中职网站建设与管理专业/百度人气榜

本文转自：
数字证书简介及Java编码实现
CA认证原理以及实现
java CA证书制作和代码中使用

名词大意

秘钥库：存储了公钥和私钥信息，一个秘钥库可以存储多对的密钥对（密钥对可以理解为就是数字证书），通过alias别名来取出需要的密钥对，存放于服务器，xxx.keystore文件
数字证书：只能存储公钥，可以从xxxx.keystore中导出某个密钥对的公钥证书,存放于客户端，xxx.cer文件

java使用数字证书

Java 6提供了完善的数字证书管理实现，我们几乎无需关注，仅通过操作密钥库和数字证书就可完成相应的加密解密和签名验签过程。

密钥库管理私钥，数字证书管理公钥，公钥和私钥分属消息传递双方，进行加密消息传递。

CertificateCoder工具类

 /***** 获得私钥，获得私钥后，通过RSA算方法实现进行"私钥加密，公钥解密"和"公钥加密，私钥解密"操作* @param keyStorePath 密钥库路径* @param alias 别名* @param keystore_password 秘钥库密码* @param ca_password 证书密码* @return  私钥*/private static PrivateKey getPrivateKeyByKeyStore(String keyStorePath, String alias, String keystore_password,String ca_password)throws Exception{//获得密钥库KeyStore ks = getKeyStore(keyStorePath,keystore_password);//获得私钥return  (PrivateKey)ks.getKey(alias, ca_password.toCharArray());}/***** 由Certificate获得公钥，获得公钥后，通过RSA算方法实现进行"私钥加密，公钥解密"和"公钥加密，私钥解密"操作* @param certificatePath  证书路径* @return 公钥*/private static PublicKey getPublicKeyByCertificate(String certificatePath)throws Exception {//获得证书Certificate certificate = getCertificate(certificatePath);//获得公钥return certificate.getPublicKey();}/***** 加载数字证书，JAVA 6仅支持x.509的数字证书* @param certificatePath  证书路径* @return   证书* @throws Exception*/private static Certificate getCertificate(String certificatePath) throws Exception{//实例化证书工厂CertificateFactory certificateFactory = CertificateFactory.getInstance("x.509");//取得证书文件流FileInputStream in = new FileInputStream(certificatePath);//生成证书Certificate certificate = certificateFactory.generateCertificate(in);//关闭证书文件流in.close();return certificate;}/***** 获得Certificate* @param keyStorePath 密钥库路径* @param alias 别名* @param keystore_password  秘钥库密码* @return  证书* @throws Exception*/private static Certificate getCertificate(String keyStorePath,String alias,String keystore_password) throws Exception{//由密钥库获得数字证书构建数字签名对象//获得密钥库KeyStore ks = getKeyStore(keyStorePath,keystore_password);//获得证书return ks.getCertificate(alias);}/***** 加载密钥库，加载了以后，我们就能通过相应的方法获得私钥，也可以获得数字证书* @param keyStorePath 密钥库路径* @param keystore_password 密码* @return  密钥库* @throws Exception*/private static KeyStore getKeyStore(String keyStorePath,String keystore_password) throws Exception{//实例化密钥库KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());//获得密钥库文件流FileInputStream is = new FileInputStream(keyStorePath);//加载密钥库ks.load(is,keystore_password.toCharArray());//关闭密钥库文件流is.close();return ks;}/***** 私钥加密* @param data  待加密的数据* @param keyStorePath  密钥库路径* @param alias  别名* @param keystore_password   秘钥库密码* @param ca_password   证书密码* @return  加密数据* @throws Exception*/public static byte[] encryptByPriateKey(byte[] data,String keyStorePath,String alias,String keystore_password,String ca_password) throws Exception{//获得私钥PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath,alias,keystore_password,ca_password);//对数据加密Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());cipher.init(Cipher.ENCRYPT_MODE,privateKey);return cipher.doFinal(data);}/***** 私钥解密* @param data  待解密数据* @param keyStorePath 密钥库路径* @param alias  别名* @param keystore_password   秘钥库密码* @param ca_password   证书密码* @return  解密数据* @throws Exception*/public static byte[] decryptByPrivateKey(byte[] data,String keyStorePath,String alias,String keystore_password,String ca_password) throws Exception{//取得私钥PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath,alias,keystore_password,ca_password);//对数据解密Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());cipher.init(Cipher.DECRYPT_MODE,privateKey);return cipher.doFinal(data);}/***** 公钥加密* @param data  等待加密数据* @param certificatePath  证书路径* @return   加密数据* @throws Exception*/public static byte[] encryptByPublicKey(byte[] data,String certificatePath) throws Exception{//取得公钥PublicKey publicKey = getPublicKeyByCertificate(certificatePath);//对数据加密Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());cipher.init(Cipher.ENCRYPT_MODE,publicKey);return cipher.doFinal(data);}/***** 公钥解密* @param data  等待解密的数据* @param certificatePath  证书路径* @return  解密数据* @throws Exception*/public static byte[] decryptByPublicKey(byte[] data,String certificatePath)throws Exception{//取得公钥PublicKey publicKey = getPublicKeyByCertificate(certificatePath);//对数据解密Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());cipher.init(Cipher.DECRYPT_MODE, publicKey);return cipher.doFinal(data);}/***** @param sign  签名* @param keyStorePath 密钥库路径* @param alias 别名* @param keystore_password   秘钥库密码* @param ca_password   证书密码* @return 签名* @throws Exception*/public static byte[] sign(byte[] sign,String keyStorePath,String alias,String keystore_password,String ca_password)throws Exception{//获得证书X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath,alias,keystore_password);//构建签名,由证书指定签名算法Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());//获取私钥PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath,alias,keystore_password,ca_password);//初始化签名，由私钥构建signature.initSign(privateKey);signature.update(sign);return signature.sign();}/***** 验证签名* @param data  数据* @param sign  签名* @param certificatePath  证书路径* @return  验证通过为真* @throws Exception*/public static boolean verify(byte[] data,byte[] sign,String certificatePath) throws Exception{//获得证书X509Certificate x509Certificate = (X509Certificate)getCertificate(certificatePath);//由证书构建签名Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());//由证书初始化签名，实际上是使用了证书中的公钥signature.initVerify(x509Certificate);signature.update(data);return signature.verify(sign);}

