复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452package test; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.PrintStream; import java.security.Key; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.Principal; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactorySpi; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Calendar; import java.util.Collection; import java.util.Date; import java.util.Enumeration; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import org.junit.Test; import sun.misc.BASE64Decoder; import sun.misc.BASE64Encoder; import sun.security.pkcs.ContentInfo; import sun.security.pkcs.PKCS10; import sun.security.pkcs.PKCS7; import sun.security.tools.KeyStoreUtil; import sun.security.x509.AlgorithmId; import sun.security.x509.CertificateAlgorithmId; import sun.security.x509.CertificateIssuerName; import sun.security.x509.CertificateSerialNumber; import sun.security.x509.CertificateSubjectName; import sun.security.x509.CertificateValidity; import sun.security.x509.CertificateVersion; import sun.security.x509.CertificateX509Key; import sun.security.x509.X500Name; import sun.security.x509.X500Signer; import sun.security.x509.X509CertImpl; import sun.security.x509.X509CertInfo; public class ReadKeyStoreTest { /** * 列出store中所有的私钥和公钥 以及签名信息 * * @param ks * @param storePass * @param priKeyPass * @throws Exception */ private void listKeyAndCertificate(KeyStore ks, String storePass, String priKeyPass) throws Exception { System.out.println("size=" + ks.size()); Enumeration enum1 = ks.aliases(); int i = 0; while (enum1.hasMoreElements()) { String alias = enum1.nextElement(); System.out.println("第" + (++i) + "个"); System.out.println("alias=" + alias); java.security.cert.Certificate c = ks.getCertificate(alias);// alias为条目的别名 readX509Certificate((X509Certificate) c); readPriKey(ks, alias, priKeyPass); } } /** * 列出store中私钥和cert chain信息 * * @param ks * @param alias * @param pass * @throws Exception */ private void readPriKey(KeyStore ks, String alias, String pass) throws Exception { Key key = ks.getKey(alias, pass.toCharArray()); if (null == key) { System.out.println("no priviate key of " + alias); return; } System.out.println(); System.out.println("algorithm=" + key.getAlgorithm()); System.out.println("format=" + key.getFormat()); System.out.println("toString=" + key); readCertChain(ks, alias); } /** * 列出store中 cert chain信息 * * @param ks * @param alias * @throws Exception */ private void readCertChain(KeyStore ks, String alias) throws Exception { Certificate[] certChain = ks.getCertificateChain(alias); System.out.println("chain of " + alias); if (null == certChain) { System.out.println("no chain"); return; } int i = 0; for (Certificate c : certChain) { System.out.println("index " + (i++) + " in chain of " + alias); readX509Certificate((X509Certificate) c); } } /** * 列出x509Certificate的基本信息 * * @param t */ private void readX509Certificate(X509Certificate t) { System.out.println(t); System.out.println("输出证书信息:n" + t.toString()); System.out.println("版本号:" + t.getVersion()); System.out.println("序列号:" + t.getSerialNumber().toString(16)); System.out.println("主体名:" + t.getSubjectDN()); System.out.println("签发者:" + t.getIssuerDN()); System.out.println("有效期:" + t.getNotBefore()); System.out.println("签名算法:" + t.getSigAlgName()); byte[] sig = t.getSignature();// 签名值 PublicKey pk = t.getPublicKey(); byte[] pkenc = pk.getEncoded(); System.out.println("签名 :"); for (int i = 0; i < sig.length; i++) System.out.print(sig[i] + ","); System.out.println(); System.out.println("公钥: "); for (int i = 0; i < pkenc.length; i++) System.out.print(pkenc[i] + ","); System.out.println(); } /** * 创建一个新的keystore * * @param storePass * @param storeType * PKCS12/JKS * @return * @throws Exception */ private KeyStore createKeyStore(String storePass, String storeType) throws Exception { KeyStore ks = KeyStore.getInstance(storeType); ks.load(null, storePass.toCharArray()); return ks; } /** * 加载一个已有的keyStore * * @param path * @param storePass * @param storeType * PKCS12/JKS * @return * @throws Exception */ private KeyStore loadKeyStore(String path, String storePass, String storeType) throws Exception { FileInputStream in = new FileInputStream(path); KeyStore ks = KeyStore.getInstance(storeType); ks.load(in, storePass.toCharArray()); in.close(); return ks; } /** * 从文件加载一个证书 * * @param path * @param certType * @return * @throws Exception */ private Certificate loadCert(String path, String certType) throws Exception { CertificateFactory cf = CertificateFactory.getInstance(certType); FileInputStream in = new FileInputStream(path); Certificate c = cf.generateCertificate(in); in.close(); return c; } /** * 生成一个由根证书签名的store * * @param rootStore * @param rootAlias * @param rootKeyPass * @param subjectStr * @param storeType * @param storePass * @param alg * @param keySize * @param keyPass * @return * @throws Exception */ public KeyStore generateSignedKeyStore(KeyStore rootStore, String rootAlias, String rootKeyPass, String subjectStr, String storeType, String storePass, String alias, String alg, int keySize, String keyPass) throws Exception { PrivateKey rootKey = null; X509CertImpl rootCert = null; X509CertInfo rootInfo = null; CertificateSubjectName rootsubject = null; // 签发者 X500Name issueX500Name = new X500Name(subjectStr); if (null != rootStore) { rootKey = (PrivateKey) rootStore.getKey(rootAlias, rootKeyPass.toCharArray()); rootCert = (X509CertImpl) rootStore.getCertificate(rootAlias); rootInfo = (X509CertInfo) rootCert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); rootsubject = (CertificateSubjectName) rootInfo .get(X509CertInfo.SUBJECT); issueX500Name = (X500Name) rootsubject .get(CertificateIssuerName.DN_NAME); } // 签发者 CertificateIssuerName issuerName = new CertificateIssuerName( issueX500Name); // 被签发者 X500Name subjectX500Name = new X500Name(subjectStr); CertificateSubjectName subjectName = new CertificateSubjectName( subjectX500Name); // 有效期设置 Calendar calendar = Calendar.getInstance(); Date startDate = calendar.getTime(); calendar.add(Calendar.DATE, 85); Date endDate = calendar.getTime(); CertificateValidity certificateValidity = new CertificateValidity( startDate, endDate); // 序列号 CertificateSerialNumber sn = new CertificateSerialNumber( (int) (startDate.getTime() / 1000L)); // 版本 CertificateVersion certVersion = new CertificateVersion( CertificateVersion.V3); // 算法 // TODO 获取算法的代码有问题 AlgorithmId algorithmId = new AlgorithmId( "RSA".equals(alg) ? AlgorithmId.sha1WithRSAEncryption_oid : AlgorithmId.sha1WithDSA_oid); // 密钥对 KeyPairGenerator keygen = KeyPairGenerator.getInstance(alg); keygen.initialize(keySize, new SecureRandom()); KeyPair kp = keygen.genKeyPair(); X509CertInfo certInfo = new X509CertInfo(); certInfo.set("version", certVersion); certInfo.set("serialNumber", sn); // localX500Signer.getAlgorithmId(); certInfo.set("algorithmID", new CertificateAlgorithmId(algorithmId)); certInfo.set("key", new CertificateX509Key(kp.getPublic())); certInfo.set("validity", certificateValidity); certInfo.set("subject", subjectName); certInfo.set("issuer", issuerName); // 扩展信息 // if (System.getProperty("sun.security.internal.keytool.skid") != // null) // { // CertificateExtensions localCertificateExtensions = new // CertificateExtensions(); // localCertificateExtensions.set("SubjectKeyIdentifier", new // SubjectKeyIdentifierExtension(new // KeyIdentifier(this.publicKey).getIdentifier())); // certInfo.set("extensions", localCertificateExtensions); // } X509CertImpl newcert = new X509CertImpl(certInfo); // TODO 这里的签名算法可能有问题 貌似应该用rootcert的签名算法 待测试 KeyStore ks = this.createKeyStore(storePass, storeType); Certificate[] certChain = null; // 如果rootStore为空 则生成自签名证书 if (null == rootStore) { newcert.sign(kp.getPrivate(), "SHA1WithRSA"); certChain = new Certificate[] { newcert }; } else { newcert.sign(rootKey, "SHA1WithRSA"); certChain = new Certificate[] { newcert, rootCert }; } // ks.setCertificateEntry("zrbin", newcert); ks.setKeyEntry(alias, kp.getPrivate(), keyPass.toCharArray(), certChain); return ks; } @Test public void testReadCer() throws Exception { String path = "d:\test.cer"; String certType = "X.509"; CertificateFactory cf = CertificateFactory.getInstance(certType); FileInputStream in = new FileInputStream(path); Collection cs = (Collection ) cf .generateCertificates(in); in.close(); System.out.println("size=" + cs.size()); for (Certificate c : cs) { readX509Certificate((X509Certificate) c); } } @Test public void testReadP12() throws Exception { String storePass = "123456"; String keyPass = "123456"; String path = "d:\zrbin.p12"; KeyStore ks = loadKeyStore(path, storePass, "PKCS12"); listKeyAndCertificate(ks, storePass, keyPass); } @Test public void testReadKeyStore() throws Exception { String storePass = "123456"; String keyPass = "123456"; String path = "d:\test.keystore"; KeyStore ks = loadKeyStore(path, storePass, "JCEKS"); listKeyAndCertificate(ks, storePass, keyPass); } @Test public void testExportCert() throws FileNotFoundException, Exception { String pass = "123456"; FileInputStream in = new FileInputStream("d:\zrbin.p12"); boolean rfc = true; KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(in, pass.toCharArray()); Certificate cert = ks.getCertificate("zrbin"); PrintStream out = new PrintStream("D:\zrbin.cer"); if (rfc) { BASE64Encoder encoder = new BASE64Encoder(); out.println("-----BEGIN CERTIFICATE-----"); encoder.encodeBuffer(cert.getEncoded(), out); out.println("-----END CERTIFICATE-----"); } else { out.write(cert.getEncoded()); } out.write(cert.getEncoded()); } @Test public void testImportCert() throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream storeIn = new FileInputStream("d:\server.keystore"); FileInputStream in = new FileInputStream("d:\zrbin.cer"); FileInputStream rootin = new FileInputStream("d:\root.cer"); X509CertImpl cert = (X509CertImpl) cf.generateCertificate(in); X509CertImpl rootcert = (X509CertImpl) cf.generateCertificate(rootin); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, "123456".toCharArray()); ks.deleteEntry("zrbin"); // ks.setCertificateEntry("zrbin", cert); ks.setCertificateEntry("root", rootcert); in.close(); FileOutputStream out = new FileOutputStream("d:\server.keystore"); ks.store(out, "123456".toCharArray()); } @Test public void testImportSigenedCert() throws Exception { String alias = "test"; CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream storeIn = new FileInputStream("d:\test.keystore"); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(storeIn, "123456".toCharArray()); PrivateKey priKey = (PrivateKey) ks.getKey(alias, "123456".toCharArray()); FileInputStream in = new FileInputStream("d:\test.cer"); Collection certCollection = (Collection ) cf .generateCertificates(in); System.out.println(certCollection.size()); if (certCollection.size() == 0) { System.out.println("没有要导入的证书"); return; } // 如果没有对应的私钥,直接导入certficateEntry if (null == priKey) { for (Certificate _cert : certCollection) { ks.setCertificateEntry(alias, _cert); break; } } else { Certificate importCert = null; for (Certificate cert : certCollection) { if (ks.getCertificate(alias).getPublicKey() .equals(cert.getPublicKey())) { importCert = cert; break; } } if (null == importCert) { System.out.println("错误:no replay cert"); } certCollection.remove(importCert); if (X509CertImpl.isSelfSigned((X509Certificate) importCert, null)) { System.out.println("证书未被ca签名,无需导入"); } else { // 构建认证链 List certList = new ArrayList ( ks.size()); Map cerMap = new HashMap (); Enumeration aliasEnum = ks.aliases(); // 把不包括当前回复的都加到map里 while (aliasEnum.hasMoreElements()) { String _alias = aliasEnum.nextElement(); if (!_alias.equals(alias)) { X509CertImpl _cert = (X509CertImpl) ks .getCertificate(_alias); cerMap.put(_cert.getSubjectDN(), _cert); } } for (Certificate cert : certCollection) { cerMap.put(((X509Certificate) cert).getSubjectDN(), cert); } certList.add(importCert); Principal issuerName = ((X509Certificate) importCert) .getIssuerDN(); while (cerMap.keySet().contains(issuerName)) { X509Certificate _rootCert = (X509Certificate) cerMap .remove(issuerName); if (null == _rootCert) { System.out.println(issuerName + "的根证书为空"); return; } certList.add(_rootCert); issuerName = _rootCert.getIssuerDN(); } X509CertImpl rootCert = (X509CertImpl) certList.get(certList .size() - 1); if (!X509CertImpl.isSelfSigned(rootCert, null)) { System.out.println("构建证书链错误,请先导入颁发者(" + issuerName + ")的CA证书"); return; } Certificate[] certChain = certList .toArray(new Certificate[certList.size()]); ks.setKeyEntry(alias, priKey, "123456".toCharArray(), certChain); } } in.close(); FileOutputStream out = new FileOutputStream("d:\test.keystore"); ks.store(out, "123456".toCharArray()); out.close(); } @Test public void testGenerateKeyStore() throws