Common Java operations on digital certificates

Common Java operations on digital certificates

1. packages to be included Import java. Security .*; Import java. Io .*; Import java. util .*; Import java. Security .*; Import java. Security. cert .*; Import sun. Security. x509 .* Import java. Security. cert. Certificate; Import java. Security. cert. certificatefactory; Ii. Read the certificate from the file Use keytool to write certificates in. keystore to a file, and then read certificate information from the file. Certificatefactory cf = certificatefactory. getinstance ("X.509 "); Fileinputstream in = new fileinputstream ("Out. CSR "); Certificate c = Cf. generatecertificate (in ); String S = C. tostring (); 3. Directly read the certificate from the keystore String pass = "123456 "; Fileinputstream in = new fileinputstream (". keystore "); Keystore Ks = keystore. getinstance ("jks "); KS. Load (in, pass. tochararray ()); Java. Security. cert. Certificate c = ks. getcertificate (alias); // alias is the alias of the Entry 4. The specified certificate information is displayed in the Java program. System. Out. println ("output Certificate Information: \ n" + C. tostring ()); System. Out. println ("version:" + T. getversion ()); System. Out. println ("serial number:" + T. getserialnumber (). tostring (16 )); System. Out. println ("Subject name:" + T. getsubjectdn ()); System. Out. println ("issuer:" + T. getissuerdn ()); System. Out. println ("validity period:" + T. getnotbefore ()); System. Out. println ("signature algorithm:" + T. getsigalgname ()); Byte [] Sig = T. getsignature (); // signature Value Publickey PK = T. getpublickey (); Byte [] pkenc = PK. getencoded (); System. Out. println ("Public Key "); For (INT I = 0; I <pkenc. length; I ++) system. Out. Print (pkenc [I] + ","); V. Java program listing all entries in the keystore String pass = "123456 "; Fileinputstream in = new fileinputstream (". keystore "); Keystore Ks = keystore. getinstance ("jks "); KS. Load (in, pass. tochararray ()); Enumeration E = ks. aliases (); While (E. hasmoreelements ()) Java. Security. cert. Certificate c = ks. getcertificate (string) E. nextelement ()); 6. the Java program modifies the keystore password. String oldpass = "123456 "; String newpass = "654321 "; Fileinputstream in = new fileinputstream (". keystore "); Keystore Ks = keystore. getinstance ("jks "); KS. Load (in, oldpass. tochararray ()); In. Close (); Fileoutputstream output = new fileoutputstream (". keystore "); KS. Store (output, newpass. tochararray ()); Output. Close (); 7. the Java program modifies the password of the keystore entry and adds the entry. Fileinputstream in = new fileinputstream (". keystore "); Keystore Ks = keystore. getinstance ("jks "); KS. Load (in, storepass. tochararray ()); Certificate [] cchain = ks. getcertificate (alias); obtain the certificate chain of the corresponding alias Privatekey PK = (privatekey) ks. getkey (alias, oldkeypass. tochararray (); obtain the private key of the corresponding entry of the alias KS. setkeyentry (alias, PK, newkeypass. tochararray (), cchain); add entries to the keystore The first parameter specifies the alias of the added entry. If an existing alias is used, it overwrites the existing one. If a new alias is used, a new entry is added. The second parameter is the private key of the entry, the third is the set new password, and the fourth is the certificate chain of the public key of the private key. Fileoutputstream output = new fileoutputstream ("another "); KS. Store (output, storepass. tochararray () writes the content of the keystore object to a new file. 8. Java program checks aliases and deletes entries. Fileinputstream in = new fileinputstream (". keystore "); Keystore Ks = keystore. getinstance ("jks "); KS. Load (in, storepass. tochararray ()); KS. containsalias ("Sage"); checks whether entries exist in the keystore and returns true KS. deleteentry ("Sage"); Delete the entry corresponding to the alias Fileoutputstream output = new fileoutputstream (". keystore "); KS. Store (output, storepass. tochararray () writes the content of the keystore object to the file. The entry is deleted successfully. 