "."
+ CertificateIssuerName.DN_NAME, issuer);// 应用第三步的结果
// (9)设置新证书签名算法信息
AlgorithmId algorithm = new AlgorithmId(
AlgorithmId.md5WithRSAEncryption_oid);
cinfo2.set(CertificateAlgorithmId.NAME + "."
+ CertificateAlgorithmId.ALGORITHM, algorithm);
// (10)创建证书并使用CA的私钥对其签名
X509CertImpl newcert = new X509CertImpl(cinfo2);
newcert.sign(caprk, "DSA"); // 使用CA私钥对其签名
// (11)将新证书写入密钥库
ks9.setCertificateEntry("lf_signed", newcert);
FileOutputStream out = new FileOutputStream("e:/qhc/tools/newstore.keystore");
ks9.store(out, "qihongce".toCharArray()); // 这里是写入了新的密钥库,也可以使用第七条来增加条目
System.out.println("成功啦,这才是一个完整的利用公钥私钥颁发数字证书的过程");
*/
// 十 数字证书的检验
// (1)验证证书的有效期
// (a)获取X509Certificate类型对象
CertificateFactory cf10 = CertificateFactory.getInstance("X.509");
FileInputStream in10 = new FileInputStream(cer);
Certificate c10 = cf10.generateCertificate(in10);
X509Certificate t1 = (X509Certificate) c10;
in10.close();
// (b)获取日期
Date TimeNow = new Date();
// (c)检验有效性
t1.checkValidity(TimeNow);
System.out.println("OK");
} catch (CertificateExpiredException e11)
{ // 过期
System.out.println("Expired");
System.out.println(e11.getMessage());
} catch (CertificateNotYetValidException ex)
{ // 尚未生效
System.out.println("Too early");
System.out.println(ex.getMessage());
} catch (Exception ex)
{
System.out.println(ex.getMessage());
}
boolean pass12 = false;
try
{
// (2)验证证书签名的有效性
// (a)获取CA证书
CertificateFactory cf11 = CertificateFactory.getInstance("X.509");
FileInputStream in20 = new FileInputStream(cer);
Certificate cac = cf11.generateCertificate(in20);
in20.close();
// (c)获取CA的公钥
PublicKey pbk = cac.getPublicKey();
// (b)获取待检验的证书(上步已经获取了,就是C1)
// (c)检验证书
cac.verify(pbk);
pass12 = true;
System.out.println("OK!!!");
} catch (Exception e1)
{
pass12 = false;
System.out.println(e1);
}
}
/*
* public void key() { String before = "asdf"; byte[] plainText =
* before.getBytes("UTF8");
*
* //1步**********************************************************************
* System.out.println("Start generate AES key.");
* //得到一个使用AES算法的KeyGenerator的实例 KeyGenerator keyGen =
* KeyGenerator.getInstance("AES"); //定义密钥长度128位 keyGen.init(128);
* //通过KeyGenerator产生一个key(密钥算法刚才已定义,为AES) Key key = keyGen.generateKey();
* System.out.println("Finish generating AES key."+key);
*
*
* //2步**********************************************************************
* //获得一个私钥加密类Cipher,定义Cipher的基本信息:ECB是加密方式,PKCS5Padding是填充方法 Cipher cipher =
* Cipher.getInstance("AES/ECB/PKCS5Padding"); // System.out.println("\n" +
* cipher.getProvider().getInfo());
*
*
* //3步**********************************************************************
* //使用私钥加密 System.out.println("\n用私钥加密...");
* //把刚才生成的key当作参数,初始化使用刚才获得的私钥加密类,Cipher.ENCRYPT_MODE意思是加密
* cipher.init(Cipher.ENCRYPT_MODE, key);
*
* //私钥加密类Cipher进行加密,加密后返回一个字节流 byte[] byte[] cipherText =
* cipher.doFinal(plainText);
*
* //以UTF8格式把字节流转化为 String String after1 = new String(cipherText, "UTF8");
* System.out.println("用私钥加密完成:"+after1);
*
*
* //4步**********************************************************************
* //使用私钥对刚才加密的信息进行解密,看看是否一致,Cipher.DECRYPT_MODE意思是解密钥
* System.out.println("\n用私钥解密..."); cipher.init(Cipher.DECRYPT_MODE, key);
*
* //对刚才私钥加密的字节流进行解密,解密后返回一个字节流 byte[] byte[] newPlainText =
* cipher.doFinal(cipherText);
*
* String after2 = new String(newPlainText, "UTF8");
* System.out.println("用私钥解密完成:"+after2); }
*
* public void key1() { String before = "asdf"; byte[] plainText =
* before.getBytes("UTF8");
*
* //产生一个RSA密钥生成器KeyPairGenerator(顾名思义:一对钥匙生成器) KeyPairGenerator keyGen =
* KeyPairGenerator.getInstance("RSA"); //定义密钥长度1024位
* keyGen.initialize(1024); //通过KeyPairGenerator产生密钥,注意:这里的key是一对钥匙!!
* KeyPair key = keyGen.generateKeyPair();
*
* //获得一个RSA的Cipher类,使用公钥加密 Cipher cipher =
* Cipher.getInstance("RSA/ECB/PKCS1Padding"); // System.out.println("\n" +
* cipher.getProvider().getInfo());
*
* System.out.println("\n用公钥加密...");
* //Cipher.ENCRYPT_MODE意思是加密,从一对钥匙中得到公钥key.getPublic()
* cipher.init(Cipher.ENCRYPT_MODE, key.getPublic()); //用公钥进行加密,返回一个字节流
* byte[] cipherText = cipher.doFinal(plainText); //以UTF8格式把字节流转化为 String
* String after1 = new String(cipherText, "UTF8");
* System.out.println("用公钥加密完成:"+after1);
*
*
* //使用私钥解密 System.out.println("\n用私钥解密...");
* //Cipher.DECRYPT_MODE意思是解密,从一对钥匙中得到私钥 key.getPrivate()
* cipher.init(Cipher.DECRYPT_MODE, key.getPrivate()); //用私钥进行解密,返回一个字节流
* byte[] newPlainText = cipher.doFinal(cipherText);
*
* String after2 = new String(newPlainText, "UTF8");
* System.out.println("用私钥解密完成:"+after2); }
*/
}
java sn
最新推荐文章于 2023-02-21 16:01:04 发布