java实现安全证书相关操作

最新推荐文章于 2024-07-03 14:30:44 发布
最新推荐文章于 2024-07-03 14:30:44 发布
阅读量7.8k 收藏 10
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zrbin153/article/details/8998778
版权 
package test;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateFactorySpi;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import org.junit.Test;

import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS10;
import sun.security.pkcs.PKCS7;
import sun.security.tools.KeyStoreUtil;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X500Signer;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

public class ReadKeyStoreTest {
	/**
	 * 列出store中所有的私钥和公钥 以及签名信息
	 * 
	 * @param ks
	 * @param storePass
	 * @param priKeyPass
	 * @throws Exception
	 */
	private void listKeyAndCertificate(KeyStore ks, String storePass,
			String priKeyPass) throws Exception {
		System.out.println("size=" + ks.size());
		Enumeration
  
  
   
    enum1 = ks.aliases();
		int i = 0;
		while (enum1.hasMoreElements()) {
			String alias = enum1.nextElement();
			System.out.println("第" + (++i) + "个");
			System.out.println("alias=" + alias);
			java.security.cert.Certificate c = ks.getCertificate(alias);// alias为条目的别名
			readX509Certificate((X509Certificate) c);
			readPriKey(ks, alias, priKeyPass);
		}
	}

	/**
	 * 列出store中私钥和cert chain信息
	 * 
	 * @param ks
	 * @param alias
	 * @param pass
	 * @throws Exception
	 */
	private void readPriKey(KeyStore ks, String alias, String pass)
			throws Exception {
		Key key = ks.getKey(alias, pass.toCharArray());
		if (null == key) {
			System.out.println("no priviate key of " + alias);
			return;
		}
		System.out.println();
		System.out.println("algorithm=" + key.getAlgorithm());
		System.out.println("format=" + key.getFormat());
		System.out.println("toString=" + key);
		readCertChain(ks, alias);
	}

	/**
	 * 列出store中 cert chain信息
	 * 
	 * @param ks
	 * @param alias
	 * @throws Exception
	 */
	private void readCertChain(KeyStore ks, String alias) throws Exception {
		Certificate[] certChain = ks.getCertificateChain(alias);
		System.out.println("chain of " + alias);
		if (null == certChain) {
			System.out.println("no chain");
			return;
		}
		int i = 0;
		for (Certificate c : certChain) {
			System.out.println("index " + (i++) + " in chain of " + alias);
			readX509Certificate((X509Certificate) c);
		}
	}

	/**
	 * 列出x509Certificate的基本信息
	 * 
	 * @param t
	 */
	private void readX509Certificate(X509Certificate t) {
		System.out.println(t);
		System.out.println("输出证书信息:\n" + t.toString());
		System.out.println("版本号:" + t.getVersion());
		System.out.println("序列号:" + t.getSerialNumber().toString(16));
		System.out.println("主体名:" + t.getSubjectDN());
		System.out.println("签发者:" + t.getIssuerDN());
		System.out.println("有效期:" + t.getNotBefore());
		System.out.println("签名算法:" + t.getSigAlgName());
		byte[] sig = t.getSignature();// 签名值
		PublicKey pk = t.getPublicKey();
		byte[] pkenc = pk.getEncoded();
		System.out.println("签名 :");
		for (int i = 0; i < sig.length; i++)
			System.out.print(sig[i] + ",");
		System.out.println();
		System.out.println("公钥: ");
		for (int i = 0; i < pkenc.length; i++)
			System.out.print(pkenc[i] + ",");
		System.out.println();
	}

	/**
	 * 创建一个新的keystore
	 * 
	 * @param storePass
	 * @param storeType
	 *            PKCS12/JKS
	 * @return
	 * @throws Exception
	 */
	private KeyStore createKeyStore(String storePass, String storeType)
			throws Exception {
		KeyStore ks = KeyStore.getInstance(storeType);
		ks.load(null, storePass.toCharArray());
		return ks;
	}

	/**
	 * 加载一个已有的keyStore
	 * 
	 * @param path
	 * @param storePass
	 * @param storeType
	 *            PKCS12/JKS
	 * @return
	 * @throws Exception
	 */
	private KeyStore loadKeyStore(String path, String storePass,
			String storeType) throws Exception {
		FileInputStream in = new FileInputStream(path);
		KeyStore ks = KeyStore.getInstance(storeType);
		ks.load(in, storePass.toCharArray());
		in.close();
		return ks;
	}

