java代码 生成证书链 并解析证书链
时间: 2024-03-12 15:47:09 浏览: 20
好的,以下是Java代码生成证书链并解析证书链的示例:
```java
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
public class CertChainExample {
public static void main(String[] args) throws Exception {
// 读取证书文件
FileInputStream fis = new FileInputStream("client.pfx");
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(fis, "123456".toCharArray());
// 获取证书链
List<X509Certificate> certChain = new ArrayList<>();
Certificate[] certs = ks.getCertificateChain("client");
for (Certificate cert : certs) {
certChain.add((X509Certificate) cert);
}
// 输出证书链
System.out.println("证书链:");
for (X509Certificate cert : certChain) {
System.out.println(cert.getSubjectDN());
}
// 验证证书链
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List<X509Certificate> trustedCerts = new ArrayList<>();
FileInputStream trustStream = new FileInputStream("truststore.jks");
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(trustStream, "123456".toCharArray());
for (String alias : trustStore.aliases()) {
trustedCerts.add((X509Certificate) trustStore.getCertificate(alias));
}
boolean isValid = verifyCertificateChain(certChain, trustedCerts);
System.out.println("证书链是否有效:" + isValid);
}
public static boolean verifyCertificateChain(List<X509Certificate> certChain, List<X509Certificate> trustedCerts) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (int i = 0; i < certChain.size(); i++) {
X509Certificate cert = certChain.get(i);
if (i == 0) {
// 验证根证书
if (!trustedCerts.contains(cert)) {
return false;
}
} else {
// 验证中间证书
X509Certificate issuerCert = certChain.get(i - 1);
if (!issuerCert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
return false;
}
try {
cert.verify(issuerCert.getPublicKey());
} catch (Exception e) {
return false;
}
}
}
return true;
} catch (Exception e) {
return false;
}
}
}
```
以上代码会读取一个PKCS12格式的证书文件,获取证书链并输出,然后再读取一个JKS格式的信任库文件,验证证书链是否有效。其中 `verifyCertificateChain()` 方法实现了证书链的验证逻辑。
注意:示例代码中涉及到的文件路径和密码需要根据实际情况进行修改。
相关推荐
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)