keytool genkey keystore chinajavaworldkeystore alias chinajavaworld
这个命令用来产生一个密匙库执行完毕后会在当前操作目录中产生一个chinajavaworldkeystore的文件在执行命令的时候还有提示你输入密匙库的密码要记住后面还要用到
keytool export keystore chinajavaworldkeystore
alias chinajavaworld file chinajavaworldcer
这个命令用来产生签名时所要用的证书
在JAVA里操作将Cer内容改为BASE编码
//从密钥库中读取CA证书
String storepass = ;
//前面设置的密码
FileInputStream in = new FileInputStream(e:\\license\\a\\chinajavaworldkeystore); KeyStore ks = KeyStoregetInstance(JKS); ksload(in storepasstoCharArray());
//获取证书 javasecuritycertCertificate c = ksgetCertificate(chinajavaworld);
//BASE编码 Systemoutprintln(StringUtilsencodeBase(cgetEncoded()));
//将chinajavaworldcer内容改为这里输出的内容
开始产生(测试)签名
Signature signature;
try {
InputStream streamCert = new javaioFileInputStream( e:\\license\\a\\testcer);
CertificateFactory factory = CertificateFactorygetInstance(X);
Certificate cert = factorygenerateCertificate(streamCert);
Systemoutprintln(StringUtilsencodeBase(certgetEncoded()));
signature = SignaturegetInstance(SHAwithDSA);
signatureinitVerify(certgetPublicKey());
//要签名的指纹内容
String sss = Welcome to wwThe java world for you forever;
//获取CA证书私钥
PrivateKey priKey=(PrivateKey)ksgetKey(teststorepasstoCharArray());
Systemoutprintln(priKey:+StringUtilsencodeHex(priKeygetEncoded()));
//用私钥签名
sig = SignaturegetInstance(SHAwithDSA);
siginitSign(priKey);
ByteArrayOutputStream streamRaw = new ByteArrayOutputStream();
DataOutputStream streamSig = new DataOutputStream(streamRaw);
streamSigwriteUTF(sss); sigupdate(streamRawtoByteArray());
String signatureS = StringUtilsencodeHex(sigsign());
Systemoutprintln(signature: +signatureS);
//用公钥做验证测试
Systemoutprintln(pubKey:+StringUtilsencodeHex(certgetPublicKey()getEncoded()));
ByteArrayOutputStream streamRaw = new ByteArrayOutputStream();
DataOutputStream streamSig = new DataOutputStream(streamRaw);
streamSigwriteUTF(sss); signatureupdate(streamRawtoByteArray());
Systemoutprintln(verify: +signatureverify(StringUtilsdecodeHex(signatureS)));
} catch(Exception e)
{
Systemoutprintln(e);
}
接下来你就可以把chinajavaworldcer和签名放在你的产品目录里了认证的时候读取cer证书中的公钥对签名内容进行认证就可以了
附
public static String encodeBase(byte data[]) {
boolean lineSep = false;
int sLen = data == null ? : datalength;
(sLen == ) return new String();
int eLen = (sLen / ) * ;
int cCnt = (sLen ) / + << ;
int dLen = cCnt + (lineSep ? (cCnt ) / << : );
char dArr[] = new char[dLen];
int s = ;
int d = ;
int cc = ;
do {
if(s >= eLen)
break;
int i = (data[s++] & xff) << | (data[s++] & xff) << | data[s++] & xff;
dArr[d++] = CA[i >>> & xf];
dArr[d++] = CA[i >>> & xf];
dArr[d++] = CA[i >>> & xf];
dArr[d++] = CA[i & xf];
if(lineSep && ++cc == && d < dLen )
{ dArr[d++] = \r;
dArr[d++] = \n;
cc = ;
}
} while(true);
int left = sLen eLen;
if(left > )
{ int i = (data[eLen] & xff) << | (left != ? : (data[sLen ] & xff) << );
dArr[dLen ] = CA[i >> ]; dArr[dLen ] = CA[i >>> & xf];
dArr[dLen ] = left != ? = : CA[i & xf]; dArr[dLen ] = =;
} return new String(dArr);
}
public static final String encodeHex(byte bytes[])
{ StringBuffer buf = new StringBuffer(byteslength * );
for(int i = ; i < byteslength; i++) {
if((bytes[i] & xff) < ) bufappend();
bufappend(LongtoString(bytes[i] & xff ));
} return buftoString();
}
public static final byte[] decodeHex(String hex) {
char chars[] = hextoCharArray();
byte bytes[] = new byte[charslength / ];
int byteCount = ;
for(int i = ; i < charslength; i += ) {
int newByte = ;
newByte |= hexCharToByte(chars[i]);
newByte <<= ;
newByte |= hexCharToByte(chars[i + ]);
bytes[byteCount] = (byte)newByte; byteCount++; } return bytes; }
