signcert.java

输入“java SignCert jim.cer >1.txt”运行程序

import java.io.*;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import java.math.*;
import sun.security.x509.*;
public class signcert{
private String mKeystore=""; //密锁库路径
 private char[] mKeystorePass=null;//密锁库密码
 private char[] mSignPrivateKeyPass=null;//取得签发者私锁所需的密码
 private String mSignCertAlias="";//签发者别名
 private String mSignedCert=""; //被签证书
 private String mNewCert=""; //签发后的新证书全名
 private int mValidityDay=3; //签发后的新证书有效期（天） 

 private PrivateKey mSignPrivateKey=null;//签发者的私锁
 private X509CertInfo mSignCertInfo=null;//签发证书信息
 private X509CertInfo mSignedCertInfo=null;//被签证书信息
     public static void main(String args[ ]) throws Exception{
        char[] storepass="888888".toCharArray( );
        char[] cakeypass="888888".toCharArray( );
        String alias="root";
        String name="store";
        // Cert of CA-----c1
        FileInputStream in=new FileInputStream(name);
        KeyStore ks=KeyStore.getInstance("JKS");
        ks.load(in,storepass);
        java.security.cert.Certificate c1=ks.getCertificate(alias);
        PrivateKey caprk=(PrivateKey)ks.getKey(alias,cakeypass);
in.close();
        //得到签发者
        byte[] encod1=c1.getEncoded();
        X509CertImpl cimp1=new X509CertImpl(encod1); 
        X509CertInfo cinfo1=(X509CertInfo)cimp1.get(X509CertImpl.NAME+
"."+X509CertImpl.INFO);
        X500Name issuer=(X500Name)cinfo1.get(X509CertInfo.SUBJECT+
"."+CertificateIssuerName.DN_NAME);
        // Cert of jim-----c2
        CertificateFactory cf=CertificateFactory.getInstance("X.509");
        FileInputStream in2=new FileInputStream(args[0]);
        java.security.cert.Certificate c2=cf.generateCertificate(in2);
in2.close();
        byte[] encod2=c2.getEncoded();
      X509CertImpl cimp2=new X509CertImpl(encod2);     
        X509CertInfo cinfo2=(X509CertInfo)cimp2.get(
       X509CertImpl.NAME+"."+X509CertImpl.INFO);
        //设置新证书有效期
       Date begindate =new Date();
//60 day
       Date enddate =new Date(begindate.getTime()+3000*24*60*60*1000L);       
    CertificateValidity cv=new CertificateValidity(begindate,enddate);
       cinfo2.set(X509CertInfo.VALIDITY,cv);
 //设置新证书序列号
       int sn=(int)(begindate.getTime()/1000);
       CertificateSerialNumber csn=new CertificateSerialNumber(sn);
       cinfo2.set(X509CertInfo.SERIAL_NUMBER,csn);
       //设置新证书签发者
       cinfo2.set(X509CertInfo.ISSUER+"."+
CertificateIssuerName.DN_NAME,issuer);
      //设置新证书算法
       AlgorithmId algorithm = 
new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
       cinfo2.set(CertificateAlgorithmId.NAME+
"."+CertificateAlgorithmId.ALGORITHM, algorithm);
        // 创建证书
        X509CertImpl newjim=new X509CertImpl(cinfo2);
        // 签名
        newjim.sign(caprk,"MD5WithRSA");
       System.out.println(newjim);
       newjim.createNewCertificate(); //创建并保存签名后的新证书
  // 存入密钥库
       ks.setCertificateEntry("jim_signed", newjim) ;
/*
     PrivateKey prk=(PrivateKey)ks.getKey("jim",
"888888".toCharArray( ));
         java.security.cert.Certificate[] cchain={newjim};
ks.setKeyEntry("jim_signed",prk,
"888888".toCharArray(),cchain);
   */
       FileOutputStream out=new FileOutputStream("newstore");
       ks.store(out,"888888".toCharArray());
       out.close(); 

  }/**
 * 待签签证书被签名后，保存新证书
 * @throws Exception
 */
 private void createNewCertificate() throws Exception
 {
 FileOutputStream vOut=null; 
 X509CertImpl vCertImpl=null;
 //用新证书信息封成为新X.509证书
 vCertImpl=new X509CertImpl(mSignedCertInfo); 
 //生成新正书验证码
 vCertImpl.sign(mSignPrivateKey,"MD5WithRSA");
 vOut=new FileOutputStream(mNewCert+".cer");
 //保存为der编码二进制X.509格式证书
 vCertImpl.derEncode(vOut);
 vOut.close();
 
 }


}  

/*输入“java SignCert jim.cer >1.txt”运行程序，则程序将从密钥库中取出CA的私钥对lf.cer证书进行签名，输出结果已重定向到文件1.txt中，打开1.txt文件，可以看到如下有关新的证书的信息。
*/