📄 test.java
字号:
package com.cn.test;
import java.security.*;
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.cert.*;
import sun.security.x509.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
public class Test
{
/**
* @param args
*/
public static void main(String[] args)
{
// TODO Auto-generated method stub
Test t = new Test();
//t.createCert("qihongce", "qihongce");
//t.show();
t.method1();
}
public void createCert(String username, String password)
{
//默认情况下MyKeyStore.keystore密码为WorldHello 密钥库密码为KeytoolHello123
String name = "e:/qhc/tools/MyKeyStore.keystore";
String certPass = "KeytoolHello123";//WorldHello
String pass = "WorldHello";//KeytoolHello123
// 根证书
String alias = "HelloKeytool";
// String name = "e:/qhc/tools/MyKeyStoreQHCTest.keystore";
// String pass = "qihongce";
// String certPass = "qihongce";
// // 根证书
// String alias = "QHCKeytool";
String newCert = username + password;
System.out.println(newCert);
try
{
// 载入证书库
FileInputStream in = new FileInputStream(name);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, pass.toCharArray());
// 得到签发者
Certificate c = (Certificate) ks.getCertificate(alias);
byte[] encode1 = ((Certificate) c).getEncoded();
X509CertImpl cimp1 = new X509CertImpl(encode1);
X509CertInfo cinfo1 = (X509CertInfo) cimp1.get(X509CertImpl.NAME
+ "." + X509CertImpl.INFO);
X500Name issuer = (X500Name) cinfo1.get(X509CertInfo.SUBJECT + "."
+ CertificateIssuerName.DN_NAME);
PrivateKey pk = (PrivateKey) ks.getKey(alias, certPass
.toCharArray());
// PublicKey pubk = (PublicKey) ks.getKey(alias, certPass.toCharArray());
System.out.println("私钥: " + pk.getEncoded().toString());
Calendar calendar = Calendar.getInstance();
Date begindate = calendar.getTime();
calendar.add(Calendar.YEAR, 1);
Date enddate = calendar.getTime();
System.out.println("证书有效期为: " + begindate + " -- " + enddate);
// 设置新证书的有效期
CertificateValidity cv = new CertificateValidity(begindate, enddate);
cinfo1.set(X509CertInfo.VALIDITY, cv);
// 设置SN号
int sn = (int) (begindate.getTime() / 1000);
CertificateSerialNumber csn = new CertificateSerialNumber(sn);
cinfo1.set(X509CertInfo.SERIAL_NUMBER, csn);
System.out.println("证书SN: " + csn);
// 设置新证书的签发者
cinfo1.set(X509CertInfo.ISSUER + "."
+ CertificateIssuerName.DN_NAME, issuer);
System.out.println("签发者: "
+ issuer
+ " ISSUER: "
+ X509CertInfo.ISSUER
+ "name"
+ cinfo1.getName()
+ cinfo1.get(X509CertInfo.ISSUER + "."
+ CertificateIssuerName.DN_NAME));
// 设置新证书的算法
AlgorithmId algorithm = new AlgorithmId(
AlgorithmId.md5WithRSAEncryption_oid);
cinfo1.set(CertificateAlgorithmId.NAME + "."