	/**
	 * 从文件加载一个证书
	 * 
	 * @param path
	 * @param certType
	 * @return
	 * @throws Exception
	 */
	private Certificate loadCert(String path, String certType) throws Exception {
		CertificateFactory cf = CertificateFactory.getInstance(certType);
		FileInputStream in = new FileInputStream(path);
		Certificate c = cf.generateCertificate(in);
		in.close();
		return c;
	}

	/**
	 * 生成一个由根证书签名的store
	 * 
	 * @param rootStore
	 * @param rootAlias
	 * @param rootKeyPass
	 * @param subjectStr
	 * @param storeType
	 * @param storePass
	 * @param alg
	 * @param keySize
	 * @param keyPass
	 * @return
	 * @throws Exception
	 */
	public KeyStore generateSignedKeyStore(KeyStore rootStore,
			String rootAlias, String rootKeyPass, String subjectStr,
			String storeType, String storePass, String alias, String alg,
			int keySize, String keyPass) throws Exception {

		PrivateKey rootKey = null;
		X509CertImpl rootCert = null;
		X509CertInfo rootInfo = null;
		CertificateSubjectName rootsubject = null;
		// 签发者
		X500Name issueX500Name = new X500Name(subjectStr);

		if (null != rootStore) {
			rootKey = (PrivateKey) rootStore.getKey(rootAlias,
					rootKeyPass.toCharArray());
			rootCert = (X509CertImpl) rootStore.getCertificate(rootAlias);
			rootInfo = (X509CertInfo) rootCert.get(X509CertImpl.NAME + "."
					+ X509CertImpl.INFO);
			rootsubject = (CertificateSubjectName) rootInfo
					.get(X509CertInfo.SUBJECT);
			issueX500Name = (X500Name) rootsubject
					.get(CertificateIssuerName.DN_NAME);
		}

		// 签发者
		CertificateIssuerName issuerName = new CertificateIssuerName(
				issueX500Name);
		// 被签发者
		X500Name subjectX500Name = new X500Name(subjectStr);
		CertificateSubjectName subjectName = new CertificateSubjectName(
				subjectX500Name);

		// 有效期设置
		Calendar calendar = Calendar.getInstance();
		Date startDate = calendar.getTime();
		calendar.add(Calendar.DATE, 85);
		Date endDate = calendar.getTime();
		CertificateValidity certificateValidity = new CertificateValidity(
				startDate, endDate);

		// 序列号
		CertificateSerialNumber sn = new CertificateSerialNumber(
				(int) (startDate.getTime() / 1000L));

		// 版本
		CertificateVersion certVersion = new CertificateVersion(
				CertificateVersion.V3);

		// 算法
		// TODO 获取算法的代码有问题
		AlgorithmId algorithmId = new AlgorithmId(
				"RSA".equals(alg) ? AlgorithmId.sha1WithRSAEncryption_oid
						: AlgorithmId.sha1WithDSA_oid);

		// 密钥对
		KeyPairGenerator keygen = KeyPairGenerator.getInstance(alg);
		keygen.initialize(keySize, new SecureRandom());
		KeyPair kp = keygen.genKeyPair();

		X509CertInfo certInfo = new X509CertInfo();
		certInfo.set("version", certVersion);
		certInfo.set("serialNumber", sn);

		// localX500Signer.getAlgorithmId();
		certInfo.set("algorithmID", new CertificateAlgorithmId(algorithmId));
		certInfo.set("key", new CertificateX509Key(kp.getPublic()));
		certInfo.set("validity", certificateValidity);
		certInfo.set("subject", subjectName);
		certInfo.set("issuer", issuerName);
		// 扩展信息
		// if (System.getProperty("sun.security.internal.keytool.skid") !=
		// null)
		// {
		// CertificateExtensions localCertificateExtensions = new
		// CertificateExtensions();
		// localCertificateExtensions.set("SubjectKeyIdentifier", new
		// SubjectKeyIdentifierExtension(new
		// KeyIdentifier(this.publicKey).getIdentifier()));
		// certInfo.set("extensions", localCertificateExtensions);
		// }

