writecert.java

本书以大量精简的实例介绍了Java安全性编程方面的概念和技术

import java.io.*;
import java.security.*;

import java.security.cert.*;
import java.util.*;
import java.math.*;
import sun.security.x509.*;
import sun.security.x509.*;

public class WriteCert{
             
   public static void main(String args[ ]) throws Exception{
        // use mytest to sign mynew
        String pass="wshr.ut";
        String alias1="mytest";
        String alias2="mynew";
        String name="mykeystore";
       // password is as set using keytool before
        char[] pass1="wdmy.bzd".toCharArray();
        char[] pass2="nzdwdmm.".toCharArray();

          //1.  load Certificate from keystore
        FileInputStream in=new FileInputStream(name);
          //注意,K, S均大写
        KeyStore ks=KeyStore.getInstance("JKS");
        ks.load(in,pass.toCharArray());
        java.security.cert.Certificate cert1=ks.getCertificate(alias1);
        java.security.cert.Certificate cert2=ks.getCertificate(alias2);
        in.close();

// 2. got certimpli so as to get alia1's issure to issure
//  and alia2's certInfo, param can be set in certInfo and form new Cert later
      byte[] encod1=cert1.getEncoded();
      X509CertImpl cimp1=new X509CertImpl(encod1);     
      X509CertInfo cinfo1=(X509CertInfo)cimp1.get(X509CertImpl.NAME+"."+X509CertImpl.INFO);

      X500Name issuer=(X500Name)cinfo1.get(X509CertInfo.SUBJECT+"."+CertificateIssuerName.DN_NAME);


      byte[] encod2=cert2.getEncoded();
      X509CertImpl cimp2=new X509CertImpl(encod2);     
      X509CertInfo cinfo2=(X509CertInfo)cimp2.get(X509CertImpl.NAME+"."+X509CertImpl.INFO);

       // 3. for later use alias1's privatekey to sign alias2
      PrivateKey pk=(PrivateKey)ks.getKey(alias1,pass1);


       // 4. set param of alia2's cinfo
        
       Date firstDate =new Date();
       Date lastDate =new Date(firstDate.getTime()+60*24*60*60*1000L);//60day
       CertificateValidity interval=new CertificateValidity(firstDate,lastDate);
       cinfo2.set(X509CertInfo.VALIDITY,interval);
       // 5. set param of alia2's Serial_Number
      cinfo2.set(X509CertInfo.SERIAL_NUMBER,new CertificateSerialNumber((int)(firstDate.getTime()/1000)));

     //6. set param of alia2's algrithm

      AlgorithmId algorithm = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
      cinfo2.set(CertificateAlgorithmId.NAME+"."+CertificateAlgorithmId.ALGORITHM, algorithm);
         //7. set issure
      cinfo2.set(X509CertInfo.ISSUER+"."+CertificateIssuerName.DN_NAME,issuer);

          // 8.  create new and sign using key of alia1
        X509CertImpl mycer=new X509CertImpl(cinfo2);
         mycer.sign(pk,"MD5WithRSA");

           // 9. stored in keystore, 
   ks.setKeyEntry("signed_mynew",pk,"newpass".toCharArray(),new java.security.cert.Certificate[]{mycer} );

      FileOutputStream output=new FileOutputStream("11");
       ks.store(output,"newpass".toCharArray());
       output.close(); // keytool -v -list -keystore 11 to see the key
  }


}