我想使用java在浏览器上安装的证书来签名数据

时间:2016-09-05 07:29:17

标签: java digital-signature

我知道如何使用系统(机器)上的证书对数据进行签名,但要求是使用浏览器上的certi对数据进行签名。下面是代码。如果有人发现我的代码错了,请告诉我,因为我不确定它的正确性 PS - 此代码有效。

import java.io.FileInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

 public class class123 {
    public static void main(String[] args) {
    String input = "shubham";
    byte[] signature = createSignature(input.getBytes());
    System.out.println(createSignature(input.getBytes()));
    verifySignature(input.getBytes(), signature);
}

private static byte[] createSignature(byte[] file) {
    byte[] signature = null;
    String Password="abc";
    try {
        java.security.KeyStore keyStoreFile = java.security.KeyStore.getInstance("PKCS12");
        keyStoreFile.load(new FileInputStream("D:\\1.p12"), Password.toCharArray()); //address of certificate (pfx file) and corresponding password.
        Enumeration<String> aliases = keyStoreFile.aliases();
        String alias = aliases.nextElement();
        PrivateKey privateKey = (PrivateKey) keyStoreFile.getKey(alias, Password.toCharArray());

        Signature dsa = Signature.getInstance("SHA1withRSA");
        dsa.initSign(privateKey);
        dsa.update(file, 0, file.length);
        signature = dsa.sign();

    } catch (Exception e) {

        e.printStackTrace();
    }
    return signature;

}

private static void verifySignature(byte[] file, byte[] sign) {
    String Password="abc";
    try {
        java.security.KeyStore keyStoreFile =       java.security.KeyStore.getInstance("PKCS12");
        keyStoreFile.load(new FileInputStream("D:\\1.p12"),   Password.toCharArray());
        Enumeration<String> aliases = keyStoreFile.aliases();
        String alias = aliases.nextElement();
        Signature dsa = Signature.getInstance("SHA1withRSA");
        dsa.initVerify(((X509Certificate) keyStoreFile.getCertificate(alias)).getPublicKey());
        dsa.update(file);
        boolean ret = dsa.verify(sign);
        System.out.println(ret);


    } catch (Exception e) {

        e.printStackTrace();
    }


}

}

2 个答案:

答案 0 :(得分:-1)

没关系,请在我访问Microsoft证书商店进行签名和验证之前检查this blog post,它可以帮助您。

答案 1 :(得分:-1)

import java.io.FileOutputStream;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;

public class CertificateFromBrowser {
    public static void main(String[] args) throws Exception {
        testConnectionTo(""); // pass the url (eg: https://www.example.com)
    }

    public static void testConnectionTo(String aURL) throws Exception {
        URL destinationURL = new URL(aURL);
        HttpsURLConnection conn = (HttpsURLConnection) destinationURL.openConnection();
        conn.connect();
        Certificate[] certs = conn.getServerCertificates();
        System.out.println("nb = " + certs.length);
        for (Certificate cert : certs) {
            System.out.println("");
            System.out.println("");
            System.out.println("");
            System.out.println("################################################################");
            System.out.println("");
            System.out.println("");
            System.out.println("");
            System.out.println("Certificate is: " + cert);
            if (cert instanceof X509Certificate) {
                try {
                    ((X509Certificate) cert).checkValidity();
                    System.out.println("Certificate is active for current date");

                } catch (CertificateExpiredException cee) {
                    System.out.println("Certificate is expired");
                }
            } else {
                System.err.println("Unknown certificate type: " + cert);
            }
        }
    }
}