鲁达 概述
数字证书
互联网通讯中标志通讯各方身份信息的一串数字,提供了一种在Internet上验证通信实体身份的方式,数字证书不是数字身份证,而是身份认证机构盖在数字身份证上的一个章或印(或者说加在数字身份证上的一个签名)。
数字证书是由权威机构(CA机构),又称为证书授权(Certificate Authority)中心发行的,人们可以在网上用它来识别对方的身份。
数字证书的应用场景
1、服务器证书,安装于服务器设备上,用来证明服务器的身份和进行通信加密,服务器证书可以用来防止欺诈钓鱼站点。
2、客户端个人/企业组织证书,用来身份认证和电子签名的,SSL双向登录,文档签名,代码签名,一些网页上的表单签名。
数字证书相关参考内容:
1、密钥库和证书格式:
2、Nginx配置SSL证书:
3、读取网站申请SSL证书,JKS、PFX、CRT格式:
4、命令制作证书及代码生成证书:
证书签名
<dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15to18</artifactId> <version>1.70</version> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15to18</artifactId> <version>1.70</version> </dependency>签名和验签案例
package com.w; import com.w; public class CertSignUtilsDemo { public static void main(String[] args) { // 读取证书 KeyS keyStoreEntry = KeyS(); // ========================================================================// // 证书签名====>使用证书私钥签名 // ========================================================================// String text = "被签名的内容"; String signContent = ""; try { // 签名 signContent = Cer(), text); } catch (Exception e) { e.printStackTrace(); } Sy(signContent); // ========================================================================// // 证书验签====>使用证书公钥验签 // ========================================================================// boolean verifySigned = false; try { // 验签 verifySigned = Cer(), text, signContent); } catch (Exception e) { e.printStackTrace(); } Sy(verifySigned); } }package com.w; import java.; import java.; import java.; import java.u; public class CertSignUtils { /** * 签名 * * @param privateKey * @param content * @return * @throws Exception */ public static String sign(PrivateKey privateKey, String content) throws Exception { // 用私钥对信息生成数字签名 Signature signature = Signa("SHA384WithRSA"); (privateKey); byte[] data = con("utf-8"); (data); byte[] signedData = (); return Ba().encodeToString(signedData); } /** * 验证签名 * * @param publicKey * @param content * @param sign * @return * @throws Exception */ public static boolean verify(PublicKey publicKey, String content, String sign) throws Exception { Signature signature = Signa("SHA384WithRSA"); (publicKey); byte[] data = con("utf-8"); (data); boolean result = ().decode(sign)); return result; } }JKS格式与PFX格式相互转换
package com.w; import java.io.FileInputStream; import java.io.FileOutputStream; import java.; import java.Store; import java.; import java.u; public class JKSConvertor { // 证书格式 public static final String JKS = "JKS"; public static final String PKCS12 = "PKCS12"; /** * @param storePath * @param storePasswd * @param pfxPath * @throws Exception */ public static void toPKCS12(String storePath, String storePasswd, String pfxPath) throws Exception { // 读取KeyStore KeyStore inputKeyStore = KeyS(JKS); FileInputStream inputStream = new FileInputStream(storePath); char[] nPassword = (); in(inputStream, nPassword); in(); // 创建PKCS12 KeyStore outputKeyStore = KeyS(PKCS12); out(null, ()); Enumeration<String> enumStrs = in(); while ()) { String keyAlias = enumS(); if (keyAlias)) { Key key = in(keyAlias, nPassword); Certificate[] certChain = in(keyAlias); ou(keyAlias, key, (), certChain); } } // 输出 FileOutputStream outputStream = new FileOutputStream(pfxPath); ou(outputStream, nPassword); out(); } /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { JKSConver("D://localhost_server.jks", "123456", "D://localhost_server.pfx"); JKSConver("D:/localhost_client1.jks", "123456", "D:/localhost_client1.pfx"); } }package com.w; import java.io.FileInputStream; import java.io.FileOutputStream; import java.; import java.Store; import java.; import java.u; public class PKCS12Convertor { // 证书格式 public static final String JKS = "JKS"; public static final String PKCS12 = "PKCS12"; /** * @param pfxPath * @param storePasswd * @param jksPath * @throws Exception */ public static void toJKS(String pfxPath, String storePasswd, String jksPath) throws Exception { KeyStore inputKeyStore = KeyS(PKCS12); // 加载证书 FileInputStream inputStream = new FileInputStream(pfxPath); // P12证书密码 char[] nPassword = (); in(inputStream, nPassword); in(); KeyStore outputKeyStore = KeyS(JKS); out(null, ()); Enumeration<String> enumStrs = in(); while ()) { String keyAlias = enumS(); if (keyAlias)) { Key key = in(keyAlias, nPassword); Certificate[] certChain = in(keyAlias); ou(keyAlias, key, (), certChain); } } FileOutputStream outputStream = new FileOutputStream(jksPath); ou(outputStream, nPassword); out(); } /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { // keytool -list -keystore D://localhost_server.2.jks // keytool -list -rfc -keystore D://localhost_server.2.jks -storepass 123456 PKCS12Conver("D://localhost_server.pfx", "123456", "D://localhost_server.2.jks"); // keytool -list -keystore D://localhost_client1.2.jks // keytool -list -rfc -keystore D://localhost_client1.2.jks -storepass 123456 PKCS12Conver("D:/localhost_client1.pfx", "123456", "D:/localhost_client1.2.jks"); } }