Examples of Java digital certificates

1. packages to be included <br/> Import Java. security. *; <br/> Import Java. io. *; <br/> Import Java. util. *; <br/> Import Java. security. *; <br/> Import Java. security. cert. *; <br/> import sun. security. x509. * <br/> Import Java. security. cert. certificate; <br/> Import Java. security. cert. certificatefactory; <br/> 2: Read the certificate from the file <br/> Use keytool. the certificate in the keystore is written into the file, and then the certificate information is read from the file <br/> certificatefactory cf = certificatefactory. getinstance ("X.509"); <br/> fileinputstream in = new fileinputstream ("out. CSR "); <br/> certificate c = cf. generatecertificate (in); <br/> string S = C. tostring (); <br/> 3: directly read the certificate from the keystore <br/> string pass = "123456"; <br/> fileinputstream in = new fileinputstream (". keystore "); <br/> keystore Ks = keystore. getinstance ("jks"); <br/> Ks. load (in, pass. tochararray (); <br/> JAVA. security. cert. certificate c = Ks. getcertificate (alias); // alias is the alias of the entry <br/> 4: The specified certificate information is displayed in the Java program <br/> system. out. println ("output Certificate Information:/N" + C. tostring (); <br/> system. out. println ("version:" + T. getversion (); <br/> system. out. println ("serial number:" + T. getserialnumber (). tostring (16); <br/> system. out. println ("Subject name:" + T. getsubjectdn (); <br/> system. out. println ("issuer:" + T. getissuerdn (); <br/> system. out. println ("validity period:" + T. getnotbefore (); <br/> system. out. println ("signature algorithm:" + T. getsigalgname (); <br/> byte [] Sig = T. getsignature (); // signature value <br/> publickey PK = T. getpublickey (); <br/> byte [] pkenc = PK. getencoded (); <br/> system. out. println ("Public Key"); <br/> for (INT I = 0; I <pkenc. length; I ++) system. out. print (pkenc [I] + ","); <br/> 5. Java Programs list all entries in the keystore <br/> string pass = "123456 "; <br/> fileinputstream in = new fileinputstream (". keystore "); <br/> keystore Ks = keystore. getinstance ("jks"); <br/> Ks. load (in, pass. tochararray (); <br/> enumeration E = Ks. aliases (); <br/> while (E. hasmoreelements () <br/> JAVA. security. cert. certificate c = Ks. getcertificate (string) E. nextelement (); <br/> 6: Modify the keystore password of a Java program <br/> string oldpass = "123456"; <br/> string newpass = "654321 "; <br/> fileinputstream in = new fileinputstream (". keystore "); <br/> keystore Ks = keystore. getinstance ("jks"); <br/> Ks. load (in, oldpass. tochararray (); <br/> in. close (); <br/> fileoutputstream output = new fileoutputstream (". keystore "); <br/> Ks. store (output, newpass. tochararray (); <br/> output. close (); <br/> 7: the Java program modifies the password of the keystore entry and adds the entry. <br/> fileinputstream in = new fileinputstream (". keystore "); <br/> keystore Ks = keystore. getinstance ("jks"); <br/> Ks. load (in, storepass. tochararray (); <br/> certificate [] cchain = Ks. getcertificate (alias); obtain the certificate chain of the corresponding entry of the alias <br/> privatekey PK = (privatekey) Ks. getkey (alias, oldkeypass. tochararray (); obtain the private key of the corresponding entry of the alias <br/> Ks. setkeyentry (alias, PK, newkeypass. tochararray (), cchain); add entries to the keystore <br/> the first parameter specifies the alias of the added entry. If an existing alias is used, the existing entry will be overwritten, use the new alias to add a new entry. The second parameter is the private key of the entry, and the third parameter is the new password, the fourth certificate chain is the public key of the private key <br/> fileoutputstream output = new fileoutputstream ("another"); <br/> Ks. store (output, storepass. tochararray () writes the content of the keystore object to a new file <br/> 8: Java program checks aliases and deletes entries <br/> fileinputstream in = new fileinputstream (". keystore "); <br/> keystore Ks = keystore. getinstance ("jks"); <br/> Ks. load (in, storepass. tochararray (); <br/> Ks. containsalias ("Sage"); checks whether entries exist in the keystore and returns true <br/> Ks. deleteentry ("Sage"); Delete the entry corresponding to the alias <br/> fileoutputstream output = new fileoutputstream (". keystore "); <br/> Ks. store (output, storepass. tochararray () writes the content of the keystore object to a file, and the entry is deleted successfully <br/> 9: the Java program issues a digital certificate <br/> (1) read the CA certificate from the