Current location - Quotes Website - Personality signature - How does java verify that the file is a digital signature authentication file?
How does java verify that the file is a digital signature authentication file?
1) reads the certificate of the CA from the keystore.

file inputstream in = new file inputstream("。 keystore”);

KeyStore ks = KeyStore . getinstance(" JKS ");

ks.load(in,store pass . tochararray());

Java . security . cert . certificate c 1 = ks . get certificate(" ca root ");

(2) Read the private key of CA from the keystore

Privatekey caprk = (privatekey) ks.getkey (alias, cakeypass.tochararray ());

(3) Extract the information of the issuer from the CA certificate.

byte[]encode 1 = c 1 . get encoded(); Extract the code of the CA certificate

x 509 certi mpl cimp 1 = new x 509 certi mpl(encod 1); Use this encoding to create an object of type X509CertImpl.

x 509 cert info cinfo 1 =(x 509 cert info)cimp 1 . get(x 509 cert impl。 Name+""+“”+X509CertImpl. INFO); Gets the X509CertInfo object.

x500 name issuer =(x500 name)cinfo 1 . get(x509 certinfo。 Subject+""+“”+CertificateIssuerName. DN _ NAME); Gets issuer information of type X509Name.

(4) Obtain the certificate to be issued.

certificate factory cf = certificate factory . getinstance(" x . 509 ");

file inputstream in2 = new file inputstream(" user . CSR ");

Java . security . cert . certificate C2 = cf . generate certificate(in);

(5) extracting certificate information from the certificate to be issued.

byte[]encode 2 = C2 . get encoded();

x 509 certi mpl cimp 2 = new x 509 certi mpl(encode 2); Use this encoding to create an object of type X509CertImpl.

x 509 cert info cinfo 2 =(x 509 cert info)cimp 2 . get(x 509 cert impl。 Name+""+“”+X509CertImpl. INFO); Gets the X509CertInfo object.

(6) Set the validity period of the new certificate

Date begindate = new date (); Get the current time

Date end Date = new Date(begin Date . gettime()+3000 * 24 * 60 * 60 * 1000 l); Valid for 3000 days.

CertificateValidity cv = new CertificateValidity(begindate, end date); Create object

cinfo2.set(X509CertInfo。 Validity, cv); Set validity period

(7) Set the number of the new certificate

int sn =(int)(begin date . gettime()/ 1000); Use the current time as the serial number.

CertificateSerialNumber csn = new certificate serial number (sn);

cinfo2.set(X509CertInfo。 SERIAL_NUMBER,csn);

(8) Establish a new certification authority.

cinfo2.set(X509CertInfo。 Issuer+"". +CertificateIssuerName。 DN_NAME,issuer); Apply the result of the third step.

(9) Set new certificate signing algorithm information.

algorithm id algorithm = new algorithm id(algorithm id . MD 5 withrsaencryption _ oid);

cinfo 2 . set(certificate algorithmid。 Name+""+“”+CertificateAlgorithmId. Algorithm, algorithm);

(10) Create a certificate and sign it with the private key of the CA.

x 509 certi mpl new cert = new x 509 certi mpl(cinfo 2);

newcert.sign(caprk," MD 5 with RSA "); Sign it with the CA private key.

(1 1) Write the new certificate into the keystore.

ks . setcertificate entry(" lf _ signed ",new cert);

file output stream out = new file output stream(" new store ");

ks.store(out,“newpass”。 toCharArray()); Here, a new keystore is written. You can also use article 7 to add entries.