+ CertificateAlgorithmId.ALGORITHM, algorithm);
// 创建新证书
X509CertImpl newcert = new X509CertImpl(cinfo1);
newcert.sign(pk, "DSA");//MD5WithRSA
System.out.println(newcert);
ks.setCertificateEntry(newCert, newcert);
FileOutputStream out = new FileOutputStream(name);
ks.store(out, certPass.toCharArray());
System.out.println("成功啦 hello world");
} catch (Exception e)
{
e.printStackTrace();
}
}
// 上面的代码是利用根证书的private key
// 完成证书的签发。所以签发的证书都是trustedCertEntry。而不是keyEntry。
// google了很多文档。都是和此代码类似。大多是利用ssl来完成加密通信的。而不是利用数字证书的公钥和私钥来完成加密和解密的。。。。
// 希望能得到大家的帮助。谢谢、
public String show()
{
try
{
String name = "e:/qhc/tools/MyKeyStore.keystore";
String certpass = "KeytoolHello123";//WorldHello
String pass = "WorldHello";// "KeytoolHello123";
// 根证书
String alias = "HelloKeytool";//
// String pass = "qihongce";
// String certpass = "qihongce";
// String name = "e:/qhc/tools/MyKeyStoreQHCTest.keystore";
// // 根证书
// String alias = "QHCKeytool";
System.out.println("aaaaaaaaaaaaaaaaaaaaaaa");
File file = new File(name);
// ObjectInputStream in = (new ObjectInputStream(new FileInputStream(
// name)));
FileInputStream in = new FileInputStream(
name);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, pass.toCharArray());
// 得到签发者
Certificate c = (Certificate) ks.getCertificate(alias);
byte[] encode1 = ((Certificate) c).getEncoded();
// 现在实现身份验证,通过数字签名来验证了。利用数字证书的私钥来完成签名,引用发出的公钥来验证签名。也是可以完成身份验证的。。。
Signature s = Signature.getInstance("DSA");
// 或得数字证书的私钥
PrivateKey prk = (PrivateKey) ks.getKey(alias, certpass
.toCharArray());
// PublicKey pubk = (PublicKey) ks.getKey(alias, certpass
// .toCharArray());
// 用私钥初始化Signature
s.initSign(prk);
// 传入要签名的数据
s.update(encode1);
// 执行签名
// String sig = (String) in.readObject();
byte[] signaturedata = s.sign();
// 利用公钥验证
PublicKey pbk = c.getPublicKey();
Signature s1 = Signature.getInstance("DSA");//MD5WithRSA
s1.initVerify(pbk);
// 传入要签名的数据
s1.update(signaturedata);
s1.verify(signaturedata);
System.out.println("成功啦 啦 啦 啦 啦 啦 啦");
return "身份验证成功:" + s.toString();
} catch (Exception e)
{
System.out.println("失败啦 啦 啦 啦 啦 啦 啦\n");
e.printStackTrace();
return "身份验证失败";
}
}
// ///////////////////
public void method1()
{
// JAVA对数字证书的常用操作
// 阅读提示:本文介绍JAVA对数字证书的常用操作
// 一需要包含的包
// 二 从文件中读取证书
String name = "e:/qhc/tools/MyKeyStore.keystore";
String cer = "e:/qhc/tools/HelloKeytool.cer";
String certpass = "KeytoolHello123";
String pass = "WorldHello";//
// 根证书
String alias = "HelloKeytool";// "HelloWorld";
//
String oldkeypass = "KeytoolHello123";
String newkeypass = "123456";
try
{
// 用keytool将.keystore中的证书写入文件中,然后从该文件中读取证书信息
/*
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(cer);//HelloKeytool.cer
Certificate c = cf.generateCertificate(in);
String s = c.toString();
System.out.println("s: " + s);
*/
// 三 从密钥库中直接读取证书
/*
FileInputStream in1 = new FileInputStream(name);//
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in1, pass.toCharArray());
Certificate c1 = ks.getCertificate(alias);// alias为条目的别名
// 四 JAVA程序中显示证书指定信息
X509Certificate t = (X509Certificate) c1;
System.out.println("输出证书信息:\n" + c1.toString());
System.out.println("版本号:" + t.getVersion());
System.out.println("序列号:" + t.getSerialNumber().toString(16));
System.out.println("主体名:" + t.getSubjectDN());
System.out.println("签发者:" + t.getIssuerDN());
System.out.println("有效期:" + t.getNotBefore());
System.out.println("签名算法:" + t.getSigAlgName());
byte[] sig = t.getSignature();// 签名值
PublicKey pk = t.getPublicKey();
byte[] pkenc = pk.getEncoded();
System.out.println("公钥");
for (int i = 0; i < pkenc.length; i++)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -