📄 jcr.txt
字号:
}
客户端证书的颁发
package com.javasecurity;
import es.sing.util.*;
//Soporte de E/S
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
//Soporte para BigInteger
import java.math.BigInteger;
//Soporte para colecciones, stringtokenizer y fechas
import java.util.StringTokenizer;
import java.security.KeyStore;
import java.security.Security;
import java.security.KeyPair;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.*;
import java.security.Key;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
//Bouncycastle provider
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.X509V1CertificateGenerator;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.provider.*;
public class MakeClientCertPfx {
PrivateKey userPrivKey=null;
PublicKey userPubKey =null;
X509Certificate userCer=null;
X509Certificate caCer=null;
int nserie=0;
String nombre=null;
//获取用户证书私钥
public PrivateKey getPrivateKey(){
return this.userPrivKey;
}
//获取证书序列号
public int getClientCertSerial(){
return this.nserie;
}
//获取用户证书公钥
public PublicKey getPublicKey(){
return this.userPubKey;
}
//获取BASE64格式证书
public X509Certificate getClientCert(){
return this.userCer;
}
//获取ca根证书
public X509Certificate getCaCert(){
return this.caCer;
}
public MakeClientCertPfx() {
}
public static void main(String[] args) {
MakeClientCertPfx makeClientCertPfx1 = new MakeClientCertPfx();
makeClientCertPfx1.getClientCert("sitclient.pfx","zhs0567","zhs0567@sina.com","client1",365);
}
//保存用户证书的私钥
public boolean saveUcertPrivate(String privatepass){
try {
Certificate[] userCadPfx = new Certificate[2];
userCadPfx[1] = getCaCert();
userCadPfx[0] = getClientCert();
KeyStore userStore = KeyStore.getInstance("PKCS12", "BC");
userStore.load(null, null);
userStore.setKeyEntry(nombre, getPrivateKey(), null, userCadPfx);
FileOutputStream userPfxOut = new FileOutputStream("d:\\client\\client.pfx");
userStore.store(userPfxOut,privatepass.toCharArray());
userPfxOut.close();
return true;
}
catch (Exception ex) {
return false;
}
}
/**
*
* @param username
* @param emailaddress
*/
public boolean getClientCert(String username,String pripass ,String emailaddress,String client1,int limitday){
try {
//修改安全通道设置
Security.addProvider(new BouncyCastleProvider());
PublicKey caPubKey =null;
PrivateKey caPrivKey =null;
String caIssue=null;
String userIssue=null;
int duracionMesesUserCertificate=limitday;
String signAlgorithm="MD5WithRSA";
java.util.Random usercertserial=new java.util.Random();
this.nserie=usercertserial.nextInt();
this.nombre=new String(client1.getBytes(),"Cp852");
//声明CA证书实体
//用户DN
userIssue="C="+"CN"+", ST="+"xinjiang"+", L= "+"wulumuqi"+", O="+"sailing"+", OU="+"soft"+", CN="+client1 + ", EmailAddress="+emailaddress;
userIssue=X509Subject.decodeX509Subject(userIssue);
KeyStore keystoreCA = KeyStore.getInstance("PKCS12", "BC");
String pass=new String("zhs0567".getBytes(),"Cp852");
//读取CA根证书
keystoreCA.load(new FileInputStream("d:\\ca\\ca.pfx"), pass.toCharArray());
//获取CA私钥
caPrivKey = (PrivateKey)(keystoreCA.getKey("CApriv", null));
//获取CA证书
this.caCer = (X509Certificate)(keystoreCA.getCertificate("CA"));
//获取CA公钥
caPubKey=caCer.getPublicKey();
//获取CA公钥
caIssue=caCer.getSubjectDN().toString();
caIssue=X509Subject.decodeX509Subject(caIssue);