9: the Java program issues a digital certificate (1) read the CA certificate from the keystore Fileinputstream in = new fileinputstream (". keystore "); Keystore Ks = keystore. getinstance ("jks "); KS. Load (in, storepass. tochararray ()); Java. Security. cert. Certificate C1 = ks. getcertificate ("caroot "); (2) read the private key of the CA from the keystore Privatekey caprk = (privatekey) ks. getkey (alias, cakeypass. tochararray ()); (3) extract issuer information from CA certificates Byte [] encod1 = c1.getencoded (); extract the encoding of the CA certificate X509certimpl cimp1 = new x509certimpl (encod1); Use this encoding to create an x509certimpl object X509certinfo cinfo1 = (x509certinfo) cimp1.get (x509certimpl. Name + "." + x509certimpl. info); get the x509certinfo object X500name issuer = (x500name) cinfo1.get (x509certinfo. Subject + "." + certificateissuername. dn_name); get issuer information of x509name type (4) obtain the certificate to be issued Certificatefactory cf = certificatefactory. getinstance ("X.509 "); Fileinputstream in2 = new fileinputstream ("user. CSR "); Java. Security. cert. Certificate C2 = Cf. generatecertificate (in ); (5) extract certificate information from the certificate to be issued Byte [] encod2 = c2.getencoded (); X509certimpl cimp2 = new x509certimpl (encod2); Use this encoding to create an x509certimpl object X509certinfo cinfo2 = (x509certinfo) cimp2.get (x509certimpl. Name + "." + x509certimpl. info); get the x509certinfo object (6) set the validity period of the new certificate Date begindate = new date (); get the current time Date enddate = new date (begindate. gettime () + 3000*24*60*60 * 1000l); valid for 3000 days Certificatevalidity CV = new certificatevalidity (begindate, enddate); create an object Cinfo2.set (x509certinfo. validity, CV); set the validity period (7) set the serial number of the new certificate Int Sn = (INT) (begindate. gettime ()/1000); with the current time as the serial number Certificateserialnumber CSN = new certificateserialnumber (SN ); Cinfo2.set (x509certinfo. serial_number, CSN ); (8) set a new certificate issuer Cinfo2.set (x509certinfo. issuer + "." + certificateissuername. dn_name, issuer); apply the result of step 3 (9) set the new certificate signature algorithm Information Algorithmid algorithm = new algorithmid (algorithmid. md5withrsaencryption_oid ); Cinfo2.set (certificatealgorithmid. Name + "." + certificatealgorithmid. algorithm, algorithm ); (10) create a certificate and sign it with the CA's private key X509certimpl newcert = new x509certimpl (cinfo2 ); Newcert. Sign (caprk, "md5withrsa"); Use the CA private key to sign it. (11) write the new certificate to the keystore KS. setcertificateentry ("lf_signed", newcert ); Fileoutputstream out = new fileoutputstream ("newstore "); KS. Store (Out, "newpass". tochararray (); a new keystore is written here. You can also use Article 7 to add entries. 10: digital certificate inspection (1) verify the validity period of the certificate (A) Get the x509certificate type object Certificatefactory cf = certificatefactory. getinstance ("X.509 "); Fileinputstream in1 = new fileinputstream ("AA. CRT "); Java. Security. cert. Certificate C1 = Cf. generatecertificate (in1 ); X509certificate t = (x509certificate) C1; In2.close (); (B) Date of Acquisition Date timenow = new date (); (C) test effectiveness Try { T. checkvalidity (timenow ); System. Out. println ("OK "); } Catch (certificateexpiredexception e) {// expiration System. Out. println ("expired "); System. Out. println (E. getmessage ()); } Catch (certificatenotyetvalidexception e) {// not activated System. Out. println ("too early "); System. Out. println (E. getmessage ());} (2) verify the validity of the Certificate Signature (A) Obtain the CA certificate Certificatefactory cf = certificatefactory. getinstance ("X.509 "); Fileinputstream in2 = new fileinputstream ("caroot. CRT "); Java. Security. cert. Certificate CAC = Cf. generatecertificate (in2 ); In2.close (); (C) obtain the CA Public Key Publickey pBK = CAC. getpublickey (); (B) obtain the certificate to be verified (C1 is obtained in the previous step) (C) certificate inspection Boolean pass = false; Try { C1.verify (pbk ); Pass = true; } Catch (exception e ){ Pass = false; System. Out. println (E );