Programmingjava

인증서 검증 - 자바와 암호화 -

Java Crypto, java, 자바 인증서 검증 - 자바와 암호화 -

인증서 검증 - 자바와 암호화 -

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class CertTest {
	public static void main(String[] ar) throws Exception {
		Security.addProvider(new BouncyCastleProvider());
		CertificateFactory certificateFactory = CertificateFactory
				.getInstance("X.509");
		File certFile = new File("E:/signCert.der");
		X509Certificate cert = generateCertificate(certificateFactory, certFile);
		File yessignFile = new File("E:/yessign.der");
		X509Certificate yessign = generateCertificate(certificateFactory,
				yessignFile);
		File trustFile = new File("E:/root-rsa-sha2.der");
		X509Certificate trust = generateCertificate(certificateFactory,
				trustFile);
		List<X509Certificate> certificates = new ArrayList<X509Certificate>();
		certificates.add(cert);
		certificates.add(yessign);
		CertPath certPath = certificateFactory.generateCertPath(certificates);
		TrustAnchor anchor = new TrustAnchor(trust, null);
		PKIXParameters params = new PKIXParameters(
				Collections.singleton(anchor));
		params.setRevocationEnabled(false);
		CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
		PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv
				.validate(certPath, params);
		System.out.println(result);
	}

	private static X509Certificate generateCertificate(
			CertificateFactory certificateFactory, File certFile)
			throws Exception {
		InputStream input = new BufferedInputStream(new FileInputStream(
				certFile));
		X509Certificate cert = (X509Certificate) certificateFactory
				.generateCertificate(input);
		return cert;
	}
}
Share