		X509CertImpl newcert = new X509CertImpl(certInfo);
		// TODO 这里的签名算法可能有问题 貌似应该用rootcert的签名算法 待测试
		KeyStore ks = this.createKeyStore(storePass, storeType);
		Certificate[] certChain = null;
		// 如果rootStore为空 则生成自签名证书
		if (null == rootStore) {
			newcert.sign(kp.getPrivate(), "SHA1WithRSA");
			certChain = new Certificate[] { newcert };
		} else {
			newcert.sign(rootKey, "SHA1WithRSA");
			certChain = new Certificate[] { newcert, rootCert };
		}

		// ks.setCertificateEntry("zrbin", newcert);
		ks.setKeyEntry(alias, kp.getPrivate(), keyPass.toCharArray(), certChain);
		return ks;

	}

	@Test
	public void testReadCer() throws Exception {
		String path = "d:\\test.cer";
		String certType = "X.509";
		CertificateFactory cf = CertificateFactory.getInstance(certType);
		FileInputStream in = new FileInputStream(path);
		Collection
   
   
    
     cs = (Collection
    
    
     
     ) cf
				.generateCertificates(in);
		in.close();
		System.out.println("size=" + cs.size());
		for (Certificate c : cs) {
			readX509Certificate((X509Certificate) c);
		}
	}

	@Test
	public void testReadP12() throws Exception {
		String storePass = "123456";
		String keyPass = "123456";
		String path = "d:\\zrbin.p12";
		KeyStore ks = loadKeyStore(path, storePass, "PKCS12");
		listKeyAndCertificate(ks, storePass, keyPass);
	}

	@Test
	public void testReadKeyStore() throws Exception {
		String storePass = "123456";
		String keyPass = "123456";
		String path = "d:\\test.keystore";
		KeyStore ks = loadKeyStore(path, storePass, "JCEKS");
		listKeyAndCertificate(ks, storePass, keyPass);
	}

	@Test
	public void testExportCert() throws FileNotFoundException, Exception {
		String pass = "123456";
		FileInputStream in = new FileInputStream("d:\\zrbin.p12");
		boolean rfc = true;
		KeyStore ks = KeyStore.getInstance("PKCS12");
		ks.load(in, pass.toCharArray());
		Certificate cert = ks.getCertificate("zrbin");
		PrintStream out = new PrintStream("D:\\zrbin.cer");
		if (rfc) {
			BASE64Encoder encoder = new BASE64Encoder();
			out.println("-----BEGIN CERTIFICATE-----");
			encoder.encodeBuffer(cert.getEncoded(),
					out);
			out.println("-----END CERTIFICATE-----");
		} else {
			out.write(cert.getEncoded());
		}
		out.write(cert.getEncoded());
	}

	@Test
	public void testImportCert() throws Exception {
		CertificateFactory cf = CertificateFactory.getInstance("X.509");
		FileInputStream storeIn = new FileInputStream("d:\\server.keystore");
		FileInputStream in = new FileInputStream("d:\\zrbin.cer");
		FileInputStream rootin = new FileInputStream("d:\\root.cer");

		X509CertImpl cert = (X509CertImpl) cf.generateCertificate(in);
		X509CertImpl rootcert = (X509CertImpl) cf.generateCertificate(rootin);

		KeyStore ks = KeyStore.getInstance("JKS");
		ks.load(null, "123456".toCharArray());
		ks.deleteEntry("zrbin");
		// ks.setCertificateEntry("zrbin", cert);
		ks.setCertificateEntry("root", rootcert);
		in.close();
		FileOutputStream out = new FileOutputStream("d:\\server.keystore");
		ks.store(out, "123456".toCharArray());
	}

	@Test
	public void testImportSigenedCert() throws Exception {
		String alias = "test";
		CertificateFactory cf = CertificateFactory.getInstance("X.509");
		FileInputStream storeIn = new FileInputStream("d:\\test.keystore");
		KeyStore ks = KeyStore.getInstance("JKS");
		ks.load(storeIn, "123456".toCharArray());
		PrivateKey priKey = (PrivateKey) ks.getKey(alias,
				"123456".toCharArray());
		FileInputStream in = new FileInputStream("d:\\test.cer");
		Collection
     
