Java security technology includes a large set of APIs, (JCA, JAAS, etc) tools, and implementations of commonly-used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a a set of tools to securely manage applications.
The JCA defines the java. security .KeyStore engine class to manage secret keys, key pairs, and digital certificates. As an engine, it implements the standard pair of engine factory methods, for example:
The KeyStore represents an in-memory representation of the keys it's protecting, as depicted in Figure 5.1. Each artifact placed in the key store is given an alias to easily identify it. This makes sense; running data through a Cipher didn't automatically write the cipher text out to a file somewhere; that was your responsibility.
The JCA defines the java. security .KeyStore engine class to manage secret keys, key pairs, and digital certificates. As an engine, it implements the standard pair of engine factory methods, for example:
The KeyStore represents an in-memory representation of the keys it's protecting, as depicted in Figure 5.1. Each artifact placed in the key store is given an alias to easily identify it. This makes sense; running data through a Cipher didn't automatically write the cipher text out to a file somewhere; that was your responsibility.
- http://www.herongyang.com/JDK/jca_keystore.html
- http://www.javascriptdownload.net/site/page.asp?dsy_id=111
Ejemplo de como acceder a un Keystore y leer los certificados digitales
Nota: Un keystore puede tener un conjunto de certificados digitales como tambien otros keystores.
private static void doKeyStoreRead(String keyStorePath, String keyStorePassword){
try {
// Accedemos al keystore
FileInputStream is = new FileInputStream(keyStorePath);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, keyStorePassword.toCharArray());
// Recorremos el keystore, accedemos a cada uno de los certificados y
// verificamos la fecha de vencimiento
// verificamos la fecha de vencimiento
Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
log.debug("************ Certificado [Inicio] *********************");
log.debug("Alias Certificado: " + alias);
java.security.cert.Certificate certificate = keystore.getCertificate(alias);
// Obtenemos la fecha de validación de cada certificado (inicio y fin).
X509Certificate cert = (X509Certificate) certificate;
Date fromDate = cert.getNotBefore();
log.debug("Serial Number: " + cert.getSerialNumber());
log.debug("Subject: " + cert.getSubjectDN());
log.debug("Fecha de Inicio: " + fromDate);
Date toDate = cert.getNotAfter();
log.debug("Fecha de Fin: " + toDate);
// En caso que tengamos un KeyStore dentro de otro keystore, tambien
//chequeamos los certificados.
//chequeamos los certificados.
Certificate[] certificateChainList = keystore.getCertificateChain(alias);
if (certificateChainList != null){
for (Certificate cer : certificateChainList) {
// do something...
}
}
log.debug("************ Certificado [Fin] *********************");
}
} catch (KeyStoreException e) {
log.error(e.getMessage(), e);
e.printStackTrace();
} catch (java.security.cert.CertificateException e) {
log.error(e.getMessage(), e);
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
log.error(e.getMessage(), e);
e.printStackTrace();
} catch (java.io.IOException e) {
log.error(e.getMessage(), e);
e.printStackTrace();
}
}
No hay comentarios:
Publicar un comentario