X509 证书 检验是否过期,私钥签名,公钥验签
项目中用到的关于X509证书的一些操作,
里面lang3的依赖
package org.aisino.fabric.utils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Set;
import org.aisino.fabric.sdk.AppStore;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;
public class CertificateUtil {
// 判断用户名和证书是否一致
public static boolean checkCert(String name, String certFilePath) {
boolean bool = false;
if (name != null && certFilePath != null) {
try {
File file = new File(certFilePath);
if (file.exists()) {
// 数据输入流
FileInputStream in = new FileInputStream(file);
// 创建X509工厂类
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// 创建证书对象
X509Certificate oCert = (X509Certificate) cf.generateCertificate(in);
// 获取扩展项字段Set集合
Set
// 遍历扩展项字段得到用户标识
for (String set1 : set) {
// 根据字段名得到用户标识值
byte[] extensionValDERCode = oCert.getExtensionValue(set1);
if (extensionValDERCode != null) {
// 扩展域值的bytes
byte[] extensionValBytes = ArrayUtils.subarray(extensionValDERCode, 2, extensionValDERCode.length);
String nameCheck = new String(extensionValBytes);
if (name.equals(nameCheck)) {
// System.out.println("用户名与证书匹配");
bool = true;
break;
}
}
}
}
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
return bool;
}
// 获取证书对象
public static Certificate getCertificate(String certFilePath) throws Exception {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
try (FileInputStream in = new FileInputStream(certFilePath);) {
return certificateFactory.generateCertificate(in);
}
}
// 获得证书拥有者
public static String getName(String certFilePath) throws Exception {
File file = new File(certFilePath);
// 数据输入流
FileInputStream in = new FileInputStream(file);
// 创建X509工厂类
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// 创建证书对象
X509Certificate oCert = (X509Certificate) cf.generateCertificate(in);
return oCert.getSubjectDN().getName();
}
// 从certificate中获取公钥
public static PublicKey getPublicKey(String certFilePath) throws Exception {
Certificate certificate = getCertificate(certFilePath);
PublicKey keubKey = certificate.getPublicKey();
return keubKey;
}
// 获得私钥
public static PrivateKey getPrivateKey(String keyFilePath) throws SignatureException {
// 取得私钥
PrivateKey privateKey = null;
try {
privateKey = AppStore.getPrivateKeyFromBytes(IOUtils.toByteArray(new FileInputStream(new File(keyFilePath))));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return privateKey;
}
// 判断证书是否过期 传入的是私钥路径和证书路径 ======
public static boolean verifyCertificate(Date date, String certFilePath) {
boolean status = true;
if (certFilePath != null) {
try {
File file = new File(certFilePath);
if (file.exists()) {
FileInputStream in = new FileInputStream(file);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(in);
x509Certificate.checkValidity(date);
}
} catch (Exception e) {
e.printStackTrace();
status = false;
}
}
return status;
}
// 判断证书是否过期 传入的是私钥和证书===============
public static boolean verifyCertificateb(Date date, byte[] cert) {
boolean status = true;
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(in);
x509Certificate.checkValidity(date);
} catch (Exception e) {
e.printStackTrace();
status = false;
}
return status;
}
// 判断证书是否过期 传入的是私钥和证书
public static boolean verifyCertificateb(Date date, Certificate cert) {
boolean status = true;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cert;
x509Certificate.checkValidity(date);
} catch (Exception e) {
e.printStackTrace();
status = false;
}
return status;
}
// 利用私钥加密 传入的用户路径=========
public static byte[] sign(byte[] data, File privateKeyFile, String certFilePath) throws SignatureException {
X509Certificate cer = null;
// 构建签名
Signature signature = null;
if (certFilePath != null) {
// 获得证书
try (FileInputStream in = new FileInputStream(new File(certFilePath))) {
cer = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得私钥
PrivateKey privateKey = null;
try {
privateKey = AppStore.getPrivateKeyFromBytes(IOUtils.toByteArray(new FileInputStream(privateKeyFile)));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature = Signature.getInstance(cer.getSigAlgName());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.initSign(privateKey);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.update(data);
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return signature.sign();
}
// 利用私钥加密 传入的是用户私钥证书====================
public static byte[] signb(byte[] data, byte[] key, byte[] cert) throws SignatureException {
X509Certificate cer = null;
// 构建签名
Signature signature = null;
if (cert != null) {
// 获得证书ByteArrayInputStream is = new ByteArrayInputStream(keyStore)
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
cer = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得私钥
PrivateKey privateKey = null;
try {
privateKey = AppStore.getPrivateKeyFromBytes(IOUtils.toByteArray(new ByteArrayInputStream(key)));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature = Signature.getInstance(cer.getSigAlgName());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.initSign(privateKey);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.update(data);
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return signature.sign();
}
// 利用私钥加密 传入的是用户私钥证书=============
public static byte[] signb(byte[] data, PrivateKey privateKey, byte[] cert) throws SignatureException {
X509Certificate cer = null;
// 构建签名
Signature signature = null;
if (cert != null) {
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
cer = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
try {
signature = Signature.getInstance(cer.getSigAlgName());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.initSign(privateKey);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.update(data);
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return signature.sign();
}
// 用私钥加密,公钥解密,判断私钥公钥是否匹配 传入的是私钥路径和证书路径============
public static boolean verify(byte[] data, byte[] sign, String certFilePath) throws Exception {
X509Certificate x509Certificate = null;
// 获得证书
try (FileInputStream in = new FileInputStream(new File(certFilePath))) {
x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
// 用私钥加密,公钥解密,判断私钥公钥是否匹配 传入的是私钥和证书============
public static boolean verifyb(byte[] data, byte[] sign, byte[] cert) throws Exception {
X509Certificate x509Certificate = null;
// 获得证书
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
// 用私钥加密,公钥解密,判断私钥公钥是否匹配 传入的是私钥和证书
public static boolean verifyb(byte[] data, byte[] sign, Certificate cert) throws Exception {
X509Certificate x509Certificate = null;
x509Certificate = (X509Certificate) cert;
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
}
下面的是AppStore类里面的获取私钥的方法
static {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
//通过私钥文件的内容获得私钥
public static PrivateKey getPrivateKeyFromBytes(byte[] data) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
final Reader pemReader = new StringReader(new String(data));
final PrivateKeyInfo pemPair;
try (PEMParser pemParser = new PEMParser(pemReader)) {
// pemPair = (PrivateKeyInfo) pemParser.readObject();
pemPair = ((PEMKeyPair) pemParser.readObject()).getPrivateKeyInfo();
}
PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getPrivateKey(pemPair);
return privateKey;
}
当时自己什么也不懂,第一次接触X509证书,查了很多资料,感觉还是这个最靠谱 :http://crepzl.blog.sohu.com/234046708.html