package CA;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
//import java.io.FilterInputStream;
import java.io.IOException;
import java.math.BigInteger;
//import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import sun.security.x509.*;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
//import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Calendar;
//import java.util.Collection;
import java.sql.Connection;
import javax.swing.JOptionPane;
//import javax.xml.crypto.Data;
//import java.util.*;
import D_dao.D_dao;
import socket.IP;
import sun.misc.BASE64Decoder;
import until.jdbcutil;
public class myc {
static ArrayList<String>savestrings=new ArrayList<>();
private String CAKeytore="c:\\iava\\server.keystore";//密锁库路径
private char[] CAKeytorePass="changeit".toCharArray();//密锁库密码
private char[] CAPrivateKeyPass="changeit".toCharArray();//取得签发者私锁所需的密码
private String CACertAlias="server";//签发者别名
private String CASignCert="c:\\iava\\server.cer";//签发证书
private int mValidityDay=3000;//签发后的新证书有效期(天)
private PrivateKey CAPrivateKey=null; //签发者的私锁
private X509CertInfo mSignCertInfo=null;//签发证书信息
private X509CertInfo ClientInfo=null;//被签证书信息
private static Connection conn;
private static PreparedStatement pstmt;
public boolean Mycertificate(String []Personinfo,String Apub) throws Exception{
try{
/****************
*证书生成
*证书签名
*
*****/
getSignCertInfo();//获取签名证书信息
signCertificate(Personinfo,Apub);//用签名证书信息签发代签名证书
boolean test=createNewCertificate(Personinfo) ;//创建并保存签发后的新证书
return test ;
}catch(Exception e){
System.out.println("error:"+e.getMessage());
boolean test=false;
return test;
}
}
/**
*取得签名证书信息
*@throws Exception
*/
private void getSignCertInfo() throws Exception
{
FileInputStream vFin=null;
KeyStore vKeyStore=null;
Certificate vCert=null;
X509CertImpl vCertImpl=null;
byte[] vCertData=null;
//获取签发证书密锁库
vFin=new FileInputStream(CAKeytore);
vKeyStore=KeyStore.getInstance("JKS");
vKeyStore.load(vFin,CAKeytorePass);
//获取签名证书
vCert=vKeyStore.getCertificate(CACertAlias);
vCertData=vCert.getEncoded();
vCertImpl=new X509CertImpl(vCertData);
//获取签名证书信息
mSignCertInfo=(X509CertInfo) vCertImpl.get(X509CertImpl.NAME+"."+X509CertImpl.INFO);
CAPrivateKey=(PrivateKey)vKeyStore.getKey(CACertAlias,CAPrivateKeyPass);
vFin.close();
}
/**
*取得待签名证书信息,并签名带签证证书
*
*@throws Exception
*/
private void signCertificate(String []Personinfo,String Apub) throws Exception
{
FileInputStream vFin=null;
Certificate vCert=null;
CertificateFactory vCertFactory=null;
X509CertImpl vCertImpl=null;
byte[] vCertDate=null;
//获取签名证书
vFin=new FileInputStream(CASignCert);
vCertFactory=CertificateFactory.getInstance("X.509");
vCert=vCertFactory.generateCertificate(vFin);
vFin.close();
vCertDate=vCert.getEncoded();
//设置被签名证书信息:有效日期、序列号、签名者、数字签名算法
vCertImpl=new X509CertImpl(vCertDate);
ClientInfo=(X509CertInfo) vCertImpl.get(X509CertImpl.NAME+"."+X509CertImpl.INFO);
X500Name issuer=(X500Name)ClientInfo.get(X509CertInfo.SUBJECT+"."+CertificateIssuerName.DN_NAME);
//接收公钥
String APubKey=Apub;
PublicKey aPubKey=getPubKey(APubKey);