     
      
       certCollection = (Collection
      
      
        ) cf .generateCertificates(in); System.out.println(certCollection.size()); if (certCollection.size() == 0) { System.out.println("没有要导入的证书"); return; } // 如果没有对应的私钥,直接导入certficateEntry if (null == priKey) { for (Certificate _cert : certCollection) { ks.setCertificateEntry(alias, _cert); break; } } else { Certificate importCert = null; for (Certificate cert : certCollection) { if (ks.getCertificate(alias).getPublicKey() .equals(cert.getPublicKey())) { importCert = cert; break; } } if (null == importCert) { System.out.println("错误:no replay cert"); } certCollection.remove(importCert); if (X509CertImpl.isSelfSigned((X509Certificate) importCert, null)) { System.out.println("证书未被ca签名,无需导入"); } else { // 构建认证链 List 
       
         certList = new ArrayList 
        
          ( ks.size()); Map 
         
           cerMap = new HashMap 
          
            (); Enumeration 
           
             aliasEnum = ks.aliases(); // 把不包括当前回复的都加到map里 while (aliasEnum.hasMoreElements()) { String _alias = aliasEnum.nextElement(); if (!_alias.equals(alias)) { X509CertImpl _cert = (X509CertImpl) ks .getCertificate(_alias); cerMap.put(_cert.getSubjectDN(), _cert); } } for (Certificate cert : certCollection) { cerMap.put(((X509Certificate) cert).getSubjectDN(), cert); } certList.add(importCert); Principal issuerName = ((X509Certificate) importCert) .getIssuerDN(); while (cerMap.keySet().contains(issuerName)) { X509Certificate _rootCert = (X509Certificate) cerMap .remove(issuerName); if (null == _rootCert) { System.out.println(issuerName + "的根证书为空"); return; } certList.add(_rootCert); issuerName = _rootCert.getIssuerDN(); } X509CertImpl rootCert = (X509CertImpl) certList.get(certList .size() - 1); if (!X509CertImpl.isSelfSigned(rootCert, null)) { System.out.println("构建证书链错误,请先导入颁发者(" + issuerName + ")的CA证书"); return; } Certificate[] certChain = certList .toArray(new Certificate[certList.size()]); ks.setKeyEntry(alias, priKey, "123456".toCharArray(), certChain); } } in.close(); FileOutputStream out = new FileOutputStream("d:\\test.keystore"); ks.store(out, "123456".toCharArray()); out.close(); } @Test public void testGenerateKeyStore() throws Exception { KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA"); KeyPair kp = kg.genKeyPair(); System.out.println(KeyStoreUtil.niceStoreTypeName("PKCS12")); System.out.println(kp.getPrivate()); System.out.println(kp.getPublic()); KeyStore ks = KeyStore.getInstance("JKS"); } @Test public void testX500Name() throws IOException, CertificateException { // for(byte i=48;i<=57;i++){ // System.out.println((char)i); // } // RFC 1779 (CN, L, ST, O, OU, C, STREET) // RFC 2253 (CN/name, L/location, ST/station, O/org, OU/orgunit, // C/country, STREET, DC, UID) X500Name subjectName = new X500Name( "CN=www.jiangtech.com,L=ZuChongZhi road,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"); X500Name subjectName1 = new X500Name( "CN=www.jiangtech.com,L=ZuChongZhi road,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"); // X509CertInfo certInfo = new X509CertInfo(); // certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( // subjectName)); System.out.println(subjectName.hashCode()); System.out.println(subjectName1.hashCode()); } /** * 