When interacting between systems, we often use digital certificates, digital certificates can help us verify identities, and so on, let's take a look at how to use digital certificates in Java.
We first use the Keytool tool to generate the KeyStore and export the public key certificate.
First step: Generate Keystroe Files
Execute the following command:
Keytool-genkey-validity 36000-alias www.jianggujin.com-keyalg Rsa-keystore test.keystore
The command-related parameters are as follows:
After the input, we need to follow the prompts to complete the follow-up information input, which we use the password is: 123456
Step two: Export the public key certificate
Once the KeyStore is generated, we can export the public key file and execute the following command:
Keytool-export-keystore Test.keystore-alias Www.jianggujin.com-file TEST.CER-RFC
The command-related parameters are as follows:
The full operation process is as follows:
After these two steps, we have the KeyStore and the certificate file, and like the previous cryptographic decryption tool class, we'll write a tool class for manipulating digital certificates:
Package Com.jianggujin.codec;
Import Java.io.FileInputStream;
Import Java.io.InputStream;
Import Java.security.KeyStore;
Import Java.security.PrivateKey;
Import Java.security.PublicKey;
Import Java.security.Signature;
Import Java.security.cert.Certificate;
Import Java.security.cert.CertificateFactory;
Import Java.security.cert.X509Certificate;
Import Java.util.Date;
Import Javax.crypto.Cipher; /** * Digital Certificate * * @author Jianggujin * */public class Hqcertificate {private static hqcertificate certificate = NE
W hqcertificate ();
public static Hqcertificate getinstance () {return certificate; Private Hqcertificate () {}/** * keystore * * @author Jianggujin * */public static EN
Um hqkeystore {JCEKS ("JCEKS"), JKS ("JKS"), DKs ("DKs"), PKCS11 ("Pkcs11"), PKCS12 ("pkcs12");
private String name;
Private Hqkeystore (String name) {this.name = name;
Public String GetName () { return this.name;
}/** * java KeyStore (Java key Store,jks) Key_store *//public final String Key_store = "JKS";
Public final String X509 = "X.509"; /** * The private key is obtained from KeyStore * * @param keystorepath * @param alias * @param password * @return * @thr OWS Exception * * Private Privatekey Getprivatekey (string Keystorepath, String alias, char[] password, hqkeystore ke
Ystore) throws Exception {KeyStore ks = Getkeystore (keystorepath, password, KeyStore);
Privatekey key = (Privatekey) ks.getkey (alias, password);
Return key; /** * Certificate access to public key * * @param certificatepath * @return * @throws Exception/Priva Te publickey getpublickey (String certificatepath) throws Exception {Certificate certificate = getcertificate (cer
Tificatepath);
PublicKey key = Certificate.getpublickey ();
Return key; /** * Get certificate * * @param certiFicatepath * @return * @throws Exception/Private certificate getcertificate (String certificatepath) thro
WS Exception {certificatefactory certificatefactory = certificatefactory.getinstance (X509);
FileInputStream in = new FileInputStream (Certificatepath);
Certificate Certificate = certificatefactory.generatecertificate (in);
In.close ();
return certificate;
/** * Obtains certificate * * @param keystorepath * @param alias * @param password * @return * @throws Exception * * Private certificate GetCertificate (string Keystorepath, String alias, char[] password, hqkey
Store KeyStore) throws Exception {KeyStore ks = Getkeystore (keystorepath, password, keyStore);
Return GetCertificate (KS, alias); Private certificate GetCertificate (KeyStore KeyStore, String alias) throws Exception {certificate certific
ate = Keystore.getcertificate (alias);
return certificate; /** * Access to KeyStore * * @param keystorepath * @param password * @return * @throws Exception
*/Public KeyStore Getkeystore (String keystorepath, char[] password, Hqkeystore KeyStore) throws Exception {
KeyStore store = null;
FileInputStream is = new FileInputStream (Keystorepath);