ClientInfo.set("key",new CertificateX509Key(aPubKey));
ClientInfo.set(X509CertInfo.VALIDITY,getCertValidity());
//设置用户信息
String cn=Personinfo[0];
String ou=Personinfo[1];
String o=Personinfo[2];
String l=Personinfo[3];
String st=Personinfo[4];
String c=Personinfo[5];
//cn:姓氏、名字 ou:组织单位名称 o:组织名称 l:城市、区域 C:国家代码
String infostr="cn="+cn+",ou="+ou+",o="+o+",l="+l+",st="+st+",c="+c;
X500Name subject=new X500Name(infostr);
//设置被颁发者的名字
ClientInfo.set("subject.dname",subject);
ClientInfo.set(X509CertInfo.SERIAL_NUMBER,getCertSerualNumber());
//设置新证书签发者
ClientInfo.set (X509CertInfo.ISSUER+"."+CertificateIssuerName.DN_NAME,issuer);
ClientInfo.set(CertificateAlgorithmId.NAME+"."+CertificateAlgorithmId.ALGORITHM,getAlgorithm());
}
/********
*
*取得待签名证书信息,保存新证书
*@throws Exception
*
*********/
private boolean createNewCertificate(String []info) throws Exception{
FileOutputStream Out=null;
X509CertImpl newcert=null;
KeyStore ks=KeyStore.getInstance("JKS");
FileInputStream in=new FileInputStream(CAKeytore);
char[]storePwd="changeit".toCharArray();
ks.load(in,storePwd);//得到路径和密码,可进入
X509Certificate certificate=(X509Certificate)ks.getCertificate("server");
in.close();
newcert=new X509CertImpl(ClientInfo);
byte[] original=ClientInfo.getEncodedInfo();
newcert.sign(CAPrivateKey, "sha256WithRSA");
byte[] sig=newcert.getSignature();
//main2.appendtextarea("签名信息:"+"\n"+newcert+"\n");
//main2.appendtextarea("\r**********十六进制输出***********\r\n");
//main2.appendtextarea("签名后:\n"+new BigInteger(sig).toString(16));
/**
* * 传入文件名以及字符串, 将字符串信息保存到文件中 *
* * @param strFilename
* * @param strBuffer */
TextToFile(info[0],newcert);
TextToFile2(info[0],sig);
IP.returncert(newcert.toString());
Out=new FileOutputStream(".\\"+info[0]+".crt");
newcert.derEncode(Out);
Out.close();
boolean test=verifySign(certificate,sig,original);
if(test==true) {
//main2.appendtextarea("\r***签名成功***\n");
}else if(test==false)
{
JOptionPane.showMessageDialog(null,"\r***签名失败******\n","提示",JOptionPane.CANCEL_OPTION);
}
return test ;
}
/********
*
*取得新证书有效日期
*@throws Exception
*
**@throws CertificateValidity
*********/
private CertificateValidity getCertValidity() throws Exception{
long vValidity=(60*60*24*1000l)*mValidityDay;
Calendar vCal=null;
java.util.Date vBeginDate=null;
java.util.Date vEndDate=null;
vCal=Calendar.getInstance();
vBeginDate= vCal.getTime();
vEndDate=vCal.getTime();
vEndDate.setTime(vBeginDate.getTime()+vValidity);
return new CertificateValidity(vBeginDate,vEndDate);
}
/**
*取得新证书的序列号
*
*@return CertificateSerialNumber
*/
private CertificateSerialNumber getCertSerualNumber(){
Calendar vCal=null;
vCal=Calendar.getInstance();
int vSerialNum=(int)(vCal.getTimeInMillis()/1000);
return new CertificateSerialNumber(vSerialNum);
}
/**
*取得新证书的签名算法
*
*@return AlgorithmId
*/
private AlgorithmId getAlgorithm(){
AlgorithmId vAlgorithm=new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
return vAlgorithm;
}
/**********
*
*将字符串转化为公钥
*
**/
private PublicKey getPubKey(String pubkey){
PublicKey publicKey=null;
try{
java.security.spec.X509EncodedKeySp