Key tool guis 1.7
/**
* <P> title: Light Weight APIs for crypto </P>
* <P> Description: An Example of processing a Shanghai CA certificate (root certificate and user certificate) </P>
* <P> copyright: Copyright (c) 2003 </P>
* <P> company: China Information Security Organization (ciso) </P>
* @ Author Rainbow (webmaster) Haha add more information about PKI in. ciso. Are you welcome to check it out?
* Hope to join us!
* @ Version 1.0.2003.0620
*/
Import java. Io .*;
Import org. bouncycastle. asn1 .*;
Import org. bouncycastle. asn1.util .*;
Import org. bouncycastle. asn1.x509 .*;
Import org. bouncycastle. util. encoders .*;
Public class certmanager {
String eoid [] [] = {
{New String ("Subject Key Identifier"), new string ("2.5.29.14 ")},
{New String ("Key Usage"), new string ("2.5.29.15 ")},
{New String ("Private Key usage period"), new string ("2.5.29.16 ")},
{New String ("Subject alternative name"), new string ("2.5.29.17 ")},
{New String ("issuer alternative name"), new string ("2.5.29.18 ")},
{New String ("basic constraints"), new string ("2.5.29.19 ")},
{New String ("CRL number"), new string ("2.5.29.20 ")},
{New String ("Reason code"), new string ("2.5.29.21 ")},
{New String ("hold instruction code"), new string ("2.5.29.23 ")},
{New String ("invalidity date"), new string ("2.5.29.24 ")},
{New String ("delta CRL indicator"), new string ("2.5.29.27 ")},
{New String ("issuing distribution point"), new string ("2.5.29.28 ")},
{New String ("certificate issuer"), new string ("2.5.29.29 ")},
{New String ("name constraints"), new string ("2.5.29.30 ")},
{New String ("CRL distribution points"), new string ("2.5.29.31 ")},
{New String ("certificate policies"), new string ("2.5.29.32 ")},
{New String ("policy mappings"), new string ("2.5.29.33 ")},
{New String ("Authority Key Identifier"), new string ("2.5.29.35 ")},
{New String ("policy constraints"), new string ("2.5.29.36 ")},
{New String ("extended Key Usage"), new string ("2.5.29.37 ")}};
Byte Buf [];
Public certmanager (){
Int flength = 0;
Try {
Fileinputstream FCM = new fileinputstream (".. \ mycert \ ca. Der ");
Flength = FCM. Available ();
Buf = new byte [flength];
FS. Read (BUF, 0, flength );
}
Catch (exception ex ){
System. Out. println ("An error occurred while reading the Certificate file! ");
Return;
}
}
Public byte [] getextensionbytes (string OID, x509extensions exts)
{
If (exts! = NULL)
{
X509extension ext = exts. getextension (New derobjectidentifier (OID ));
If (EXT! = NULL)
{
Return Ext. getvalue (). getoctets ();
}
}
Return NULL;
}
Public void getcert ()
{
Bytearrayinputstream bin;
Derinputstream din;
String dump = "";
Try
{
Bin = new bytearrayinputstream (BUF );
Din = new derinputstream (BIN );
Asn1sequence seq = (asn1sequence) DIN. readobject ();
// Dump = derdump. dumpasstring (SEQ );
// Debug the output statement
// System. Out. println (dump );
// Basic Certificate Information
System. out. println ("<================= basic information of the certificate ========================>>" );
X509certificatestructure Cert = new x509certificatestructure (SEQ );
System. Out. println ("Certificate version: \ t" + cert. getversion ());
System. Out. println ("serial number: \ t" + cert. getserialnumber (). getvalue (). tostring (16 ));
System. Out. println ("algorithm identifier: \ t" + cert. getsignaturealgorithm (). getobjectid (). GETID ());
System. Out. println ("issuer: \ t" + cert. getissuer ());
System. Out. println ("Start Time: \ t" + cert. getstartdate (). gettime ());
System. Out. println ("End Time: \ t" + cert. getenddate (). gettime ());
System. Out. println ("Subject name: \ t" + cert. getsubject ());
System. Out. Print ("signature value: \ t ");
Derbitstring Signature = cert. getsignature ();
String strsign = new string (Hex. encode (signature. getbytes ()));
System. Out. println (strsign );
System. Out. println ("main public key: \ t ");
Subjectpublickeyinfo pukinfo = cert. getsubjectpublickeyinfo ();
System. Out. println ("\ t identifier: \ t" + pukinfo. getalgorithmid (). getobjectid (). GETID ());
Byte [] bypuk = pukinfo. getpublickeydata (). getbytes ();
String strpuk = new string (Hex. encode (bypuk ));
System. Out. println ("\ t public key value: \ t" + strpuk );
// Certificate Extension Information
