X509 证书 检验是否过期,私钥签名,公钥验签
项目中用到的关于X509证书的一些操作,
里面lang3的依赖
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.4</version>
</dependency>
package org.aisino.fabric.utils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Set;
import org.aisino.fabric.sdk.AppStore;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;
public class CertificateUtil {
// 判断用户名和证书是否一致
public static boolean checkCert(String name, String certFilePath) {
boolean bool = false;
if (name != null && certFilePath != null) {
try {
File file = new File(certFilePath);
if (file.exists()) {
// 数据输入流
FileInputStream in = new FileInputStream(file);
// 创建X509工厂类
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// 创建证书对象
X509Certificate oCert = (X509Certificate) cf.generateCertificate(in);
// 获取扩展项字段Set集合
Set<String> set = oCert.getNonCriticalExtensionOIDs();
// 遍历扩展项字段得到用户标识
for (String set1 : set) {
// 根据字段名得到用户标识值
byte[] extensionValDERCode = oCert.getExtensionValue(set1);
if (extensionValDERCode != null) {
// 扩展域值的bytes
byte[] extensionValBytes = ArrayUtils.subarray(extensionValDERCode, 2, extensionValDERCode.length);
String nameCheck = new String(extensionValBytes);
if (name.equals(nameCheck)) {
// System.out.println("用户名与证书匹配");
bool = true;
break;
}
}
}
}
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
return bool;
}
// 获取证书对象
public static Certificate getCertificate(String certFilePath) throws Exception {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
try (FileInputStream in = new FileInputStream(certFilePath);) {
return certificateFactory.generateCertificate(in);
}
}
// 获得证书拥有者
public static String getName(String certFilePath) throws Exception {
File file = new File(certFilePath);
// 数据输入流
FileInputStream in = new FileInputStream(file);
// 创建X509工厂类
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// 创建证书对象
X509Certificate oCert = (X509Certificate) cf.generateCertificate(in);
return oCert.getSubjectDN().getName();
}
// 从certificate中获取公钥
public static PublicKey getPublicKey(String certFilePath) throws Exception {
Certificate certificate = getCertificate(certFilePath);
PublicKey keubKey = certificate.getPublicKey();
return keubKey;
}
// 获得私钥
public static PrivateKey getPrivateKey(String keyFilePath) throws SignatureException {
// 取得私钥
PrivateKey privateKey = null;
try {
privateKey = AppStore.getPrivateKeyFromBytes(IOUtils.toByteArray(new FileInputStream(new File(keyFilePath))));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return privateKey;
}
// 判断证书是否过期 传入的是私钥路径和证书路径 ======
public static boolean verifyCertificate(Date date, String certFilePath) {
boolean status = true;
if (certFilePath != null) {
try {
File file = new File(certFilePath);
if (file.exists()) {
FileInputStream in = new FileInputStream(file);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(in);
x509Certificate.checkValidity(date);
}
} catch (Exception e) {
e.printStackTrace();
status = false;
}
}
return status;
}
// 判断证书是否过期 传入的是私钥和证书===============
public static boolean verifyCertificateb(Date date, byte[] cert) {
boolean status = true;
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(in);
x509Certificate.checkValidity(date);
} catch (Exception e) {
e.printStackTrace();
status = false;
}
return status;
}
// 判断证书是否过期 传入的是私钥和证书
public static boolean verifyCertificateb(Date date, Certificate cert) {
boolean status = true;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) cert;
x509Certificate.checkValidity(date);
} catch (Exception e) {
e.printStackTrace();
status = false;
}
return status;
}
// 利用私钥加密 传入的用户路径=========
public static byte[] sign(byte[] data, File privateKeyFile, String certFilePath) throws SignatureException {
X509Certificate cer = null;
// 构建签名
Signature signature = null;
if (certFilePath != null) {
// 获得证书
try (FileInputStream in = new FileInputStream(new File(certFilePath))) {
cer = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得私钥
