Java Operational Digital certificate (X509)

One: The package that needs to be included
Import java.security.*;
Import java.io.*;
Import java.util.*;
Import java.security.*;
Import java.security.cert.*;
Import sun.security.x509.*
Import Java.security.cert.Certificate;
Import Java.security.cert.CertificateFactory;

Second: Read the certificate from the file
Write the certificate in. KeyStore to the file using Keytool, and then read the certificate information from the file
Certificatefactory cf=certificatefactory.getinstance ("X.509");
FileInputStream in=new FileInputStream ("OUT.CSR");
Certificate c=cf.generatecertificate (in);

    String s=c.tostring ();
Three: Read the certificate directly from the KeyStore
    String pass= "123456";
    fileinputstream in=new FileInputStream (". KeyStore");
    KeyStore ks=keystore.getinstance ("JKS");
    Ks.load (In,pass.tochararray ());
    java.security.cert.Certificate C=ks.getcertificate (alias);//alias as an alias for an entry

Four: Display certificate designation information in Java program
    System.out.println ("Output certificate information:/n" +c.tostring ());
    System.out.println ("version number:" +t.getversion ());
    System.out.println ("Serial Number:" +t.getserialnumber (). toString (16));
    System.out.println ("Principal Name:" +t.getsubjectdn ());
    System.out.println ("Issuer:" +t.getissuerdn ());
    System.out.println ("valid:" +t.getnotbefore ());
    System.out.println ("Signature algorithm:" +t.getsigalgname ());
    Byte [] sig=t.getsignature ();//Signature value
    publickey pk=t.getpublickey ();
    Byte [] pkenc=pk.getencoded ();   
    System.out.println ("Public Key");
    for (int i=0;i<pkenc.length;i++) System.out.print (pkenc[i]+ ",");

Five: The Java program lists all of the key library entries
String pass= "123456";
FileInputStream in=new FileInputStream (". KeyStore");
KeyStore ks=keystore.getinstance ("JKS");
Ks.load (In,pass.tochararray ());
Enumeration e=ks.aliases ();
while (E.hasmoreelements ())
Java.security.cert.Certificate c=ks.getcertificate ((String) e.nextelement ());

VI: Java program to modify KeyStore password
String oldpass= "123456";
String newpass= "654321";
FileInputStream in=new FileInputStream (". KeyStore");
KeyStore ks=keystore.getinstance ("JKS");
Ks.load (In,oldpass.tochararray ());
In.close ();
FileOutputStream output=new FileOutputStream (". KeyStore");
Ks.store (Output,newpass.tochararray ());
Output.close ();

Seven: Java program modifies password and add entry for KeyStore entry
    fileinputstream in=new fileinputstream (". KeyStore");
    KeyStore ks=keystore.getinstance ("JKS");
    Ks.load (In,storepass.tochararray ());
    Certificate [] Cchain=ks.getcertificate (alias); Get the certificate chain for the alias-corresponding entry
    Privatekey pk= (Privatekey) Ks.getkey (Alias,oldkeypass.tochararray ()); Get the private key for the alias entry
    Ks.setkeyentry (Alias,pk,newkeypass.tochararray (), cchain); Add entries to KeyStore
    The first parameter specifies the alias of the added entry. If you use an existing alias to overwrite an existing entry, the new alias will add a new entry, the second parameter is the entry's private key, the third is the new password set, and the fourth certificate chain for the public key of the private key
    FileOutputStream Output=new FileOutputStream ("another");
    Ks.store (Output,storepass.tochararray ()) writes KeyStore object contents to a new file

Eight: Java programs verify aliases and delete entries
FileInputStream in=new FileInputStream (". KeyStore");
KeyStore ks=keystore.getinstance ("JKS");
Ks.load (In,storepass.tochararray ());
Ks.containsalias ("sage"); Verify that the entry is in the KeyStore, returns True
Ks.deleteentry ("sage"); Delete the entries for the alias
FileOutputStream output=new FileOutputStream (". KeyStore");
Ks.store (Output,storepass.tochararray ()) writes the KeyStore object contents to the file, and the entry is deleted successfully

Nine: Java programs issue digital certificates
(1) Read the CA's certificate from the KeyStore
FileInputStream in=new FileInputStream (". KeyStore");
KeyStore ks=keystore.getinstance ("JKS");
Ks.load (In,storepass.tochararray ());
Java.security.cert.Certificate c1=ks.getcertificate ("Caroot");
(2) Read the CA's private key from the KeyStore
Privatekey caprk= (Privatekey) Ks.getkey (Alias,cakeypass.tochararray ());
(3) Extract the issuer's information from the CA's certificate
Byte[] encod1=c1.getencoded (); To extract the code for a CA certificate
X509certimpl cimp1=new X509certimpl (ENCOD1); Create a X509certimpl type object with this encoding
X509certinfo cinfo1= (X509certinfo) cimp1.get (x509certimpl.name+ ".") +x509certimpl.info); Get X509certinfo Object
X500name issuer= (x500name) cinfo1.get (x509certinfo.subject+ ".") +certificateissuername.dn_name); Get the issuer information for the X509name type
(4) Obtain the certificate to be issued
Certificatefactory cf=certificatefactory.getinstance ("X.509");
FileInputStream in2=new FileInputStream ("USER.CSR");
Java.security.cert.Certificate c2=cf.generatecertificate (in);
(5) Extracting certificate information from the certificate to be issued
byte [] encod2=c2.getencoded ();
X509certimpl cimp2=new X509certimpl (ENCOD2); Create a X509certimpl type object with this encoding
X509certinfo cinfo2= (X509certinfo) cimp2.get (x509certimpl.name+ ".") +x509certimpl.info); Get X509certinfo Object
(6) Set the new certificate validity period
Date Begindate=new date (); Get current time
Date Enddate=new Date (Begindate.gettime () +3000*24*60*60*1000l); Valid for 3,000 days
Certificatevalidity cv=new certificatevalidity (begindate,enddate); Creating objects
Cinfo2.set (X509CERTINFO.VALIDITY,CV); Set Expiration
(7) Set the new certificate serial number
int sn= (int) (Begindate.gettime ()/1000); Serial number at the current time
Certificateserialnumber csn=new certificateserialnumber (SN);
Cinfo2.set (X509CERTINFO.SERIAL_NUMBER,CSN);
(8) Set new certificate issuer
Cinfo2.set (x509certinfo.issuer+ ".") +certificateissuername.dn_name,issuer); Application of the results of the third step