Java Tutorial/Security/Certificate
Содержание
Creating a Certificate in Java
<source lang="java">
import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.util.Date; import sun.security.x509.AlgorithmId; import sun.security.x509.CertificateAlgorithmId; import sun.security.x509.CertificateIssuerName; import sun.security.x509.CertificateSerialNumber; import sun.security.x509.CertificateSubjectName; import sun.security.x509.CertificateValidity; import sun.security.x509.X500Name; import sun.security.x509.X509CertImpl; import sun.security.x509.X509CertInfo; public class MainClass {
public static void main(String[] args) throws Exception { String keystoreFile = "keyStoreFile.bin"; String caAlias = "caAlias"; String certToSignAlias = "cert"; String newAlias = "newAlias"; char[] password = new char[]{"a","b","c","d","e","f","g","h"}; char[] caPassword = new char[]{"a","b","c","d","e","f","g","h"}; char[] certPassword = new char[]{"a","b","c","d","e","f","g","h"}; FileInputStream input = new FileInputStream(keystoreFile); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(input, password); input.close(); PrivateKey caPrivateKey = (PrivateKey) keyStore.getKey(caAlias, caPassword); java.security.cert.Certificate caCert = keyStore.getCertificate(caAlias); byte[] encoded = caCert.getEncoded(); X509CertImpl caCertImpl = new X509CertImpl(encoded); X509CertInfo caCertInfo = (X509CertInfo) caCertImpl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name) caCertInfo.get(X509CertInfo.SUBJECT + "." + CertificateIssuerName.DN_NAME); java.security.cert.Certificate cert = keyStore.getCertificate(certToSignAlias); PrivateKey privateKey = (PrivateKey) keyStore.getKey(certToSignAlias, certPassword); encoded = cert.getEncoded(); X509CertImpl certImpl = new X509CertImpl(encoded); X509CertInfo certInfo = (X509CertInfo) certImpl .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); Date firstDate = new Date(); Date lastDate = new Date(firstDate.getTime() + 365 * 24 * 60 * 60 * 1000L); CertificateValidity interval = new CertificateValidity(firstDate, lastDate); certInfo.set(X509CertInfo.VALIDITY, interval); certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( (int) (firstDate.getTime() / 1000))); certInfo.set(X509CertInfo.ISSUER + "." + CertificateSubjectName.DN_NAME, issuer); AlgorithmId algorithm = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid); certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algorithm); X509CertImpl newCert = new X509CertImpl(certInfo); newCert.sign(caPrivateKey, "MD5WithRSA"); keyStore.setKeyEntry(newAlias, privateKey, certPassword, new java.security.cert.Certificate[] { newCert }); FileOutputStream output = new FileOutputStream(keystoreFile); keyStore.store(output, password); output.close(); }
}</source>
Exporting a Certificate to a File
<source lang="java">
import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.OutputStreamWriter; import java.io.Writer; import java.nio.charset.Charset; import java.security.KeyStore; import java.security.cert.Certificate; public class Main {
public static void main(String[] argv) throws Exception { FileInputStream is = new FileInputStream("your.keystore"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, "my-keystore-password".toCharArray()); String alias = "myalias"; Certificate cert = keystore.getCertificate(alias); File file = null; byte[] buf = cert.getEncoded(); FileOutputStream os = new FileOutputStream(file); os.write(buf); os.close(); Writer wr = new OutputStreamWriter(os, Charset.forName("UTF-8")); wr.write(new sun.misc.BASE64Encoder().encode(buf)); wr.flush(); }
}</source>
Generate X.509 certificate
<source lang="java">
import java.io.FileInputStream; import java.security.cert.CertPath; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.List; public class MainClass {
public static void main(String args[]) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); List mylist = new ArrayList(); for (int i = 0; i < args.length; i++) { FileInputStream in = new FileInputStream(args[i]); Certificate c = cf.generateCertificate(in); mylist.add(c); } CertPath cp = cf.generateCertPath(mylist); System.out.println(cp); }
}</source>
Import certificate
<source lang="java">
import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.CertificateFactory; public class MainClass {
