package CA;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
//import java.io.FilterInputStream;
import java.io.IOException;
import java.math.BigInteger;
//import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import sun.security.x509.*;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
//import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Calendar;
//import java.util.Collection;
import java.sql.Connection;
import javax.swing.JOptionPane;
//import javax.xml.crypto.Data;
//import java.util.*;
import D_dao.D_dao;
import socket.IP;
import sun.misc.BASE64Decoder;
import until.jdbcutil;
public class myc {
static ArrayList<String>savestrings=new ArrayList<>();
private String CAKeytore="c:\\iava\\server.keystore";//密锁库路径
private char[] CAKeytorePass="changeit".toCharArray();//密锁库密码
private char[] CAPrivateKeyPass="changeit".toCharArray();//取得签发者私锁所需的密码
private String CACertAlias="server";//签发者别名
private String CASignCert="c:\\iava\\server.cer";//签发证书
private int mValidityDay=3000;//签发后的新证书有效期(天)
private PrivateKey CAPrivateKey=null; //签发者的私锁
private X509CertInfo mSignCertInfo=null;//签发证书信息
private X509CertInfo ClientInfo=null;//被签证书信息
private static Connection conn;
private static PreparedStatement pstmt;
public boolean Mycertificate(String []Personinfo,String Apub) throws Exception{
try{
/****************
*证书生成
*证书签名
*
*****/
getSignCertInfo();//获取签名证书信息
signCertificate(Personinfo,Apub);//用签名证书信息签发代签名证书
boolean test=createNewCertificate(Personinfo) ;//创建并保存签发后的新证书
return test ;
}catch(Exception e){
System.out.println("error:"+e.getMessage());
boolean test=false;
return test;
}
}
/**
*取得签名证书信息
*@throws Exception
*/
private void getSignCertInfo() throws Exception
{
FileInputStream vFin=null;
KeyStore vKeyStore=null;
Certificate vCert=null;
X509CertImpl vCertImpl=null;
byte[] vCertData=null;
//获取签发证书密锁库
vFin=new FileInputStream(CAKeytore);
vKeyStore=KeyStore.getInstance("JKS");
vKeyStore.load(vFin,CAKeytorePass);
//获取签名证书
vCert=vKeyStore.getCertificate(CACertAlias);
vCertData=vCert.getEncoded();
vCertImpl=new X509CertImpl(vCertData);
//获取签名证书信息
mSignCertInfo=(X509CertInfo) vCertImpl.get(X509CertImpl.NAME+"."+X509CertImpl.INFO);
CAPrivateKey=(PrivateKey)vKeyStore.getKey(CACertAlias,CAPrivateKeyPass);
vFin.close();
}
/**
*取得待签名证书信息,并签名带签证证书
*
*@throws Exception
*/
private void signCertificate(String []Personinfo,String Apub) throws Exception
{
FileInputStream vFin=null;
Certificate vCert=null;
CertificateFactory vCertFactory=null;
X509CertImpl vCertImpl=null;
byte[] vCertDate=null;
//获取签名证书
vFin=new FileInputStream(CASignCert);
vCertFactory=CertificateFactory.getInstance("X.509");
vCert=vCertFactory.generateCertificate(vFin);
vFin.close();
vCertDate=vCert.getEncoded();
//设置被签名证书信息:有效日期、序列号、签名者、数字签名算法
vCertImpl=new X509CertImpl(vCertDate);
ClientInfo=(X509CertInfo) vCertImpl.get(X509CertImpl.NAME+"."+X509CertImpl.INFO);
X500Name issuer=(X500Name)ClientInfo.get(X509CertInfo.SUBJECT+"."+CertificateIssuerName.DN_NAME);
//接收公钥
String APubKey=Apub;
PublicKey aPubKey=getPubKey(APubKey);
ClientInfo.set("key",new CertificateX509Key(aPubKey));
ClientInfo.set(X509CertInfo.VALIDITY,getCertValidity());
//设置用户信息
String cn=Personinfo[0];
String ou=Personinfo[1];
String o=Personinfo[2];
String l=Personinfo[3];
String st=Personinfo[4];
String c=Personinfo[5];
//cn:姓氏、名字 ou:组织单位名称 o:组织名称 l:城市、区域 C:国家代码
String infostr="cn="+cn+",ou="+ou+",o="+o+",l="+l+",st="+st+",c="+c;
X500Name subject=new X500Name(infostr);
//设置被颁发者的名字
ClientInfo.set("subject.dname",subject);
ClientInfo.set(X509CertInfo.SERIAL_NUMBER,getCertSerualNumber());
//设置新证书签发者
ClientInfo.set (X509CertInfo.ISSUER+"."+CertificateIssuerName.DN_NAME,issuer);
ClientInfo.set(CertificateAlgorithmId.NAME+"."+CertificateAlgorithmId.ALGORITHM,getAlgorithm());
}
/********
*
*取得待签名证书信息,保存新证书
*@throws Exception
*
*********/
private boolean createNewCertificate(String []info) throws Exception{
FileOutputStream Out=null;
X509CertImpl newcert=null;
KeyStore ks=KeyStore.getInstance("JKS");
FileInputStream in=new FileInputStream(CAKeytore);
char[]storePwd="changeit".toCharArray();
ks.load(in,storePwd);//得到路径和密码,可进入
X509Certificate certificate=(X509Certificate)ks.getCertificate("server");
in.close();
newcert=new X509CertImpl(ClientInfo);
byte[] original=ClientInfo.getEncodedInfo();
newcert.sign(CAPrivateKey, "sha256WithRSA");
byte[] sig=newcert.getSignature();
//main2.appendtextarea("签名信息:"+"\n"+newcert+"\n");
//main2.appendtextarea("\r**********十六进制输出***********\r\n");
//main2.appendtextarea("签名后:\n"+new BigInteger(sig).toString(16));
/**
* * 传入文件名以及字符串, 将字符串信息保存到文件中 *
* * @param strFilename
* * @param strBuffer */
TextToFile(info[0],newcert);
TextToFile2(info[0],sig);
IP.returncert(newcert.toString());
Out=new FileOutputStream(".\\"+info[0]+".crt");
newcert.derEncode(Out);
Out.close();
boolean test=verifySign(certificate,sig,original);
if(test==true) {
//main2.appendtextarea("\r***签名成功***\n");
}else if(test==false)
{
JOptionPane.showMessageDialog(null,"\r***签名失败******\n","提示",JOptionPane.CANCEL_OPTION);
}
return test ;
}
/********
*
*取得新证书有效日期
*@throws Exception
*
**@throws CertificateValidity
*********/
private CertificateValidity getCertValidity() throws Exception{
long vValidity=(60*60*24*1000l)*mValidityDay;
Calendar vCal=null;
java.util.Date vBeginDate=null;
java.util.Date vEndDate=null;
vCal=Calendar.getInstance();
vBeginDate= vCal.getTime();
vEndDate=vCal.getTime();
vEndDate.setTime(vBeginDate.getTime()+vValidity);
return new CertificateValidity(vBeginDate,vEndDate);
}
/**
*取得新证书的序列号
*
*@return CertificateSerialNumber
*/
private CertificateSerialNumber getCertSerualNumber(){
Calendar vCal=null;
vCal=Calendar.getInstance();
int vSerialNum=(int)(vCal.getTimeInMillis()/1000);
return new CertificateSerialNumber(vSerialNum);
}
/**
*取得新证书的签名算法
*
*@return AlgorithmId
*/
private AlgorithmId getAlgorithm(){
AlgorithmId vAlgorithm=new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
return vAlgorithm;
}
/**********
*
*将字符串转化为公钥
*
**/
private PublicKey getPubKey(String pubkey){
PublicKey publicKey=null;
try{
java.security.spec.X509EncodedKeySp
DLZ03Server.zip
需积分: 45 41 浏览量
2020-07-22
22:29:10
上传
评论 4
收藏 2.13MB ZIP 举报
DLZ03Server.zip (21个子文件) 
DLZ.crt 586B .project 381B lll.crt 586B
src CA myc.java 14KB until jdbcutil.java 1KB socket IP.java 5KB D_dao D_dao.java 2KB lib 
mysql-connector-java-8.0.18.jar 2.22MB lucksim.crt 590B li.crt 585B ssl.crt 586B .settings org.eclipse.jdt.core.prefs 598B puy.crt 586B open.crt 587B liuz.crt 587B happy.crt 588B .classpath 482B bin CA myc.class 12KB until jdbcutil.class 2KB socket IP.class 4KB D_dao D_dao.class 3KB资源评论