System. out. println ("<============= certificate Extension Information ======================>> ");
X509extensions ext = cert. gettbscertificate (). getextensions ();
// 15 -- Key Usage 19 --- basic Constrains
// 31 -- CRL point 32 --- certificate policy
Getkeyusage (EXT );
Getbasicconstrains (EXT );
Getcrlpoint (EXT );
Getcertpolicy (EXT );
}
Catch (exception E)
{
E. printstacktrace ();
Return;
}
}
// Use the accesskey
Public void getkeyusage (x509extensions ext)
{
Derobjectidentifier deroid = new derobjectidentifier ("2.5.29.15 ");
X509extension item = NULL;
Boolean iscritical;
Asn1octetstring value;
Try {
Item = ext. getextension (deroid );
Iscritical = item. iscritical ();
Value = item. getvalue ();
}
Catch (exception ex ){
Return;
}
System. Out. println (new string (Hex. encode (value. getoctets ())));
}
// Obtain the basic limits
Public void getbasicconstrains (x509extensions ext)
{
Byte [] bytes = getextensionbytes ("2.5.29.19", ext );
If (Bytes! = NULL)
{
Try
{
Derinputstream din = new derinputstream (New bytearrayinputstream (bytes ));
Asn1sequence seq = (asn1sequence) DIN. readobject ();
If (seq. Size () = 2)
{
If (derboolean) seq. getobjectat (0). istrue ())
{
Int pathlen = (derinteger) seq. getobjectat (1). getvalue (). intvalue ();
System. Out. println ("is a CA certificate \ t" + "Max path Len =" + pathlen );
}
Else
{
System. Out. println ("not a CA certificate! ");
}
}
Else if (seq. Size () = 1)
{
If (seq. getobjectat (0) instanceof derboolean)
{
If (derboolean) seq. getobjectat (0). istrue ())
{
System. Out. println (integer. max_value );
}
}
}
}
Catch (exception E)
{
Throw new runtimeexception ("error processing Key Usage extension ");
}
}
}
// Retrieve the CRL distribution point
Public void getcrlpoint (x509extensions ext)
{
Byte [] bycontent = getextensionbytes ("2.5.29.31", ext );
If (bycontent! = NULL)
{
Try
{
Derinputstream din = new derinputstream (New bytearrayinputstream (bycontent ));
Asn1sequence seq = (asn1sequence) DIN. readobject ();
Int dpcount = seq. Size ();
For (INT I = 0; I <dpcount; I ++)
{
// The first distribution point (distributionpoint)
Asn1sequence point1 = (asn1sequence) seq. getobjectat (I );
Derobject tobj = (dertaggedobject) point1.getobjectat (0 );
System. Out. println ("CRL distribution point" + (I + 1) + ":");
While (tobj instanceof dertaggedobject &&! (Dertaggedobject) tobj). isempty ())
{
System. Out. println ("\ ttagno:" + (dertaggedobject) tobj). gettagno ());
If (tobj instanceof dertaggedobject)
Tobj = (dertaggedobject) tobj). GetObject ();
}
Deroctetstring OS = (deroctetstring) tobj. getderobject ();
String STR = new string (OS. getoctets ());
System. Out. println ("\ t" + Str );
}
}
Catch (exception E)
{
System. Out. println ("An error occurred while processing the CRL distribution point! ");
}
}
}
// Certificate fetch Policy
Public void getcertpolicy (x509extensions ext)
{
Byte [] bycontent = getextensionbytes ("2.5.29.32", ext );
If (bycontent! = NULL)
{
Try
{
Derinputstream din = new derinputstream (New bytearrayinputstream (bycontent ));
Asn1sequence seq = (asn1sequence) DIN. readobject ();
// String dump = derdump. dumpasstring (SEQ );
// Debug the output statement
// System. Out. println ("certificate policy:" + dump );
For (INT I = 0; I <seq. Size (); I ++)
{
Getpolicyinfo (asn1sequence) seq. getobjectat (I ));
}
}
Catch (exception E)
{
E. printstacktrace ();
}
}
}
Private void getpolicyinfo (asn1sequence SEQ)
{
If (seq. Size () = 2)
{
Derobjectidentifier objid = (derobjectidentifier) seq. getobjectat (0 );
System. Out. println ("certificate policy ID:" + objid. GETID ());
Asn1sequence seqqualifier = (asn1sequence) seq. getobjectat (1 );
For (INT I = 0; I <seqqualifier. Size (); I ++)
Getpolicyqualifierinfo (asn1sequence) seqqualifier. getobjectat (I ));
}
Else
System. Out. println ("An error occurred while parsing policy declaration! ");
}
Private void getpolicyqualifierinfo (asn1sequence SEQ)
{
If (seq. Size () = 2)
{
Derobjectidentifier objid = (derobjectidentifier) seq. getobjectat (0 );
System. Out. println ("policy declaration identifier:" + objid. GETID ());
Deria5string ia5 = (deria5string) seq. getobjectat (1 );
System. Out. println ("Declaration content:" + ia5.getstring ());
}
}
Public static void main (string [] ARGs ){
Certmanager CM = new certmanager ();
Cm. getcert ();
}
}