Java/Security/Certificate — различия между версиями

Материал из Java эксперт
Перейти к: навигация, поиск
 
м (1 версия)
 
(нет различий)

Текущая версия на 06:49, 1 июня 2010

Adding a Certificate to a Key Store

  
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
public class Main {
  public static void main(String[] argv) throws Exception {
    FileInputStream is = new FileInputStream("your.keystore");
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(is, "my-keystore-password".toCharArray());
    String alias = "myalias";
    char[] password = "password".toCharArray();
    Certificate cert = keystore.getCertificate(alias);
    File keystoreFile = new File("your.keystore");
    // Load the keystore contents
    FileInputStream in = new FileInputStream(keystoreFile);
    keystore.load(in, password);
    in.close();
    // Add the certificate
    keystore.setCertificateEntry(alias, cert);
    // Save the new keystore contents
    FileOutputStream out = new FileOutputStream(keystoreFile);
    keystore.store(out, password);
    out.close();
  }
}





Creating a Certification Path

  
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
public class Main {
  public static void main(String[] argv) throws Exception {
    FileInputStream is = new FileInputStream("your.keystore");
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(is, "my-keystore-password".toCharArray());
    String alias = "myalias";
    Certificate cert = keystore.getCertificate(alias);
    CertificateFactory certFact = CertificateFactory.getInstance("X.509");
    CertPath path = certFact.generateCertPath(Arrays.asList(new Certificate[]{cert}));
  }
}





Getting the Subject and Issuer Distinguished Names of an X509 Certificate

  
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
public class Main {
  public static void main(String[] argv) throws Exception {
    FileInputStream is = new FileInputStream("your.keystore");
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(is, "my-keystore-password".toCharArray());
    Enumeration e = keystore.aliases();
    for (; e.hasMoreElements();) {
      String alias = (String) e.nextElement();
      java.security.cert.Certificate cert = keystore.getCertificate(alias);
      if (cert instanceof X509Certificate) {
        X509Certificate x509cert = (X509Certificate) cert;
        // Get subject
        Principal principal = x509cert.getSubjectDN();
        String subjectDn = principal.getName();
        // Get issuer
        principal = x509cert.getIssuerDN();
        String issuerDn = principal.getName();
      }
    }
  }
}





Importing a Certificate from a File

  
import java.io.File;
import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
public class Main {
  public static void main(String[] argv) throws Exception {
    FileInputStream is = new FileInputStream(new File("your"));
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    java.security.cert.Certificate cert = cf.generateCertificate(is);
  }
}





Listing the Most-Trusted Certificate Authorities (CA) in a Key Store

  
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Iterator;
public class Main {
  public static void main(String[] argv) throws Exception {
    String filename = System.getProperty("java.home")
        + "/lib/security/cacerts".replace("/", File.separatorChar);
    FileInputStream is = new FileInputStream(filename);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    String password = "password";
    keystore.load(is, password.toCharArray());
    PKIXParameters params = new PKIXParameters(keystore);
    Iterator it = params.getTrustAnchors().iterator();
    for (; it.hasNext();) {
      TrustAnchor ta = (TrustAnchor) it.next();
      X509Certificate cert = ta.getTrustedCert();
      System.out.println(cert.getSigAlgName());
    }
  }
}





Retrieving a Certificate from a Key Store

  
import java.io.FileInputStream;
import java.security.KeyStore;
public class Main {
  public static void main(String[] argv) throws Exception {
    FileInputStream is = new FileInputStream("your.keystore");
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(is, "my-keystore-password".toCharArray());
    // Get certificate
    java.security.cert.Certificate cert = keystore.getCertificate("myalias");
  }
}





Retrieving the Certification Path of an SSL Server

  
import java.security.cert.Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class Main {
  public static void main(String[] argv) throws Exception {
    int port = 443;
    String hostname = "hostname";
    SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
    SSLSocket socket = (SSLSocket) factory.createSocket(hostname, port);
    socket.startHandshake();
    // Retrieve the server"s certificate chain
    Certificate[] serverCerts = socket.getSession().getPeerCertificates();
    socket.close();
  }
}





Signature Test

 
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
public class SignatureTest {
  public static void main(String[] args) {
    try {
      KeyPairGenerator keygen = KeyPairGenerator.getInstance("DSA");
      SecureRandom secrand = new SecureRandom();
      keygen.initialize(512, secrand);
      KeyPair keys1 = keygen.generateKeyPair();
      PublicKey pubkey1 = keys1.getPublic();
      PrivateKey privkey1 = keys1.getPrivate();
      KeyPair keys2 = keygen.generateKeyPair();
      PublicKey pubkey2 = keys2.getPublic();
      PrivateKey privkey2 = keys2.getPrivate();
      Signature signalg = Signature.getInstance("DSA");
      signalg.initSign(privkey1);
      String message = "Pay authors a bonus of $20,000.";
      signalg.update(message.getBytes());
      byte[] signature = signalg.sign();
      Signature verifyalg = Signature.getInstance("DSA");
      verifyalg.initVerify(pubkey1);
      verifyalg.update(message.getBytes());
      if (!verifyalg.verify(signature))
        System.out.print("not ");
      System.out.println("signed with private key 1");
      verifyalg.initVerify(pubkey2);
      verifyalg.update(message.getBytes());
      if (!verifyalg.verify(signature))
        System.out.print("not ");
      System.out.println("signed with private key 2");
    } catch (Exception e) {
      System.out.println("Error " + e);
    }
  }
}





Specify the keystore of certificates using the javax.net.ssl.keyStore system property:

  
java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer





Validating a Certification Path using the most-trusted CAs in the JDK"s cacerts file.

  
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
public class Main {
  public static void main(String[] argv) throws Exception {
    String filename = System.getProperty("java.home")
        + "/lib/security/cacerts".replace("/", File.separatorChar);
    FileInputStream is = new FileInputStream(filename);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    String password = "password";
    keystore.load(is, password.toCharArray());
    PKIXParameters params = new PKIXParameters(keystore);
    params.setRevocationEnabled(false);
    CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator
        .getDefaultType());
    CertPath certPath = null;
    CertPathValidatorResult result = certPathValidator.validate(certPath, params);
    PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
    TrustAnchor ta = pkixResult.getTrustAnchor();
    X509Certificate cert = ta.getTrustedCert();
  }
}