证书验证 * * @throws Exception */ @Test public void testValidate() throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); // kpg.initialize() KeyPair kp = kpg.genKeyPair(); KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456", "JKS"); PrivateKey rootKey = (PrivateKey) rootStore.getKey("jdcert", "123456".toCharArray()); KeyStore store1 = this.loadKeyStore("d:/jd_signed.keystore", "123456", "JKS"); X509CertImpl rootCert = (X509CertImpl) rootStore .getCertificate("jdcert"); X509CertInfo rootInfo = (X509CertInfo) rootCert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); CertificateSubjectName rootsubject = (CertificateSubjectName) rootInfo .get(X509CertInfo.SUBJECT); Certificate[] chain = rootStore.getCertificateChain("jdcert"); rootCert.verify(kp.getPublic()); } /** * 测试签发证书 */ @Test public void testGenerateSignedKeyStore() { try { KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456", "JKS"); String rootAlias = "test"; String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"; String alg = "RSA"; String storeType = "JKS"; int keySize = 1024; String keyPass = "123456"; String rootKeyPass = "123456"; String storePass = "123456"; String alias = "test"; KeyStore ks = this.generateSignedKeyStore(null, rootAlias, rootKeyPass, subjectStr, storeType, storePass, alias, alg, keySize, keyPass); OutputStream out = new FileOutputStream( new File("d:/test.keystore")); ks.store(out, "123456".toCharArray()); } catch (Exception e) { e.printStackTrace(); } } /** * 测试签发证书 */ @Test public void testGenerateSecKeyStore() { try { String rootAlias = "test"; String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"; String alg = "DES"; String storeType = "JKS"; int keySize = 1024; String keyPass = "123456"; String rootKeyPass = "123456"; String storePass = "123456"; String alias = "test"; KeyStore ks = this.createKeyStore("123456", "JCEKS"); KeyGenerator keygen = KeyGenerator.getInstance("DES"); SecretKey secKey = keygen.generateKey(); ks.setKeyEntry(alias, secKey, "123456".toCharArray(),null); OutputStream out = new FileOutputStream( new File("d:/test.keystore")); ks.store(out, "123456".toCharArray()); } catch (Exception e) { e.printStackTrace(); } } @Test /** * 关于p7b的操作 未实现 */ public void testGeneratePKCS7KeyStore() { try { /*ContentInfo info = new ContentInfo(arg0); //PKCS7 pkcs7 = new PKCS7() String rootAlias = "test"; String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"; String alg = "DES"; String storeType = "JKS"; int keySize = 1024; String keyPass = "123456"; String rootKeyPass = "123456"; String storePass = "123456"; String alias = "test"; KeyStore ks = this.createKeyStore("123456", "PKCS7"); KeyGenerator keygen = KeyGenerator.getInstance("RSA"); //SecretKey secKey = keygen.generateKey(); //ks.setKeyEntry(alias, secKey, "123456".toCharArray(),null); OutputStream out = new FileOutputStream( new File("d:/test.keystore")); ks.store(out, "123456".toCharArray());*/ } catch (Exception e) { e.printStackTrace(); } } @Test public void testReadJCEKS() throws Exception{ KeyStore ks = this.loadKeyStore("D:/test.keystore","123456", "JCEKS"); Enumeration 
            
