Java program issues a digital certificate

Source: Internet
Author: User

/*
* <P> title: </P>
*
* <P> Description: </P>
*
* <P> copyright: Copyright (c) 2007 </P>
*
* <P> company: </P>
*
* @ Author ifwater
* @ Version 1.0
*/
/* The CA should use its own private key to issue a digital certificate. The CA's certificate does not contain information about the private key. Therefore, you need to extract it from the keystore mykeystore. In addition, since the issued certificate also needs to know the name of the CA, this can be obtained from the Xa certificate. Issuing a certificate is actually creating a new certificate. Here, Sun. security. the x509certimpl class created in the X509 Package creates a new certificate. The constructor of this class inputs various information about the new certificate. The main information is from the issued if. CER only re-sets the information that must be modified, such as the serial number, validity period, and issuer. Finally, use the sign () method of the x509certimpl class to sign with the private key of CA. You can print the information of the new certificate or save it in the keystore. */

Import java. Io .*;
Import java. Security .*;
Import java. Security. cert .*;
Import java. util .*;
Import java. Math .*;
Import sun. Security. x509 .*;
Public class signcert {
Public static void main (string ARGs []) throws exception {
Char [] storepass = "wshn. ut". tochararray ();
Char [] cakeypass = "wshn. ut". tochararray ();
String alias = "mytest ";
String name = "mykeystore ";
 
// Cert of CA reads the CA certificate from the keystore
// The value of name here is "mykeystore", and the value of Alias is "mytest"
Fileinputstream in = new fileinputstream (name );
Keystore Ks = keystore. getinstance ("jks ");
KS. Load (in, storepass );
Java. Security. cert. Certificate Cl = ks. getcertificate (alias );
 
// Read the private key of the CA from the keystore
// Execute the getkey () method of the keystore object to obtain the private key of the entry corresponding to its parameter.
Privatekey caprk = (privatekey) ks. getkey (alias, cakeypass );
In. Close ();
 
// Extract issuer information from the CA certificate
// First extract the encoding of the CA certificate, and then use this encoding to create an x509cerimpl-type object. Get the object of the x509cerinfo type through the get () method of this object, all contents encapsulated by this object, finally, the get () method of the object is used to obtain the issuer information of the x509name type.
Byte [] encoal = Cl. getencoded ();
X509certimpl cimpl = new x509certimpl (encoal );
X509certinfo cinfol = (x509certinfo) cimpl. Get (x509certimpl. Name + "." + x509certimpl. info );
X500name issuer = (x500name) cinfol. Get (x509certinfo. Subject + "." + certificateissuername. dn_name );
 
// Obtain the certificate to be issued
Certificatefactory of = certificatefactory. getinstance ("X.509 ");
Fileinputstream in2 = new fileinputstream (ARGs [0]);
Java. Security. cert. Certificate C2 = of. generatecertificate (in2 );
 
// Extract certificate information from the digital certificate to be issued
// Extract the certificate encoding of the issuer, create an x509certimpl object, and obtain the x509certinfo object through the get () method of the object, you can use this object to create a new certificate.
Byte [] encod2 = c2.getencoded ();
X509certimpl cimp2 = new x509certimpl (encod2 );
X509certinfo cinfo2 = (x509certinfo) cimp2.get (x509certimpl. Name + "." + x509certimpl. info );
 
// Set the validity period of the new certificate
// The effective time of the new certificate starts from the time it was issued. Therefore, the new date () is used to obtain the certificate but the time is used.
// The validity period of the certificate is 15 minutes.
// An object of the certificatevalidity type has been created on the same date and passed as a parameter to the Set () method of the x509certinfo object in the previous step.
Date begindate = new date ();
Date enddate = new date (begindate. gettime () + 15*60 * 1000l );
Certificatevalidity CV = new certificatevalidity (begindate, enddate );
Cinfo2.set (x509certinfo. validity, CV );
 
// Set the serial number of the new certificate. Each certificate has a unique serial number. Here, the current time (in seconds) is used as the serial number to create a certificateserialnumber object and pass it as a parameter to the Set () method of the x509certinfo object to set the serial number.
Int Sn = (INT) (maid. gettime ()/1000 );
Certificateserialnumber CSN = new certificateserialnumber (SN );
Cinfo2.set (x509certinfo. serial_number, CSN );
 
// Set the issuer of the new certificate. Run the Set () method of the x509certinfo object to set the issuer. input parameters are the issuer information extracted from the CA certificate.
Cinfo2.set (x509certinfo. issuer + "." + certificateissuername. dn_name, issuer );
 
// Set the signature algorithm information for the new certificate
// Generate an algorithmid object, specify the CA algorithm used to sign the certificate in its constructor as md5withrsa, and pass it as a parameter to the Set () of the x509certinfo object () method To set signature algorithm Information
Algorithmid alogorithm = new algorithmid (algorithmid. md2withrsaencryption_oid );
Cinfo2.set (certificatealgorithmid. Name + "." + certificatealgorithmid. algorithm, algoritbm );

// Create a certificate and sign it with the private key of the CA
// X509certimpl is the underlying implementation of the X509 Certificate. Pass the certificate information to the constructor, obtain the new certificate, execute the sign () method, and use the CA
X509certimpl newcert = new x509certimpl (cinfo2 );
Newcert. Sign (caprk, "mdswithrsa ");
 
// Save the new certificate to the keystore
KS. setcertificateentry ("if_signed", newcert );
/*
Snivatekey PRK = (frivatekey) ks. getkey ("lf", "wishnout". tochararray );
Java. Security. cert. Certificate [] CONAI = (New CERT );
KS. setkeyentry ("if_signed, PRK", "newpass", ochararray (), conain );
*/
Fileoutputstream out = new fileoutputstream ("newstore ");
KS. Store (Out, "newpass". tochararray ());
Out. Close ();
};
}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.