数字证书JAVA 后台处理

于 2010-05-30 18:13:16 发布
阅读量127 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: J2SE 文章标签: Java Security 算法
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/kakak12/article/details/83636284
本文介绍了一种使用Java处理数字证书的方法,并演示了如何读取数字证书信息、加密数据及进行数字签名验证等关键步骤。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

package com.gg.test;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;



public class TestSecurity {

	public static void main(String[] args){
		String caName="c:\\certificate.crt";
		TestSecurity ts = new TestSecurity();
		System.out.println("****读出数字证书******");
		ts.readNormal(caName);
		System.out.println("*****以字符串形式读出证书中得所有信息*****");
		ts.readBin(caName);
		
	}
	
	//读出证书方法
	public int readNormal(String caName){
		try {
			CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); //载入证书类型
			InputStream is = new FileInputStream(caName);//输入文件
			X509Certificate x509certificate =(X509Certificate) certFactory.generateCertificate(is);//解释输入文件
			/*打印一系列信息*/
			System.out.println( "类型: "+x509certificate.getType());//类型,此处为X.509
			System.out.println( "版本: "+x509certificate.getVersion());//版本
			System.out.println( "标题: "+x509certificate.getSubjectDN().getName());//标题
			System.out.println( "得到开始的有效日期: "+x509certificate.getNotBefore().toString());//得到开始的有效日期
			System.out.println( "得到截止的日期: "+x509certificate.getNotAfter().toString());//得到截止的日期
			System.out.println( "得到序列号: "+x509certificate.getSerialNumber().toString(16));//得到序列号
			System.out.println( "得到发行者名: "+x509certificate.getIssuerDN().getName());//得到发行者名
			System.out.println( "得到签名算法: "+x509certificate.getSigAlgName());//得到签名算法
			System.out.println( "得到公钥算法: "+x509certificate.getPublicKey().getAlgorithm());//得到公钥算法
			
			is.close();//关闭流
		} catch (Exception e) {
			e.printStackTrace();
			return -1;
		}
		return 0;
	}
	
	//以字符串形式读出证书中得所有信息
	public int readBin(String caName){
		try {
			InputStream is = new FileInputStream(caName);
			DataInputStream dis = new DataInputStream(is);
			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
			byte[] bytes = new byte[dis.available()];
			dis.readFully(bytes);
			ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
			while(bais.available()>0){
				X509Certificate cert = (X509Certificate) certFactory.generateCertificate(bais);
				
				System.out.println(cert.toString());
			}
			is.close();
			dis.close();
		} catch (Exception e) {
			e.printStackTrace();
			return -1;
		}
		return 0;	
	}
	/*
	 * 使用自签证书实例
	 */
	public static void crypt(byte[] cipherText,String file){
		try {
			//生成公钥
			KeyGenerator keyGen = KeyGenerator.getInstance("DES");
			keyGen.init(56);
			Key key = keyGen.generateKey();
			
			//生成DES的Cipher
			Cipher cdes =Cipher.getInstance("DES");
			cdes.init(Cipher.ENCRYPT_MODE, key);
			byte[] ct = cdes.doFinal(cipherText);
			
			try {
				//加密后的文件写回磁盘
				FileOutputStream out = new FileOutputStream(file);
				out.write(ct);
				out.close();
			} catch (Exception e) {
				// TODO: handle exception
				e.printStackTrace();
			}
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
		}
	}
	/*
	 * 把消息发送给CA进行消息签名,或者说生成数字证书
	 */
	public void signature(byte[] sigText,String file,String pswd,String keyStore,String alias){
		char[] kpass;
		int i;
		try {
			KeyStore ks = KeyStore.getInstance("JKS");
			
			//keyStore默认为名字为.keyStore得隐藏文件,在用户的主目录下
			BufferedInputStream ksbufin = new BufferedInputStream(new FileInputStream(keyStore));
			
			//访问keyStore的密码
			kpass = new char[pswd.length()];
			for(i=0;i<pswd.length();i++){
				kpass[i]= pswd.charAt(i);
			};
			ks.load(ksbufin,kpass);
			
			//取得CA得私钥来进行数字签名
			PrivateKey priv =(PrivateKey)ks.getKey(alias, kpass);
			Signature rsa = Signature.getInstance("MD5withRSA");
			rsa.initSign(priv);
			rsa.update(sigText);
			byte[] sig = rsa.sign();
			System.out.println("sig is done");
			try {
				FileOutputStream out = new FileOutputStream(file);
				out.write(sig);
				out.close();
			} catch (Exception e) {
				// TODO: handle exception
				e.printStackTrace();
			}
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
		}
	}
	/*
	 * 接收消息对数字证书进行验证
	 */
	public static void veriSignature(byte[] updateData,byte[] sigedText,String certName){
		try {
			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
			FileInputStream fin = new FileInputStream(certName);
			X509Certificate cert = (X509Certificate) certFactory.generateCertificate(fin);
			
			//通过自签证书获得公钥
			PublicKey pub = cert.getPublicKey();
			Signature rsa = Signature.getInstance("MD5withRSA");
			rsa.initVerify(pub);
			rsa.update(updateData);
			//验证
			boolean verifies = rsa.verify(sigedText);
			System.out.println("verified "+ verifies);
			if(verifies){
				System.out.println("Verify is done!");
			}else{
				System.out.println("verify is not successful");
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		
	}
}

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值