Java Tutorial/Security/X509Certificate
Содержание
Creating a Self-Signed Version 1 Certificate
<source lang="java">
import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; import java.security.cert.X509Certificate; import java.util.Date; import javax.security.auth.x500.X500Principal; import org.bouncycastle.x509.X509V1CertificateGenerator; public class MainClass {
public static X509Certificate generateV1Certificate(KeyPair pair) throws InvalidKeyException, NoSuchProviderException, SignatureException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=Test Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000)); certGen.setSubjectDN(new X500Principal("CN=Test Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generateX509Certificate(pair.getPrivate(), "BC"); } public static void main(String[] args) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPair pair = generateRSAKeyPair(); X509Certificate cert = generateV1Certificate(pair); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); } public static KeyPair generateRSAKeyPair() throws Exception { KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); return kpGen.generateKeyPair(); }
}</source>
Creating a Self-Signed Version 3 Certificate
<source lang="java">
import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; import java.security.cert.X509Certificate; import java.util.Date; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.ExtendedKeyUsage; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.KeyPurposeId; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.x509.X509V3CertificateGenerator; public class MainClass {
public static X509Certificate generateV3Certificate(KeyPair pair) throws InvalidKeyException, NoSuchProviderException, SignatureException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=Test Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000)); certGen.setSubjectDN(new X500Principal("CN=Test Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage( KeyPurposeId.id_kp_serverAuth)); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames( new GeneralName(GeneralName.rfc822Name, "test@test.test"))); return certGen.generateX509Certificate(pair.getPrivate(), "BC"); } public static void main(String[] args) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPair pair = generateRSAKeyPair(); X509Certificate cert = generateV3Certificate(pair); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); } public static KeyPair generateRSAKeyPair() throws Exception { KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); return kpGen.generateKeyPair(); }
}</source>
Display properties of X509 Certificate
<source lang="java">
import java.io.FileInputStream; import java.math.BigInteger; import java.security.PublicKey; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; public class MainClass {
public static void main(String args[]) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream in = new FileInputStream(args[0]); java.security.cert.Certificate c = cf.generateCertificate(in); in.close(); X509Certificate t = (X509Certificate) c; System.out.println(t.getVersion()); System.out.println(t.getSerialNumber().toString(16)); System.out.println(t.getSubjectDN()); System.out.println(t.getIssuerDN()); System.out.println(t.getNotBefore()); System.out.println(t.getNotAfter()); System.out.println(t.getSigAlgName()); byte[] sig = t.getSignature(); System.out.println(new BigInteger(sig).toString(16)); PublicKey pk = t.getPublicKey(); byte[] pkenc = pk.getEncoded(); for (int i = 0; i < pkenc.length; i++) { System.out.print(pkenc[i] + ","); } }
}</source>
Generate cert path for X.509
<source lang="java">
import java.io.FileInputStream; import java.security.cert.CertPath; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; public class MainClass {
public static void main(String args[]) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); List mylist = new ArrayList(); for (int i = 0; i < args.length; i++) { FileInputStream in = new FileInputStream(args[i]); Certificate c = cf.generateCertificate(in); mylist.add(c); } CertPath cp = cf.generateCertPath(mylist); List cplist = cp.getCertificates(); Object[] o = cplist.toArray(); for (int i = 0; i < o.length; i++) { X509Certificate c = (X509Certificate) o[i]; System.out.println(c.getSubjectDN()); byte[] pbk = c.getPublicKey().getEncoded(); for (int j = 0; j < pbk.length; j++) { System.out.print(pbk[j] + ","); } System.out.println("\nIssued by " + c.getIssuerDN()); } }
}</source>
Print out X509Certificate"s properties
<source lang="java">
import java.io.FileInputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; public class MainClass {
public static void main(String args[]) throws Exception { FileInputStream fr = new FileInputStream("sdo.cer"); CertificateFactory cf = CertificateFactory.getInstance("X509"); X509Certificate c = (X509Certificate) cf.generateCertificate(fr); System.out.println("\tCertificate for: " + c.getSubjectDN()); System.out.println("\tCertificate issued by: " + c.getIssuerDN()); System.out.println("\tThe certificate is valid from " + c.getNotBefore() + " to " + c.getNotAfter()); System.out.println("\tCertificate SN# " + c.getSerialNumber()); System.out.println("\tGenerated with " + c.getSigAlgName()); }
}</source>
Use X.509 certificate
<source lang="java">
import java.io.BufferedWriter; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.OutputStreamWriter; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; public class MainClass {
public static void main(String args[]) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream in = new FileInputStream(args[0]); Certificate c = cf.generateCertificate(in); in.close(); String s = c.toString(); FileOutputStream fout = new FileOutputStream("tmp.txt"); BufferedWriter out = new BufferedWriter(new OutputStreamWriter(fout)); out.write(s, 0, s.length()); out.close(); }
}</source>