Java Tutorial/Security/CertificateFactory

Материал из Java эксперт
Перейти к: навигация, поиск

Creating a Certification Path

   <source lang="java">

import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.CertPath; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.Arrays; public class Main {

 public static void main(String[] argv) throws Exception {
   FileInputStream is = new FileInputStream("your.keystore");
   KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
   keystore.load(is, "my-keystore-password".toCharArray());
   String alias = "myalias";
   Certificate cert = keystore.getCertificate(alias);
   CertificateFactory certFact = CertificateFactory.getInstance("X.509");
   CertPath path = certFact.generateCertPath(Arrays.asList(new Certificate[]{cert}));
 }

}</source>





Importing a Certificate from a File

   <source lang="java">

import java.io.File; import java.io.FileInputStream; import java.security.cert.CertificateFactory; public class Main {

 public static void main(String[] argv) throws Exception {
   FileInputStream is = new FileInputStream(new File("your"));
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   java.security.cert.Certificate cert = cf.generateCertificate(is);
 }

}</source>





reading multiple certificates with a CertificateFactory.

   <source lang="java">

import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.Iterator; import javax.security.auth.x500.X500Principal; import org.bouncycastle.x509.X509V1CertificateGenerator; public class MainClass {

 public static void main(String[] args) throws Exception {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   KeyPair pair = generateRSAKeyPair();
   ByteArrayOutputStream bOut = new ByteArrayOutputStream();
   bOut.write(generateV1Certificate(pair).getEncoded());
   bOut.close();
   InputStream in = new ByteArrayInputStream(bOut.toByteArray());
   CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
   X509Certificate x509Cert;
   Collection collection = new ArrayList();
   while ((x509Cert = (X509Certificate) fact.generateCertificate(in)) != null) {
     collection.add(x509Cert);
   }
   Iterator it = collection.iterator();
   while (it.hasNext()) {
     System.out.println("version: " + ((X509Certificate) it.next()).getVersion());
   }
 }
 public static X509Certificate generateV1Certificate(KeyPair pair) throws InvalidKeyException,
     NoSuchProviderException, SignatureException {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
   certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
   certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
   certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
   certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
   certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
   certGen.setPublicKey(pair.getPublic());
   certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
   return certGen.generateX509Certificate(pair.getPrivate(), "BC");
 }
 public static KeyPair generateRSAKeyPair() throws Exception {
   KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
   kpGen.initialize(1024, new SecureRandom());
   return kpGen.generateKeyPair();
 }

}</source>





Using the CertificateFactory Class

   <source lang="java">

import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Date; import javax.security.auth.x500.X500Principal; import org.bouncycastle.x509.X509V1CertificateGenerator; public class MainClass {

 public static void main(String[] args) throws Exception {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   KeyPair pair = generateRSAKeyPair();
   ByteArrayOutputStream bOut = new ByteArrayOutputStream();
   bOut.write(generateV1Certificate(pair).getEncoded());
   bOut.close();
   InputStream in = new ByteArrayInputStream(bOut.toByteArray());
   CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
   X509Certificate x509Cert = (X509Certificate) fact.generateCertificate(in);
   System.out.println("issuer: " + x509Cert.getIssuerX500Principal());
 }
 public static X509Certificate generateV1Certificate(KeyPair pair) throws InvalidKeyException,
     NoSuchProviderException, SignatureException {
   Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
   X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
   certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
   certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
   certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
   certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
   certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
   certGen.setPublicKey(pair.getPublic());
   certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
   return certGen.generateX509Certificate(pair.getPrivate(), "BC");
 }
 public static KeyPair generateRSAKeyPair() throws Exception {
   KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
   kpGen.initialize(1024, new SecureRandom());
   return kpGen.generateKeyPair();
 }

}</source>