Exception { KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA"); KeyPair kp = kg.genKeyPair(); System.out.println(KeyStoreUtil.niceStoreTypeName("PKCS12")); System.out.println(kp.getPrivate()); System.out.println(kp.getPublic()); KeyStore ks = KeyStore.getInstance("JKS"); } @Test public void testX500Name() throws IOException, CertificateException { // for(byte i=48;i<=57;i++){ // System.out.println((char)i); // } // RFC 1779 (CN, L, ST, O, OU, C, STREET) // RFC 2253 (CN/name, L/location, ST/station, O/org, OU/orgunit, // C/country, STREET, DC, UID) X500Name subjectName = new X500Name( "CN=www.jiangtech.com,L=ZuChongZhi road,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"); X500Name subjectName1 = new X500Name( "CN=www.jiangtech.com,L=ZuChongZhi road,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"); // X509CertInfo certInfo = new X509CertInfo(); // certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( // subjectName)); System.out.println(subjectName.hashCode()); System.out.println(subjectName1.hashCode()); } /** * 证书验证 * * @throws Exception */ @Test public void testValidate() throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); // kpg.initialize() KeyPair kp = kpg.genKeyPair(); KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456", "JKS"); PrivateKey rootKey = (PrivateKey) rootStore.getKey("jdcert", "123456".toCharArray()); KeyStore store1 = this.loadKeyStore("d:/jd_signed.keystore", "123456", "JKS"); X509CertImpl rootCert = (X509CertImpl) rootStore .getCertificate("jdcert"); X509CertInfo rootInfo = (X509CertInfo) rootCert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); CertificateSubjectName rootsubject = (CertificateSubjectName) rootInfo .get(X509CertInfo.SUBJECT); Certificate[] chain = rootStore.getCertificateChain("jdcert"); rootCert.verify(kp.getPublic()); } /** * 测试签发证书 */ @Test public void testGenerateSignedKeyStore() { try { KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456", "JKS"); String rootAlias = "test"; String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"; String alg = "RSA"; String storeType = "JKS"; int keySize = 1024; String keyPass = "123456"; String rootKeyPass = "123456"; String storePass = "123456"; String alias = "test"; KeyStore ks = this.generateSignedKeyStore(null, rootAlias, rootKeyPass, subjectStr, storeType, storePass, alias, alg, keySize, keyPass); OutputStream out = new FileOutputStream( new File("d:/test.keystore")); ks.store(out, "123456".toCharArray()); } catch (Exception e) { e.printStackTrace(); } } /** * 测试签发证书 */ @Test public void testGenerateSecKeyStore() { try { String rootAlias = "test"; String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"; String alg = "DES"; String storeType = "JKS"; int keySize = 1024; String keyPass = "123456"; String rootKeyPass = "123456"; String storePass = "123456"; String alias = "test"; KeyStore ks = this.createKeyStore("123456", "JCEKS"); KeyGenerator keygen = KeyGenerator.getInstance("DES"); SecretKey secKey = keygen.generateKey(); ks.setKeyEntry(alias, secKey, "123456".toCharArray(),null); OutputStream out = new FileOutputStream( new File("d:/test.keystore")); ks.store(out, "123456".toCharArray()); } catch (Exception e) { e.printStackTrace(); } } @Test /** * 关于p7b的操作 未实现 */ public void testGeneratePKCS7KeyStore() { try { /*ContentInfo info = new ContentInfo(arg0); //PKCS7 pkcs7 = new PKCS7() String rootAlias = "test"; String subjectStr = "CN=zhaorb@jiangdatech.com,L=PU Dong,ST=Shang Hai,O=Jiangdatech,OU=ENTERPRISE APP,C=China,STREET=ZuChongZhi Road"; String alg = "DES"; String storeType = "JKS"; int keySize = 1024; String keyPass = "123456"; String rootKeyPass = "123456"; String storePass = "123456"; String alias = "test"; KeyStore ks = this.createKeyStore("123456", "PKCS7"); KeyGenerator keygen = KeyGenerator.getInstance("RSA"); //SecretKey secKey = keygen.generateKey(); //ks.setKeyEntry(alias, secKey, "123456".toCharArray(),null); OutputStream out = new FileOutputStream( new File("d:/test.keystore")); ks.store(out, "123456".toCharArray());*/ } catch (Exception e) { e.printStackTrace(); } } @Test public void testReadJCEKS() throws Exception{ KeyStore ks = this.loadKeyStore("D:/test.keystore","123456", "JCEKS"); Enumeration aliasEnum = ks.aliases(); while(aliasEnum.hasMoreElements()){ String alias = aliasEnum.nextElement(); SecretKeySpec secKey = (SecretKeySpec) ks.getKey(alias, "123456".toCharArray()); System.out.println(ks.getCertificate(alias)); //System.out.println(ks.); System.out.println(secKey.getClass()); System.out.println(secKey.getFormat()); System.out.println(secKey.getEncoded()); } } public PKCS10 readCsr() throws Exception { File f = new File("D:/test.csr"); InputStream in = new FileInputStream(f); ByteArrayOutputStream out = new ByteArrayOutputStream(1024); byte[] bytes = new byte[(int) f.length()]; in.read(bytes); String base64String = new String(bytes, "ISO-8859-1"); System.out.println(base64String); Pattern p = Pattern .compile("-----BEGIN NEW CERTIFICATE REQUEST-----([\s\S]*?)-----END NEW CERTIFICATE REQUEST-----([\s\S]*)"); BASE64Decoder decoder = new BASE64Decoder(); Matcher m = p.matcher(base64String); if (m.find()) { String s = m.group(1); System.out.println(s.trim()); byte[] bArray = decoder.decodeBuffer(s); PKCS10 csr = new PKCS10(bArray); System.out.println(csr); return csr; } throw new Exception("文件错误 ,无法读取csr"); } @Test public void testReadCsr() throws Exception { PKCS10 csr = readCsr(); } @Test public void createCsr() throws Exception { String storePass = "123456"; String alias = "test"; String alg = null; KeyStore ks = this.loadKeyStore("d:/test.keystore", storePass, "JKS"); Certificate cert = ks.getCertificate(alias); PrivateKey priKey = (PrivateKey) ks.getKey(alias, "123456".toCharArray()); PublicKey pubKey = cert.getPublicKey(); PKCS10 csr = new PKCS10(pubKey); String signAlg = null; if (alg == null) { alg = priKey.getAlgorithm(); if (("DSA".equalsIgnoreCase(alg)) || ("DSS".equalsIgnoreCase(alg))) signAlg = "SHA1WithDSA"; else if ("RSA".equalsIgnoreCase((String) alg)) signAlg = "SHA1WithRSA"; else throw new Exception("Cannot derive signature algorithm"); } Signature signature = Signature.getInstance(signAlg); signature.initSign(priKey); X500Name x500Name = new X500Name(((X509Certificate) cert) .getSubjectDN().toString()); X500Signer x500Signer = new X500Signer(signature, x500Name); ((PKCS10) csr).encodeAndSign(x500Signer); File f = new File("D:/test.csr"); if (f.exists()) { f.delete(); } ((PKCS10) csr).print(new PrintStream(new File("D:/test.csr"))); } /** * 签名 * * @throws Exception */ @Test public void testSignature() throws Exception { KeyStore rootStore = this.loadKeyStore("d:/root.keystore", "123456", "JKS"); PrivateKey rootKey = (PrivateKey) rootStore.getKey("root", "123456".toCharArray()); X509CertImpl rootX509Cert = (X509CertImpl) rootStore .getCertificate("root"); X500Name issuerX500Name = (X500Name) rootX509Cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO + "." + X509CertInfo.SUBJECT + "." + CertificateSubjectName.DN_NAME); // 有效期设置 Calendar calendar = Calendar.getInstance(); Date startDate = calendar.getTime(); calendar.add(Calendar.DATE, 85); Date endDate = calendar.getTime(); CertificateValidity certificateValidity = new CertificateValidity( startDate, endDate); // 序列号 CertificateSerialNumber sn = new CertificateSerialNumber( (int) (startDate.getTime() / 1000L)); PKCS10 csr = this.readCsr(); PublicKey pubKey = csr.getSubjectPublicKeyInfo(); X500Name subjectX500Name = csr.getSubjectName(); // TODO 未实现 Signature signature = Signature.getInstance("Sha1WithRSA"); X500Signer signer = new X500Signer(signature, subjectX500Name); AlgorithmId algorithmId = signer.getAlgorithmId(); X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( algorithmId)); info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( subjectX500Name)); info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerX500Name)); info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey)); info.set(X509CertInfo.VERSION, new CertificateVersion( CertificateVersion.V3)); info.set(X509CertInfo.VALIDITY, certificateValidity); info.set(X509CertInfo.SERIAL_NUMBER, sn); X509CertImpl newCert = new X509CertImpl(info); newCert.sign(rootKey, "SHA1WithRSA"); OutputStream out = new FileOutputStream("d:/test.cer"); out.write(newCert.getEncoded()); out.write(rootX509Cert.getEncoded()); out.close(); } }
最后
以上就是义气高山最近收集整理的关于java实现安全证书相关操作的全部内容,更多相关java实现安全证书相关操作内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复