keystore <br/> fileinputstream in = new fileinputstream (". keystore "); <br/> keystore Ks = keystore. getinstance ("jks"); <br/> Ks. load (in, storepass. tochararray (); <br/> JAVA. security. cert. certificate C1 = Ks. getcertificate ("caroot"); <br/> (2) read the private key of the CA from the keystore <br/> privatekey caprk = (privatekey) Ks. getkey (alias, cakeypass. tochararray (); <br/> (3) extract issuer information from the CA certificate <br/> byte [] encod1 = c1.getencoded (); extract CA certificate encoding <br/> x509certimpl cimp1 = new x509certimpl (encod1); Use this encoding to create a sequence object <br/> x509certinfo cinfo1 = (x509certinfo) cimp1.get (response. name + ". "+ x509certimpl. info); get the x509certinfo object <br/> x500name issuer = (x500name) cinfo1.get (x509certinfo. subject + ". "+ certificateissuername. dn_name); obtain the issuer information of the x509name type <br/> (4) obtain the certificate to be issued <br/> certificatefactory cf = certificatefactory. getinstance ("X.509"); <br/> fileinputstream in2 = new fileinputstream ("user. CSR "); <br/> JAVA. security. cert. certificate C2 = cf. generatecertificate (in); <br/> (5) extract certificate information from the certificate to be issued <br/> byte [] encod2 = c2.getencoded (); <br/> x509certimpl cimp2 = new x509certimpl (encod2); Use this encoding to create an x509certimpl object. <br/> x509certinfo cinfo2 = (x509certinfo) cimp2.get. name + ". "+ x509certimpl. info); get the x509certinfo object <br/> (6) set the validity period of the new certificate <br/> date begindate = new date (); obtain the current time <br/> date enddate = new date (begindate. gettime () + 3000*24*60*60 * 1000l); valid for 3000 days <br/> certificatevalidity CV = new certificatevalidity (begindate, enddate ); create an object <br/> cinfo2.set (x509certinfo. validity, CV); set the validity period <br/> (7) set the serial number of the new certificate <br/> int Sn = (INT) (begindate. gettime ()/1000); with the current time as the serial number <br/> certificateserialnumber CSN = new certificateserialnumber (SN); <br/> cinfo2.set (x509certinfo. serial_number, CSN); <br/> (8) set a new certificate issuer <br/> cinfo2.set (x509certinfo. issuer + ". "+ certificateissuername. dn_name, issuer); apply the result of step 3 <br/> (9) set the new certificate signature algorithm Information <br/> algorithmid algorithm = new algorithmid (algorithmid. md5withrsaencryption_oid); <br/> cinfo2.set (certificatealgorithmid. name + ". "+ certificatealgorithmid. algorithm, algorithm); <br/> (10) create a certificate and sign it with the private key of the Ca <br/> x509certimpl newcert = new x509certimpl (cinfo2 ); <br/> newcert. sign (caprk, "md5withrsa"); sign it with the CA private key <br/> (11) write the new certificate to the keystore <br/> Ks. setcertificateentry ("lf_signed", newcert); <br/> fileoutputstream out = new fileoutputstream ("newstore"); <br/> Ks. store (Out, "newpass ". tochararray (); here is a new keystore, you can also use Article 7 to add entries <br/> 10: Digital Certificate Validation <br/> (1) verify the validity period of the certificate <br/> (a) obtain the x509certificate type object <br/> certificatefactory cf = certificatefactory. getinstance ("X.509"); <br/> fileinputstream in1 = new fileinputstream ("AA. CRT "); <br/> JAVA. security. cert. certificate C1 = cf. generatecertificate (in1); <br/> x509certificate t = (x509certificate) C1; <br/> in2.close (); <br/> (B) obtain date <br/> date timenow = new date (); <br/> (c) check validity <br/> try {<br/> T. checkvalidity (timenow); <br/> system. out. println ("OK"); <br/>} catch (certificateexpiredexception e) {// expired <br/> system. out. println ("expired"); <br/> system. out. println (E. getmessage (); <br/>} catch (certificatenotyetvalidexception e) {// not activated <br/> system. out. println ("too early"); <br/> system. out. println (E. getmessage () ;}< br/> (2) verify the validity of the certificate signature <br/> (a) obtain the CA certificate <br/> certificatefactory cf = certificatefactory. getinstance ("X.509"); <br/> fileinputstream in2 = new fileinputstream ("caroot. CRT "); <br/> JAVA. security. cert. certificate CAC = cf. generatecertificate (in2); <br/> in2.close (); <br/> (c) obtain the CA Public Key <br/> publickey pBK = CAC. getpublickey (); <br/> (B) obtain the certificate to be verified (C1 is obtained in the previous step) <br/> (c) verify the certificate <br/> Boolean pass = false; <br/> try {<br/> c1.verify (pbk); <br/> pass = true; <br/>} catch (exception e) {<br/> pass = false; <br/> system. out. println (E); <br/>}< br/>