PrivateKey privateKey = null;
try {
privateKey = AppStore.getPrivateKeyFromBytes(IOUtils.toByteArray(new FileInputStream(privateKeyFile)));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature = Signature.getInstance(cer.getSigAlgName());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.initSign(privateKey);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.update(data);
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return signature.sign();
}
// 利用私钥加密 传入的是用户私钥证书====================
public static byte[] signb(byte[] data, byte[] key, byte[] cert) throws SignatureException {
X509Certificate cer = null;
// 构建签名
Signature signature = null;
if (cert != null) {
// 获得证书ByteArrayInputStream is = new ByteArrayInputStream(keyStore)
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
cer = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得私钥
PrivateKey privateKey = null;
try {
privateKey = AppStore.getPrivateKeyFromBytes(IOUtils.toByteArray(new ByteArrayInputStream(key)));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature = Signature.getInstance(cer.getSigAlgName());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.initSign(privateKey);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.update(data);
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return signature.sign();
}
// 利用私钥加密 传入的是用户私钥证书=============
public static byte[] signb(byte[] data, PrivateKey privateKey, byte[] cert) throws SignatureException {
X509Certificate cer = null;
// 构建签名
Signature signature = null;
if (cert != null) {
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
cer = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
try {
signature = Signature.getInstance(cer.getSigAlgName());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.initSign(privateKey);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
signature.update(data);
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return signature.sign();
}
// 用私钥加密,公钥解密,判断私钥公钥是否匹配 传入的是私钥路径和证书路径============
public static boolean verify(byte[] data, byte[] sign, String certFilePath) throws Exception {
X509Certificate x509Certificate = null;
// 获得证书
try (FileInputStream in = new FileInputStream(new File(certFilePath))) {
x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
// 用私钥加密,公钥解密,判断私钥公钥是否匹配 传入的是私钥和证书============
public static boolean verifyb(byte[] data, byte[] sign, byte[] cert) throws Exception {
X509Certificate x509Certificate = null;
// 获得证书
try (ByteArrayInputStream in = new ByteArrayInputStream(cert)) {
x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(in);
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
// 用私钥加密,公钥解密,判断私钥公钥是否匹配 传入的是私钥和证书
public static boolean verifyb(byte[] data, byte[] sign, Certificate cert) throws Exception {
X509Certificate x509Certificate = null;
x509Certificate = (X509Certificate) cert;
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
}
下面的是AppStore类里面的获取私钥的方法
static {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
//通过私钥文件的内容获得私钥
public static PrivateKey getPrivateKeyFromBytes(byte[] data) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
final Reader pemReader = new StringReader(new String(data));
final PrivateKeyInfo pemPair;
try (PEMParser pemParser = new PEMParser(pemReader)) {
// pemPair = (PrivateKeyInfo) pemParser.readObject();
pemPair = ((PEMKeyPair) pemParser.readObject()).getPrivateKeyInfo();
}
PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getPrivateKey(pemPair);
return privateKey;
}
当时自己什么也不懂,第一次接触X509证书,查了很多资料,感觉还是这个最靠谱 :http://crepzl.blog.sohu.com/234046708.html
X509 证书 检验是否过期,私钥签名,公钥验签相关推荐
- asp版 vbscript RSA公钥加密 / 私钥解密 / 私钥签名 / 公钥验签(支持中文)分段加密解密
最近有空在把自己的asp站点后端函数全部整理了下,在弄RSA的时候遇到了坑了,然后找到下面这位兄弟刚好发布的文章: https://blog.csdn.net/todaygods/article/de ...
- ASP VBSCRIPT VBA RSA 公钥加密 私钥解密 私钥签名 公钥验签
<% '@title: Class_Crypt_Rsa '@author: ekede.com '@date: 2020-10-28 '@description: RSA 公钥加密->私钥 ...
- 分享一个RSA加解密工具类,公钥加密私钥解密、私钥加密公钥解密、私钥签名公钥验签、生成公钥私钥
测试: public static void main(String[] args) {try {//生成公钥私钥Map<String, Object> map = RSAUtil.ini ...
- 记录微信获取平台证书支付错误 错误的签名,验签失败
错误的签名,验签失败 前言 解决方案 前言 我这里使用的是 微信支付 v3 sdk,sdk会帮我拼接签名,所以我初步判断是公司给我证书序列号错误 // 加载平台证书(mchId:商户号,mchSeri ...
- 网络--keytool自签名SSL证书(免费)以及私钥签名、公钥验签
本文主要介绍keytool自签名SSL证书(免费)以及私钥签名.公钥验签流程,点击查看keytool CA签名SSL证书(收费) 最近给银行做一个系统,虽说是给行内使用的,但是系统要同时支持内外网方式 ...
- HTTPS、证书机构(CA)、证书、数字签名、私钥、公钥
说到https,我们就不得不说tls/ssl,那说到tls/ssl,我们就不得不说证书机构(CA).证书.数字签名.私钥.公钥.对称加密.非对称加密.这些到底有什么用呢,正所谓存在即合理,这篇文章我就 ...
- 一文看懂HTTPS、证书机构(CA)、证书、数字签名、私钥、公钥
君问归期未有期 说到https,我们就不得不说tls/ssl,那说到tls/ssl,我们就不得不说证书机构(CA).证书.数字签名.私钥.公钥.对称加密.非对称加密.这些到底有什么用呢,正所谓存在即合 ...
- 公钥加密,私钥解密;私钥签名,公钥验签。
加密.解密:这个好理解.例如 A.B之间相互传东西,A拥有A的私钥.B的公钥:B拥有B的私钥.A的公钥:这样当A给B传信息的时候,用B的公钥加密,这样只有B才能解密,保证了信息的安全.同理,B给A传信 ...
- 数字证书应用综合揭秘(包括证书生成、加密、解密、签名、验签)
引言 数字证书是一个经证书授权中心数字签名的包含公开密钥拥有者信息以及公开密钥的文件.为现实网络安全化标准如今大部分的 B2B.B2C.P2P.O2O 等商业网站含有重要企业资料个人资料的信息资信网站 ...
- Java开发中的加密、解密、签名、验签,密钥,证书,这篇就够了,赶紧收藏起来
OpenSSL和keytool 先说一下两个重要的工具 OpenSSL:OpenSSL整个软件包大概可以分成三个主要的功能部分:SSL协议库libssl.应用程序命令工具以及密码算法库libcrypt ...
最新文章
- Go 读取 yaml 文件并解析
- 运行时常量池在哪里_C++干货系列——从编译期常量谈到constexpr(一)
- linux下多线程之pthread_detach(pthread_self())
- (70)Verilog HDL测试激励:复位激励2
- 如何不用MDI方式在Form1上显示Form2
- Java是如何读到hbase-site.xml 的内容的
- 国外大神整理的 2019 年 Java 权威开发路线图,Java大神养成记
- PuttyPsftp命令行实现自动登录
- 第一次开卡SSD硬盘成功,主控为SM2258XT(附软件)
- 今年春节北京烟花爆竹备货量下降46.7%
- excel转tsv格式
- 买台式计算机什么指标的好,购买电脑时,只要你了解了这几个参数,就能保证不被坑...
- C# List集合快速拼接字符串
- 三极管+电容 实现的心形灯电路
- 白化病最新研究进展(2021年9月)
- 给20块钱买可乐,每瓶可乐3块钱,喝完之后退瓶子可以换回1块钱,问最多可以喝到多少瓶可乐
- 解码器LengthFieldBasedFrameDecoder
- java手动注册filter,SpringBoot注册Filter的两种实现方式
- 浅了解JVM--狂神说
- 玩吃鸡台式计算机配置,玩转绝地求生:大逃杀!i5-7400配GTX1060玩游戏的台式机配置推荐...