String algorithm="RSA";
//用RSA算法产生用户密钥对
KeyPair userParClaves = GeneraClaves.generaParClaves(1024,algorithm);
this.userPrivKey = userParClaves.getPrivate();
this.userPubKey = userParClaves.getPublic();
//产生客户端证书
this.userCer=CertificateUtils.crearCert(userPubKey,caPrivKey,caPubKey,caIssue,userIssue,this.nserie,duracionMesesUserCertificate,signAlgorithm);
/*
FileOutputStream userCerOut = new FileOutputStream("d:\\client\\client.cer");
userCerOut.write(userCer.getEncoded());
userCerOut.close();
**/
//产生pfx格式CA签名证书
Certificate[] userCadPfx = new Certificate[2];
userCadPfx[1] = caCer;
userCadPfx[0] = userCer;
KeyStore userStore = KeyStore.getInstance("PKCS12", "BC");
userStore.load(null, null);
userStore.setKeyEntry(nombre, userPrivKey, null, userCadPfx);
FileOutputStream userPfxOut = new FileOutputStream("d:\\ca\\"+username);
userStore.store(userPfxOut,pripass.toCharArray());
userPfxOut.close();
return true;
}
catch (Exception ex) {
ex.printStackTrace();
return false;
}
}
}
客户端证书的验证
package com.javasecurity;
import java.io.*;
import java.security.*;
import java.security.cert.*;
/**
*
* <p>Title: </p>
* <p>由CA中心验证签发的客户端证书是否合法: </p>
* <p>Copyright: Copyright (c) 2003</p>
* <p>Company: </p>
* @author unascribed
* @version 1.0
*/
public class CheckCertSign {
public CheckCertSign() {
}
public static void main(String[] args) {
CheckCertSign checkCertSign1 = new CheckCertSign();
// checkCertSign1.checkSign();
checkCertSign1.checkPfkSign();
}
public boolean checkSign(){
try {
String cacert="d:\\ca\\caCer.cer";
String lfcert="D:\\client\\client.cer";
//CA 的证书
CertificateFactory cf=CertificateFactory.getInstance("X.509");
FileInputStream in1=new FileInputStream(cacert);
java.security.cert.Certificate cac=cf.generateCertificate(in1);
in1.close();
//用户的签名证书
FileInputStream in2=new FileInputStream(lfcert);
java.security.cert.Certificate lfc=cf.generateCertificate(in2);
in2.close();
PublicKey pbk=cac.getPublicKey( );
boolean pass=false;
try{
lfc.verify(pbk);
pass=true;
}
catch(Exception e){
pass=false;
System.out.println(e);
}
if(pass){
System.out.println("验证结果正确!");
}
else{ System.out.println("验证结果失败!");
}
return true;
}catch (Exception ex) {
return false;
}
}
public boolean checkPfkSign(){
try {
KeyStore keystoreCA = KeyStore.getInstance("PKCS12", "BC");
String caRootFile="d:\\ca\\root\\sailing.pfx";
String rootPass=new String("zhs0567".getBytes(),"Cp852");
keystoreCA.load(new FileInputStream(caRootFile), rootPass.toCharArray());
X509Certificate caCer = (X509Certificate)(keystoreCA.getCertificate("sit"));
String caClientFile="d:\\ca\\client\\client1.pfx";
String ClientPass=new String("zhs0567".getBytes(),"Cp852");
keystoreCA.load(new FileInputStream(caClientFile), ClientPass.toCharArray());
X509Certificate caClientCer = (X509Certificate)(keystoreCA.getCertificate("sit"));
PublicKey pbk=caCer.getPublicKey( );
boolean pass=false;
try{
caClientCer.verify(pbk);
pass=true;
}
catch(Exception e){
pass=false;
System.out.println(e);
}
if(pass){
System.out.println("验证结果正确!");
}
else{ System.out.println("验证结果失败!");
}
return true;
}catch (Exception ex) {
return false;
}
}
}
数字签名部分,和文件DES加密,客户证书的自动安装,客户证书的吊销再以后再去添加吧,
就写这么多吧,,,,,,:)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -