Current location - Quotes Website - Personality signature - Write a Java program to digitally sign the specified text (with random text examples).
Write a Java program to digitally sign the specified text (with random text examples).
One: Packages to be included

Import java.security. *;

Import java.io. *;

Import java.util. *;

Import java.security. *;

Import java.security.cert. *;

Import sun.security.x509.*

Import java.security.cert.certificate;

Import java.security.cert.certificatefactory;

Second, read the certificate from the file.

Use keytool to write the certificate to. The key is stored in a file and then the certificate information is read from the file.

certificate factory cf = certificate factory . getinstance(" x . 509 ");

file inputstream in = new file inputstream(" out . CSR ");

Certificate c = cf.generatecertificate (in);

string s = c . tostring();

Third, read the certificate directly from the keystore.

string pass = " 123456 ";

file inputstream in = new file inputstream("。 keystore”);

KeyStore ks = KeyStore . getinstance(" JKS ");

ks.load(in,pass . tochararray());

Java.security.cert.certificate c = ks.getcertificate (alias); //alias is the alias of the item.

Fourth, display the certificate designation information in the JAVA program.

System.out.println ("output certificate information: \ n"+c.tostring ());

System.out.println ("version number:"+t.getversion ());

System.out.println ("serial number:" +t.getserialnumber ()). tostring( 16));

System.out.println ("topic name:"+t.getsubjectdn ());

system . out . println(" Issuer:"+t . getissuerdn());

System.out.println ("expiration date:"+t.getnotbefore ());

System.out.println ("signature algorithm:"+t.getsigalname ());

byte[]SIG = t . get signature(); //Signature value

public key PK = t . get public key();

byte[]pkenc = PK . get encoded();

System.out.println ("public key");

for(int I = 0; I & ltpkenc.lengthi++) system.out.print (pkenc [I]+",");

Five: The JAVA program lists all the items in the keystore.

string pass = " 123456 ";

file inputstream in = new file inputstream("。 keystore”);

KeyStore ks = KeyStore . getinstance(" JKS ");

ks.load(in,pass . tochararray());

Enumeration e = ks.aliases ();

while(e.hasMoreElements())

Java . security . cert . certificate c = ks . get certificate((String)e . nextelement());

Six: JAVA programs modify the password of the keystore.

string old pass = " 123456 ";

string new pass = " 65432 1 ";

file inputstream in = new file inputstream("。 keystore”);

KeyStore ks = KeyStore . getinstance(" JKS ");

ks.load(in,old pass . tochararray());

in . close();

file output stream output = new file output stream("。 keystore”);

ks.store(output,new pass . tochararray());

output . close();

Seven: JAVA programs modify the password of keystore entries and add entries.

file inputstream in = new file inputstream("。 keystore”);

KeyStore ks = KeyStore . getinstance(" JKS ");

ks.load(in,store pass . tochararray());

Certificate [] ccchain = ks.getcertificate (alias); Obtain the certificate chain of the entry corresponding to the alias.

Privatekey PK = (privatekey) ks.getkey (alias, oldkeypass.tochararray ()); Gets the private key of the entry corresponding to the alias.

Ks.setKeyEntry (alias, pk, newkeypass.toCharArray (), CCChain); Add an entry to the keystore

The first parameter specifies the alias of the added entry. If an existing alias is used, the existing entry will be overwritten, and if a new alias is used, a new entry will be added. The second parameter is the private key of the entry, the third is the set new password, and the fourth is the certificate chain of the public key of the private key.

file output stream output = new file output stream(" another ");

Ks.store (output, storepass.tochararray ()) writes the contents of the keystore object to a new file.

Eight: JAVA programs check aliases and delete entries.

file inputstream in = new file inputstream("。 keystore”);

KeyStore ks = KeyStore . getinstance(" JKS ");

ks.load(in,store pass . tochararray());

ks . contains alias(" sage "); Checks whether the entry is in the keystore, and returns true if it exists.

ks . delete entry(" sage "); Delete the entry corresponding to the alias

file output stream output = new file output stream("。 keystore”);

KS。 Store (output, storepass. Tochararray ()) writes the contents of the keystore object to a file, and the entry is successfully deleted.

Nine: JAVA programs issue digital certificates

(1) Read the certificate of CA from the keystore.

file inputstream in = new file inputstream("。 keystore”);

KeyStore ks = KeyStore . getinstance(" JKS ");

ks.load(in,store pass . tochararray());

Java . security . cert . certificate c 1 = ks . get certificate(" ca root ");

(2) Read the private key of CA from the keystore

Privatekey caprk = (privatekey) ks.getkey (alias, cakeypass.tochararray ());

(3) Extract the information of the issuer from the CA certificate.

byte[]encode 1 = c 1 . get encoded(); Extract the code of the CA certificate

x 509 certi mpl cimp 1 = new x 509 certi mpl(encod 1); Use this encoding to create an object of type X509CertImpl.

x 509 cert info cinfo 1 =(x 509 cert info)cimp 1 . get(x 509 cert impl。 Name+""+“”+X509CertImpl. INFO); Gets the X509CertInfo object.

x500 name issuer =(x500 name)cinfo 1 . get(x509 certinfo。 Subject+""+“”+CertificateIssuerName. DN _ NAME); Gets issuer information of type X509Name.

(4) Obtain the certificate to be issued.

certificate factory cf = certificate factory . getinstance(" x . 509 ");

file inputstream in2 = new file inputstream(" user . CSR ");

Java . security . cert . certificate C2 = cf . generate certificate(in);

(5) extracting certificate information from the certificate to be issued.

byte[]encode 2 = C2 . get encoded();

x 509 certi mpl cimp 2 = new x 509 certi mpl(encode 2); Use this encoding to create an object of type X509CertImpl.

x 509 cert info cinfo 2 =(x 509 cert info)cimp 2 . get(x 509 cert impl。 Name+""+“”+X509CertImpl. INFO); Gets the X509CertInfo object.

(6) Set the validity period of the new certificate

Date begindate = new date (); Get the current time

Date end Date = new Date(begin Date . gettime()+3000 * 24 * 60 * 60 * 1000 l); Valid for 3000 days.

CertificateValidity cv = new CertificateValidity(begindate, end date); Create object

cinfo2.set(X509CertInfo。 Validity, cv); Set validity period

(7) Set the number of the new certificate

int sn =(int)(begin date . gettime()/ 1000); Use the current time as the serial number.

CertificateSerialNumber csn = new certificate serial number (sn);

cinfo2.set(X509CertInfo。 SERIAL_NUMBER,csn);

(8) Establish a new certification authority.

cinfo2.set(X509CertInfo。 Issuer+"". +CertificateIssuerName。 DN_NAME,issuer); Apply the result of the third step.

(9) Set new certificate signing algorithm information.

algorithm id algorithm = new algorithm id(algorithm id . MD 5 withrsaencryption _ oid);

cinfo 2 . set(certificate algorithmid。 Name+""+“”+CertificateAlgorithmId. Algorithm, algorithm);

(10) Create a certificate and sign it with the private key of the CA.

x 509 certi mpl new cert = new x 509 certi mpl(cinfo 2);

newcert.sign(caprk," MD 5 with RSA "); Sign it with the CA private key.

(1 1) Write the new certificate into the keystore.

ks . setcertificate entry(" lf _ signed ",new cert);

file output stream out = new file output stream(" new store ");

ks.store(out,“newpass”。 toCharArray()); Here, a new keystore is written. You can also use article 7 to add entries.

X. Inspection of digital certificates

(1) Verify the validity of the certificate.

(a) Get the x509 certificate type object.

certificate factory cf = certificate factory . getinstance(" x . 509 ");

file inputstream in 1 = new file inputstream(" aa . CRT ");

Java . security . cert . certificate c 1 = cf . generate certificate(in 1);

x509 certificate t =(x509 certificate)c 1;

in2 . close();

(b) date of acquisition

Date time now = new Date();

Test validity

Try {

t . check validity(time now);

system . out . println(" OK ");

} catch (certificate expiration exception e){// expired.

System.out.println ("expired");

system . out . println(e . getmessage());

} catch ((certificatenotyetvalidexception e) {//has not yet taken effect.

System.out.println ("too early");

system . out . println(e . getmessage()); }

(2) Verify the validity of the certificate signature

(a) Obtaining a certificate from a certification body

certificate factory cf = certificate factory . getinstance(" x . 509 ");

file inputstream in2 = new file inputstream(" ca root . CRT ");

Java . security . cert . certificate CAC = cf . generate certificate(in2);

in2 . close();

(c) obtaining the public key of the CA.

public key pbk = CAC . get public key();

(b) Obtain the certificate to be checked (obtained in the previous step, that is, C 1).

(c) inspection certificate

Boolean transitivity = false;

Try {

c 1 . verify(pbk);

Pass = true;

}catch (exception e){

Pass = false;

system . out . println(e);

}