Java Tutorial/Security/X.509 Certificate revocation list

Материал из Java эксперт
Перейти к: навигация, поиск

Define selector

import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.util.Calendar;
import java.util.Date;
public class MainClass {
  public static void main(String args[]) throws Exception {
    X509CertSelector selec = new X509CertSelector();
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    FileInputStream in = new FileInputStream(args[0]);
    Certificate c = cf.generateCertificate(in);
    System.out.println(selec.match(c));
    selec.setIssuer("CN=Peter,OU=Network Center," + "O=University,L=ZB,ST=Vancouver,C=CN");
    System.out.println(selec.match(c));
    Calendar cld = Calendar.getInstance();
    int year = Integer.parseInt(args[1]);
    int month = Integer.parseInt(args[2]) - 1;
    int day = Integer.parseInt(args[3]);
    cld.set(year, month, day);
    Date d = cld.getTime();
    selec.setCertificateValid(d);
    System.out.println(selec.match(c));
    BigInteger sn = new BigInteger("1039056963");
    selec.setSerialNumber(sn);
    System.out.println(selec.match(c));
  }
}





List properties for X.509 CRL

import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
public class MainClass {
  public static void main(String[] args) throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    FileInputStream in = new FileInputStream(args[0]);
    X509CRL crl = (X509CRL) cf.generateCRL(in);
    System.out.println("type = " + crl.getType());
    System.out.println("version = " + crl.getVersion());
    System.out.println("issuer = " + crl.getIssuerDN().getName());
    System.out.println("signing algorithm = " + crl.getSigAlgName());
    System.out.println("this update = " + crl.getThisUpdate());
    System.out.println("next update = " + crl.getNextUpdate());
    in.close();
  }
}





Show X.509 CRL entries

import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.Iterator;
import java.util.Set;
public class MainClass {
  public static void main(String[] args) throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    FileInputStream in = new FileInputStream(args[0]);
    X509CRL crl = (X509CRL) cf.generateCRL(in);
    Set s = crl.getRevokedCertificates();
    if (s != null && s.isEmpty() == false) {
      Iterator t = s.iterator();
      while (t.hasNext()) {
        X509CRLEntry entry = (X509CRLEntry) t.next();
        System.out.println("serial number = " + entry.getSerialNumber().toString(16));
        System.out.println("revocation date = " + entry.getRevocationDate());
        System.out.println("extensions = " + entry.hasExtensions());
      }
    }
    in.close();
  }
}





X509 Certificate Selector

import java.io.FileInputStream;
import java.security.cert.CertStore;
import java.security.cert.CertStoreParameters;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
public class MainClass {
  public static void main(String args[]) throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    List mylist = new ArrayList();
    FileInputStream in = new FileInputStream(args[0]);
    Certificate c = cf.generateCertificate(in);
    mylist.add(c);
    CertStoreParameters cparam = new CollectionCertStoreParameters(mylist);
    CertStore cs = CertStore.getInstance("Collection", cparam);
    X509CertSelector selec = new X509CertSelector();
    selec.setIssuer("CN=YourName,OU=Network Center," + "O=University,L=ZB,ST=Toronto,C=CN");
    Set clct = (Set) cs.getCertificates(selec);
    Object o[] = clct.toArray();
    for (int i = 0; i < o.length; i++) {
      X509Certificate ct = (X509Certificate) o[i];
      System.out.println("Certificate " + i + " ");
      System.out.println(ct.getSubjectDN());
    }
  }
}