              aliasEnum = ks.aliases(); while(aliasEnum.hasMoreElements()){ String alias = aliasEnum.nextElement(); SecretKeySpec secKey = (SecretKeySpec) ks.getKey(alias, "123456".toCharArray()); System.out.println(ks.getCertificate(alias)); //System.out.println(ks.); System.out.println(secKey.getClass()); System.out.println(secKey.getFormat()); System.out.println(secKey.getEncoded()); } } public PKCS10 readCsr() throws Exception { File f = new File("D:/test.csr"); InputStream in = new FileInputStream(f); ByteArrayOutputStream out = new ByteArrayOutputStream(1024); byte[] bytes = new byte[(int) f.length()]; in.read(bytes); String base64String = new String(bytes, "ISO-8859-1"); System.out.println(base64String); Pattern p = Pattern .compile("-----BEGIN NEW CERTIFICATE REQUEST-----([\\s\\S]*?)-----END NEW CERTIFICATE REQUEST-----([\\s\\S]*)"); BASE64Decoder decoder = new BASE64Decoder(); Matcher m = p.matcher(base64String); if (m.find()) { String s = m.group(1); System.out.println(s.trim()); byte[] bArray = decoder.decodeBuffer(s); PKCS10 csr = new PKCS10(bArray); System.out.println(csr); return csr; } throw new Exception("文件错误 ,无法读取csr"); } @Test public void testReadCsr() throws Exception { PKCS10 csr = readCsr(); } @Test public void createCsr() throws Exception { String storePass = "123456"; String alias = "test"; String alg = null; KeyStore ks = this.loadKeyStore("d:/test.keystore", storePass, "JKS"); Certificate cert = ks.getCertificate(alias); PrivateKey priKey = (PrivateKey) ks.getKey(alias, "123456".toCharArray()); PublicKey pubKey = cert.getPublicKey(); PKCS10 csr = new PKCS10(pubKey); String signAlg = null; if (alg == null) { alg = priKey.getAlgorithm(); if (("DSA".equalsIgnoreCase(alg)) || ("DSS".equalsIgnoreCase(alg))) signAlg = "SHA1WithDSA"; else if ("RSA".equalsIgnoreCase((String) alg)) signAlg = "SHA1WithRSA"; else throw new Exception("Cannot derive signature algorithm"); } Signature signature = Signature.getInstance(signAlg); signature.initSign(priKey); X500Name x500Name = new X500Name(((X509Certificate) cert) .getSubjectDN().toString()); X500Signer x500Signer = new X500Signer(signature, x500Name); ((PKCS10) csr).encodeAndSign(x500Signer); File f = new File("D:/test.csr"); if (f.exists()) { f.delete(); } ((PKCS10) csr).print(new PrintStream(new File("D:/test.csr"))); } /** * 签名 * * @throws Exception */ @Test public void testSignature() throws Exception { KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456", "JKS"); PrivateKey rootKey = (PrivateKey) rootStore.getKey("root", "123456".toCharArray()); X509CertImpl rootX509Cert = (X509CertImpl) rootStore .getCertificate("root"); X500Name issuerX500Name = (X500Name) rootX509Cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO + "." + X509CertInfo.SUBJECT + "." + CertificateSubjectName.DN_NAME); // 有效期设置 Calendar calendar = Calendar.getInstance(); Date startDate = calendar.getTime(); calendar.add(Calendar.DATE, 85); Date endDate = calendar.getTime(); CertificateValidity certificateValidity = new CertificateValidity( startDate, endDate); // 序列号 CertificateSerialNumber sn = new CertificateSerialNumber( (int) (startDate.getTime() / 1000L)); PKCS10 csr = this.readCsr(); PublicKey pubKey = csr.getSubjectPublicKeyInfo(); X500Name subjectX500Name = csr.getSubjectName(); // TODO 未实现 Signature signature = Signature.getInstance("Sha1WithRSA"); X500Signer signer = new X500Signer(signature, subjectX500Name); AlgorithmId algorithmId = signer.getAlgorithmId(); X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( algorithmId)); info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( subjectX500Name)); info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerX500Name)); info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey)); info.set(X509CertInfo.VERSION, new CertificateVersion( CertificateVersion.V3)); info.set(X509CertInfo.VALIDITY, certificateValidity); info.set(X509CertInfo.SERIAL_NUMBER, sn); X509CertImpl newCert = new X509CertImpl(info); newCert.sign(rootKey, "SHA1WithRSA"); OutputStream out = new FileOutputStream("d:/test.cer"); out.write(newCert.getEncoded()); out.write(rootX509Cert.getEncoded()); out.close(); } }

