Java Tutorial/Security/X.509 Certificate revocation list
Содержание
Define selector
<source lang="java">
import java.io.FileInputStream; import java.math.BigInteger; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509CertSelector; import java.util.Calendar; import java.util.Date; public class MainClass {
public static void main(String args[]) throws Exception {
X509CertSelector selec = new X509CertSelector();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(args[0]);
Certificate c = cf.generateCertificate(in);
System.out.println(selec.match(c));
selec.setIssuer("CN=Peter,OU=Network Center," + "O=University,L=ZB,ST=Vancouver,C=CN");
System.out.println(selec.match(c));
Calendar cld = Calendar.getInstance();
int year = Integer.parseInt(args[1]);
int month = Integer.parseInt(args[2]) - 1;
int day = Integer.parseInt(args[3]);
cld.set(year, month, day);
Date d = cld.getTime();
selec.setCertificateValid(d);
System.out.println(selec.match(c));
BigInteger sn = new BigInteger("1039056963");
selec.setSerialNumber(sn);
System.out.println(selec.match(c));
}
}</source>
List properties for X.509 CRL
<source lang="java">
import java.io.FileInputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509CRL; public class MainClass {
public static void main(String[] args) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(args[0]);
X509CRL crl = (X509CRL) cf.generateCRL(in);
System.out.println("type = " + crl.getType());
System.out.println("version = " + crl.getVersion());
System.out.println("issuer = " + crl.getIssuerDN().getName());
System.out.println("signing algorithm = " + crl.getSigAlgName());
System.out.println("this update = " + crl.getThisUpdate());
System.out.println("next update = " + crl.getNextUpdate());
in.close();
}
}</source>
Show X.509 CRL entries
<source lang="java">
import java.io.FileInputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509CRL; import java.security.cert.X509CRLEntry; import java.util.Iterator; import java.util.Set; public class MainClass {
public static void main(String[] args) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(args[0]);
X509CRL crl = (X509CRL) cf.generateCRL(in);
Set s = crl.getRevokedCertificates();
if (s != null && s.isEmpty() == false) {
Iterator t = s.iterator();
while (t.hasNext()) {
X509CRLEntry entry = (X509CRLEntry) t.next();
System.out.println("serial number = " + entry.getSerialNumber().toString(16));
System.out.println("revocation date = " + entry.getRevocationDate());
System.out.println("extensions = " + entry.hasExtensions());
}
}
in.close();
}
}</source>
X509 Certificate Selector
<source lang="java">
import java.io.FileInputStream; import java.security.cert.CertStore; import java.security.cert.CertStoreParameters; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.CollectionCertStoreParameters; import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import java.util.Set; public class MainClass {
public static void main(String args[]) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List mylist = new ArrayList();
FileInputStream in = new FileInputStream(args[0]);
Certificate c = cf.generateCertificate(in);
mylist.add(c);
CertStoreParameters cparam = new CollectionCertStoreParameters(mylist);
CertStore cs = CertStore.getInstance("Collection", cparam);
X509CertSelector selec = new X509CertSelector();
selec.setIssuer("CN=YourName,OU=Network Center," + "O=University,L=ZB,ST=Toronto,C=CN");
Set clct = (Set) cs.getCertificates(selec);
Object o[] = clct.toArray();
for (int i = 0; i < o.length; i++) {
X509Certificate ct = (X509Certificate) o[i];
System.out.println("Certificate " + i + " ");
System.out.println(ct.getSubjectDN());
}
}
}</source>
