Java certificate parsing example

Source: Internet
Author: User

Import java. io .*;
Import org. bouncycastle. asn1 .*;
Import org. bouncycastle. asn1.util .*;
Import org. bouncycastle. asn1.x509 .*;
Import org. bouncycastle. util. encoders .*;
Public class CertManager {
String eoid [] [] = {
{New String ("Subject Key Identifier"), new String ("2.5.29.14 ")},
{New String ("Key Usage"), new String ("2.5.29.15 ")},
{New String ("Private Key Usage Period"), new String ("2.5.29.16 ")},
{New String ("Subject Alternative Name"), new String ("2.5.29.17 ")},
{New String ("Issuer Alternative Name"), new String ("2.5.29.18 ")},
{New String ("Basic Constraints"), new String ("2.5.29.19 ")},
{New String ("CRL Number"), new String ("2.5.29.20 ")},
{New String ("Reason code"), new String ("2.5.29.21 ")},
{New String ("Hold Instruction Code"), new String ("2.5.29.23 ")},
{New String ("Invalidity Date"), new String ("2.5.29.24 ")},
{New String ("Delta CRL indicator"), new String ("2.5.29.27 ")},
{New String ("Issuing Distribution Point"), new String ("2.5.29.28 ")},
{New String ("Certificate Issuer"), new String ("2.5.29.29 ")},
{New String ("Name Constraints"), new String ("2.5.29.30 ")},
{New String ("CRL Distribution Points"), new String ("2.5.29.31 ")},
{New String ("Certificate Policies"), new String ("2.5.29.32 ")},
{New String ("Policy Mappings"), new String ("2.5.29.33 ")},
{New String ("Authority Key Identifier"), new String ("2.5.29.35 ")},
{New String ("Policy Constraints"), new String ("2.5.29.36 ")},
{New String ("Extended Key Usage"), new String ("2.5.29.37 ")}};
Byte buf [];
Public CertManager (){
Int fLength = 0;
Try {
FileInputStream FCM = new FileInputStream (".. \ mycert \ ca. der ");
FLength = FCM. available ();
Buf = new byte [fLength];
FS. read (buf, 0, fLength );
}
Catch (Exception ex ){
System. out. println ("An error occurred while reading the Certificate file! ");
Return;
}
}
Public byte [] getExtensionBytes (String oid, X509Extensions exts)
{
If (exts! = Null)
{
X509Extension ext = exts. getExtension (new DERObjectIdentifier (oid ));
If (ext! = Null)
{
Return ext. getValue (). getOctets ();
}
}
Return null;
}
Public void getCert ()
{

ByteArrayInputStream bIn;
DERInputStream dIn;
String dump = "";

Try
{
BIn = new ByteArrayInputStream (buf );
DIn = new DERInputStream (bIn );

ASN1Sequence seq = (ASN1Sequence) dIn. readObject ();
// Dump = DERDump. dumpAsString (seq );
// Debug the output statement
// System. out. println (dump );
// Basic Certificate Information
System. out. println ("<================= basic information of the certificate ========================>>" );
X509CertificateStructure cert = new X509CertificateStructure (seq );
System. out. println ("Certificate version:" + cert. getVersion ());
System. out. println ("serial number:" + cert. getSerialNumber (). getValue (). toString (16 ));
System. out. println ("algorithm identifier:" + cert. getSignatureAlgorithm (). getObjectId (). getId ());
System. out. println ("issuer:" + cert. getIssuer ());
System. out. println ("Start Time:" + cert. getStartDate (). getTime ());
System. out. println ("End Time:" + cert. getEndDate (). getTime ());
System. out. println ("Subject name:" + cert. getSubject ());
System. out. print ("signature value :");
DERBitString signature = cert. getSignature ();
String strSign = new String (Hex. encode (signature. getBytes ()));
System. out. println (strSign );
System. out. println ("subject Public Key :");
SubjectPublicKeyInfo pukinfo = cert. getSubjectPublicKeyInfo ();
System. out. println ("identifier:" + pukinfo. getAlgorithmId (). getObjectId (). getId ());
Byte [] byPuk = pukinfo. getPublicKeyData (). getBytes ();
String strPuk = new String (Hex. encode (byPuk ));
System. out. println ("Public Key Value:" + strPuk );
// Certificate Extension Information
System. out. println ("<============= certificate Extension Information ======================>> ");
X509Extensions ext = cert. getTBSCertificate (). getExtensions ();
// 15 -- key usage 19 --- basic constrains
// 31 -- crl point 32 --- certificate policy
GetKe

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.