public static void main(String args[]) throws Exception { String cacert = "mytest.cer"; String lfcert = "lf_signed.cer"; String lfstore = "lfkeystore"; char[] lfstorepass = "wshr.ut".toCharArray(); char[] lfkeypass = "wshr.ut".toCharArray(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream in1 = new FileInputStream(cacert); java.security.cert.Certificate cac = cf.generateCertificate(in1); in1.close(); FileInputStream in2 = new FileInputStream(lfcert); java.security.cert.Certificate lfc = cf.generateCertificate(in2); in2.close(); java.security.cert.Certificate[] cchain = { lfc, cac }; FileInputStream in3 = new FileInputStream(lfstore); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(in3, lfstorepass); PrivateKey prk = (PrivateKey) ks.getKey("lf", lfkeypass); ks.setKeyEntry("lf_signed", prk, lfstorepass, cchain); FileOutputStream out4 = new FileOutputStream("lfnewstore"); ks.store(out4, "newpass".toCharArray()); out4.close(); }
}</source>
KeyStore Example
<source lang="java">
import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.Certificate; public class MainClass {
public static void main(String[] args) throws Exception { String keystoreFilename = "my.keystore"; char[] password = "password".toCharArray(); String alias = "alias"; FileInputStream fIn = new FileInputStream(keystoreFilename); KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(fIn, password); Certificate cert = keystore.getCertificate(alias); System.out.println(cert); }
}</source>
Store Certificate
<source lang="java">
import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.ObjectInputStream; import java.security.KeyStore; import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.util.List; public class MainClass {
public static void main(String args[]) throws Exception { FileInputStream f = new FileInputStream("CertPath.dat"); ObjectInputStream b = new ObjectInputStream(f); CertPath cp = (CertPath) b.readObject(); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); List cplist = cp.getCertificates(); Object[] o = cplist.toArray(); for (int i = 0; i < o.length; i++) { X509Certificate c = (X509Certificate) o[i]; ks.setCertificateEntry("my" + i, c); } FileOutputStream output = new FileOutputStream("MyCertPathStore"); ks.store(output, "mypass".toCharArray()); output.close(); }
}</source>
Using Certificates in Java
<source lang="java">
import java.io.FileInputStream; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; public class MainClass {
public static void main(String[] args) throws Exception { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); FileInputStream fis = new FileInputStream("a.dat"); Certificate cert = certFactory.generateCertificate(fis); fis.close(); System.out.println(cert); }
}</source>
Validate certificate
<source lang="java">
import java.io.FileInputStream; import java.security.cert.CertPath; import java.security.cert.CertPathValidator; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.PKIXCertPathValidatorResult; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.List; public class MainClass {
public static void main(String args[]) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); List mylist = new ArrayList(); FileInputStream in = new FileInputStream(args[0]); Certificate c = cf.generateCertificate(in); mylist.add(c); CertPath cp = cf.generateCertPath(mylist); Certificate trust = cf.generateCertificate(in); TrustAnchor anchor = new TrustAnchor((X509Certificate) trust, null); PKIXParameters params = new PKIXParameters(Collections.singleton(anchor)); params.setRevocationEnabled(false); CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, params); System.out.println(result); }
}</source>
Validating a Certification Path using the most-trusted CAs in the JDK"s cacerts file.
<source lang="java">
import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.CertPath; import java.security.cert.CertPathValidator; import java.security.cert.CertPathValidatorResult; import java.security.cert.PKIXCertPathValidatorResult; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; public class Main {
public static void main(String[] argv) throws Exception { String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace("/", File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "password"; keystore.load(is, password.toCharArray()); PKIXParameters params = new PKIXParameters(keystore); params.setRevocationEnabled(false); CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator .getDefaultType()); CertPath certPath = null; CertPathValidatorResult result = certPathValidator.validate(certPath, params); PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result; TrustAnchor ta = pkixResult.getTrustAnchor(); X509Certificate cert = ta.getTrustedCert(); }
}</source>