Store = Getkeystore (is, password, keyStore);
Is.close ();
return store; Public KeyStore Getkeystore (InputStream in, char[] password, Hqkeystore KeyStore) throws Exception {Keysto
Re ks = Keystore.getinstance (Keystore.getname ());
Ks.load (in, password);
return KS; /** * Private key encryption * @param data * @param keystorepath * @param alias * @param password * @re Turn * @throws Exception * * Public byte[] Encrypt (byte[] data, string Keystorepath, String alias, char[] Passwo Rd, Hqkeystore KeyStore) throws Exception {//Get private key privatekey Privatekey = GetprivatekEY (Keystorepath, alias, password, keyStore);
Return Encrypt (data, privatekey); Public byte[] Encrypt (byte[] data, Privatekey Privatekey) throws Exception {//encrypt data Cipher Cipher =
Cipher.getinstance (Privatekey.getalgorithm ());
Cipher.init (Cipher.encrypt_mode, Privatekey);
return cipher.dofinal (data);
/** * Public Key encryption * @param data * @param certificatepath * @return * @throws Exception * * Public byte[] Encrypt (byte[] data, String Certificatepath) throws Exception {//Obtain the key PublicKey PublicKey
= Getpublickey (Certificatepath);
Return Encrypt (data, publickey); Public byte[] Encrypt (byte[] data, PublicKey PublicKey) throws Exception {//encrypt data Cipher Cipher = C
Ipher.getinstance (Publickey.getalgorithm ());
Cipher.init (Cipher.encrypt_mode, PublicKey);
return cipher.dofinal (data);
/** * Private Key decryption * * @param data * @param keystorepath * @param alias * @param password * @return * @throws Exception/public byte[] Decrypt (byte[) data,
String Keystorepath, String alias, char[] password, Hqkeystore keyStore) throws Exception {//Get private key
Privatekey Privatekey = Getprivatekey (Keystorepath, alias, password, keyStore);
Return decrypt (data, privatekey); Public byte[] Decrypt (byte[] data, Privatekey Privatekey) throws Exception {//encrypt data Cipher Cipher =
Cipher.getinstance (Privatekey.getalgorithm ());
Cipher.init (Cipher.decrypt_mode, Privatekey);
return cipher.dofinal (data);
/** * Public Key decryption * @param data * @param certificatepath * @return * @throws Exception * * Public byte[] Decrypt (byte[] data, String Certificatepath) throws Exception {//Obtain the key PublicKey PublicKey
= Getpublickey (Certificatepath);
Encrypt the data Cipher Cipher = Cipher.getinstance (Publickey.getalgorithm ()); CiphEr.init (Cipher.decrypt_mode, PublicKey);
Return decrypt (data, publickey); Public byte[] Decrypt (byte[] data, PublicKey PublicKey) throws Exception {//encrypt data Cipher Cipher = C
Ipher.getinstance (Publickey.getalgorithm ());
Cipher.init (Cipher.decrypt_mode, PublicKey);
return cipher.dofinal (data); /** * Verify Certificate * * @param certificatepath * * @return/public boolean verifycertificate
(String Certificatepath)
{return verifycertificate (new Date (), Certificatepath); /** * Verify certificate is expired or invalid * * @param date * @param certificatepath * @return/Public
Boolean verifycertificate (date date, String Certificatepath) {Boolean status = True;
try {//Obtain Certificate Certificate Certificate = getcertificate (Certificatepath);
Verify that the certificate expires or is invalid status = verifycertificate (date, certificate);
catch (Exception e) { Status = FALSE;
} return status; /** * Verify that the certificate expires or is not valid * @param date * @param certificate * @return/Private Boolean Veri
Fycertificate (date date, certificate certificate) {Boolean status = True;
try {x509certificate x509certificate = (x509certificate) certificate;
X509certificate.checkvalidity (date);
catch (Exception e) {status = FALSE;
} return status; /** * Signature * * @param keystorepath * @param alias * @param password * * @return * @t Hrows Exception * * Public byte[] sign (byte[] data, string Keystorepath, String alias, char[] password, Hqkeystore k Eystore) throws Exception {//Obtain Certificate Certificate Certificate = getcertificate (Keystorepath, alias,
password, keyStore);