CertificateCoderTest测试类

/** 秘钥库密码. */private static final String keystore_password  = "123456";/** 证书密码. */private static final String ca_password   = "111111";/** 证书别名. */private static final String alias = "ljw";/** 密钥库文件. */private static final String keyStorePath = "F:\\Certifacate\\ljw.keystore";/** 数字证书文件. */private static final String certificatePath = "F:\\Certifacate\\ljw.cer";//我们假定密钥库文件yale.keystore存储在D盘根目录，数字证书文件yale.cer也存储在D盘根目录/***** 公钥加密---私钥解密* @throws Exception*/@Testpublic void test1() throws Exception{System.err.println("公钥加密---私钥解密");String inputStr = "数字证书";byte[] data = inputStr.getBytes();//公钥加密byte[] encrypt = CertificateCoder.encryptByPublicKey(data, certificatePath);//私钥解密byte[] decrypt = CertificateCoder.decryptByPrivateKey(encrypt, keyStorePath, alias, keystore_password, ca_password);String outputStr = new String(decrypt);System.err.println("加密前：\n" + inputStr);System.err.println("解密后：\n" + outputStr);}/***** 私钥加密---公钥解密* @throws Exception*/@Testpublic  void test2()throws Exception{System.err.println("私钥加密---公钥解密");String inputStr = "数字签名";byte[] data = inputStr.getBytes();//私钥加密byte[] encodedData = CertificateCoder.encryptByPriateKey(data, keyStorePath, alias, keystore_password, ca_password);//公钥解密byte[] decodeData = CertificateCoder.decryptByPublicKey(encodedData, certificatePath);String outputStr = new String (decodeData);System.err.println("加密前：\n" + inputStr);System.err.println("解密后：\n" + outputStr);}@Testpublic  void testSign()throws Exception{String inputStr = "签名";byte[] data = inputStr.getBytes();System.err.println("私钥签名---公钥验证");//产生签名byte[] sign = CertificateCoder.sign(data, keyStorePath, alias, keystore_password, ca_password);System.err.println("签名:\n" + sign);//验证签名boolean status = CertificateCoder.verify(data, sign, certificatePath);System.err.println("状态：\n " + status);}