zrbin153
关注
java 实现数字证书操作实现网络安全
12-12
Java 数字证书操作是网络安全领域中的重要...以上就是在Java实现数字证书操作的主要步骤和相关知识,实际应用中还需要考虑安全性、性能和用户体验等因素。在开发过程中,应遵循最佳实践,确保系统的安全性和可靠性。
java 实现der编码,Java AlgorithmId.derEncode方法代码示例
weixin_36025345的博客
03-12 872
import sun.security.x509.AlgorithmId; //导入方法依赖的package包/类/*** Encode the bytes for the TBSCertificate structure:* * TBSCertificate ::= SEQUENCE {* version [0] EXPLICIT Version DEFAUL...
Java中设计和实现强大的安全认证系统
最新发布
聚娃科技开发者博客
07-03 490
大家好,我是免费搭建查券返利机器人省钱赚佣金就用微赚淘客系统3.0的小编,也是冬天不穿秋裤,天冷也要风度的程序猿!安全认证系统是任何应用程序的基础,确保用户身份的真实性和数据的安全性。设计和实现一个强大的安全认证系统是保障应用程序安全的关键步骤。在Java中,我们可以利用Spring Security、JWT、多因子认证等技术手段,构建一个安全、可靠的认证系统。希望本文的内容对大家有所帮助。多因子认证(MFA)通过增加额外的验证手段,提高系统的安全性。一个强大的安全认证系统需要一个可靠的用户管理模块。
Java安全——密钥和证书
多头注意力探索Now
07-04 1809
java安全中的密钥和证书说明
java生成证书_纯Java实现数字证书生成签名的简单实例
weixin_39639600的博客
02-12 811
package com.ylsoft.cert;import java.io.File;import java.io.FileInputStream;import java.io.FileOutputStream;import java.io.IOException;import java.security.InvalidKeyException;import java.security.KeyP...
Java安全(JCA/JSSE):数字证书
熊诗言的博客
05-10 523
数字证书包含了公钥,签发信息等。存储数字证书的地方叫KeyStore,有三种类型(私钥证书PrivateKeyEntry、密钥证书SecretKeyEntry、受信证书TrustedCertificateEntry)。可以使用keytool查看、创建、导入导出等。 KeyStore 存储多个私钥和其附带的数字证书 存储信任的第三方数字证书 KeyStore中的每一个私钥和信任的第三方数字证书用一个alias进行标识 Keytool 产生私钥与导入第三方证书 导出证书与生成CSR(Certific
java证书认证实现https访问
01-04
Java实现证书认证以安全地访问HTTPS服务是一个关键的步骤,特别是在处理敏感数据或者进行服务器间通信时。HTTPS协议提供了对传输数据的加密,确保了数据在互联网上的完整性和机密性。本篇文章将深入探讨如何在...
java实现读取证书访问https接口
07-11
本教程将深入讲解如何使用Java实现读取证书并访问HTTPS接口。 首先,我们需要了解Java中的X.509证书,这是最常见的数字证书格式,用于存储公钥和相关标识信息。在Java中,我们可以使用`java.security.cert`包中的类...
java实现opc ua连接及操作的代码工具包Demo
07-05
总结来说,"java实现opc ua连接及操作的代码工具包Demo"是一个学习和实践OPC UA协议的宝贵资源,它涵盖了从服务器创建、客户端连接、数据读写到安全配置的完整流程,对于任何想要在Java环境中接触OPC UA的开发者都极...
java实现scep源码
03-04
Java实现SCEP源码详解 SCEP(Simple Certificate Enrollment Protocol)是一种基于PKI(Public Key Infrastructure,公钥基础设施)的协议,用于自动化证书请求、分发和撤销过程。在网络安全领域,SCEP协议常被用在...
把Https网站中的安全证书导入到java的cacerts证书库中
03-18
NULL 博文链接:https://huang552.iteye.com/blog/677696
java对数字证书常用操作
09-13
java对数字证书常用操作,总结了一下java操作数字证书的常用方法,非常有用!
安全证书登录组件SecUser
08-12
安全证书登录组件SecUser,后简称SecUser是www.kaitoo.com开发的一款基于.Net的开放源码的安全证书登录组件,该组件可以帮助用户构建一个类似于银行的网上银行系统的基于证书验证的Web应用系统。该组件封装了证书的管理功能,验证功能,以及登录后Web应用系统的安全认证功能,为开发者提供一个方便易用且高度可扩展的安全证书系统支撑平台。
Java基于BC生成X509v3证书,以及部分扩展Extension的使用
07-09
Java基于BC生成X509v3证书,以及部分扩展Extension的使用,如:BasicConstraints、CRLDIstPoint、CertificatePolicies、PolicyMappings、KeyUsage、ExtendedKeyUsage、SubjectAlternativeName、AuthorityInfoAccess、AuthorityKeyIdentifier、SubjectKeyIdentifier、NameConstraints。
Java实现浏览器CA证书的签名和验证
04-27
Java实现浏览器CA证书的签名和验证,讲述CA证书的生成方式和在java中的使用方法
下载安全证书到jdk中的cacerts证书
你的眼睛啊ii的博客
12-06 1782
JDK中添加安全证书
java程序实现证书操作
moonpure的专栏
11-17 3130
Java程序从证书文件读取证书 import java.io.*; import java.security.cert.*;  public class PrintCert{  public static void main(String args[ ]) throws Exception{         CertificateFactory cf=CertificateFactory.g...
java项目-导入https证书三种方式
NIki_ya的博客
05-09 1723
JAVA_HOME\jre\lib\security\目录即为keytool证书路径进入到jre路径安装keytool证书注意:1 证书;2 cmd 以管理员身份运行(证书1)keytool -keystore cacerts -importcert -alias {证书名称CA1} -file {证书路径CA1.crt} -storepass changeit。
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值