Get the private key Privatekey Privatekey = Getprivatekey (Keystorepath, alias, password, keyStore); Return SiGN (data, certificate, Privatekey);
Public byte[] Sign (byte[] data, certificate certificate, Privatekey Privatekey) throws Exception {//Obtain certificate
X509Certificate x509certificate = (x509certificate) certificate;
Build signature Signature Signature = signature.getinstance (X509certificate.getsigalgname ());
Signature.initsign (Privatekey);
Signature.update (data);
return Signature.sign (); /** * Verification Signature * * @param data * @param sign * @param certificatepath * @return * @throws E Xception */Public Boolean verify (byte[] data, byte[] sign, String Certificatepath) throws Exception {//
Obtain a certificate Certificate Certificate = getcertificate (Certificatepath);
Return verify (data, sign, certificate); public boolean verify (byte[] data, byte[] sign, certificate certificate) throws Exception {//Get certificate X
509Certificate x509certificate = (x509certificate) certificate;
Get the public key PublicKey PublicKey = X509certificate.getpublickey ();
Build signature Signature Signature = signature.getinstance (X509certificate.getsigalgname ());
Signature.initverify (PublicKey);
Signature.update (data);
return signature.verify (sign);
/** * Verify Certificate * * @param keystorepath * @param alias * @param password * @return
*/Public Boolean verifycertificate (date date, string Keystorepath, String alias, char[] password, hqkeystore keyStore)
{Boolean status = True;
try {Certificate certificate = getcertificate (Keystorepath, alias, password, keyStore);
Status = Verifycertificate (date, certificate);
catch (Exception e) {status = FALSE;
} return status;
/** * Verify Certificate * * @param keystorepath * @param alias * @param password * @return */Public Boolean verifycertificate (string Keystorepath, String AliAs, char[] password, Hqkeystore keyStore) {return verifycertificate (new Date (), Keystorepath, alias, password, K
Eystore); }
}
Write the Test tools class and test using the KeyStore and certificate file We just generated:
Import Org.junit.Test;
Import com.jianggujin.codec.HQBase64;
Import Com.jianggujin.codec.HQCertificate;
Import Com.jianggujin.codec.HQCertificate.HQKeyStore;
public class Certificatetest {hqcertificate certificate = hqcertificate.getinstance ();
HQBase64 base64 = Hqbase64.getinstance ();
Private char[] Password = "123456". ToCharArray ();
Private String alias = "www.jianggujin.com";
Private String Certificatepath = "Test.cer";
Private String Keystorepath = "Test.keystore";
@Test public void Encode () throws Exception {byte[] data = "Jianggujin". GetBytes ();
Hqkeystore KeyStore = Hqkeystore.jks;
byte[] Signresult = certificate.sign (data, Keystorepath, alias, password, keyStore);
SYSTEM.ERR.PRINTLN ("Certificate of Authentication:" + certificate.verifycertificate (Certificatepath));
System.err.println ("Signature:" + base64.encodetostring (Signresult));
System.err.println ("Check:" + certificate.verify (data, Signresult, Certificatepath)); byte[] result = certIficate.encrypt (data, Keystorepath, alias, password, hqkeystore.jks);
SYSTEM.ERR.PRINTLN ("Encryption:" + base64.encodetostring (Signresult));
System.err.println ("Decrypt:" + New String (Certificate.decrypt (result, Certificatepath)); }
}
Execution Results:
Verifying Certificate: True
Signature: dczoecjxqgbrtsyxz6i94zuwgg/gkcmt0q8hjyan4p7holfcofqxxd1/alfjyqfijmr20et6abw/ cxecmcj4m7jqssq3pw/anyvndtqznflilxix9ytsroagf7z55ovpz6rhm/ys7bah17pegwrbtiurebiv/kbsw2z4ndbj2uhiwouhyy0j+ 8res4eq7lwqte6eabumsuyjozivbkg8onvpcqqcg3wtd7jqs7pbiygger5jhwcctsmpbtdr/x1/ 71brfl6zsybhnai4eu8lyfqentrgbccabfdbtf0hvwnv6krg38fk0otgftrci55lbz3cezypozi5f1azpvrmbq==
Check: True
Encryption: dczoecjxqgbrtsyxz6i94zuwgg/gkcmt0q8hjyan4p7holfcofqxxd1/alfjyqfijmr20et6abw/cxecmcj4m7jqssq3pw/ anyvndtqznflilxix9ytsroagf7z55ovpz6rhm/ys7bah17pegwrbtiurebiv/kbsw2z4ndbj2uhiwouhyy0j+ 8res4eq7lwqte6eabumsuyjozivbkg8onvpcqqcg3wtd7jqs7pbiygger5jhwcctsmpbtdr/x1/ 71brfl6zsybhnai4eu8lyfqentrgbccabfdbtf0hvwnv6krg38fk0otgftrci55lbz3cezypozi5f1azpvrmbq==
Decryption: Jianggujin