Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Programming =>  Java

Generate certificate from cert file in Java

  Pi Ke      2015-06-08 06:47:05      3,861    0    0

A certificate is often used to prove the identity of a server. The certificate will contain information such as the subject and issuer of the certificate. It will also contain the validation date of the certificate. A certificate is often exported to an external cert file which is transferred over the internet. We will often see its use in SSL communication which provides secure communication between two entities.

In this post, we will show how to read the data from an external certificate file and generate a X509 certificate object with the data. This object can then be used to conduct other operation such as storing it into other keystores.

There are two types of certificate encodings:

  • .DER = The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension.   Proper English usage would be “I have a DER encoded certificate” not “I have a DER certificate”.
  • .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line.

in Java, we can read a certificate file and generate certificate using CertificateFactory.

try{
	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	Certificate cert = cf.generateCertificate(new FileInputStream("ca.cert"));
	System.out.println(cert);
}catch(Exception ex){
	ex.printStackTrace();
}

The output may look like :

[
[
  Version: V3
  Subject: CN=CA
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 28015891710605352506002662146409142433492142187151584887925047205146078947940391389965865808576725643815131249486267252759332002553992698694568297107048246915652501803858966148915970078059270226185250393130730554024665054998535862190432390443786153117598493266828011584547227968609313271445678818240488861067854938042365744721229236789448570394761961620987991340690110048148067889581746974498943743860510112173058801682609667916937379451627078420501544982391418217358066298198667559922847160674985880600134914360939391471784181286984509191059676561420834772193902060126140911992870293212919904884739549116401238001377
  public exponent: 65537
  Validity: [From: Mon Jun 08 19:40:44 SGT 2015,
               To: Sun Sep 06 19:40:44 SGT 2015]
  Issuer: CN=CA
  SerialNumber: [    24b991d3]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E6 01 F8 F2 4D DB 3D E1   F2 17 70 89 27 25 09 DA  ....M.=...p.'%..
0010: CC 28 90 0E                                        .(..
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 9F 37 F9 83 1E F3 35 DA   CF AB 2A 47 B7 63 32 6C  .7....5...*G.c2l
0010: 74 65 49 B6 6A D1 2C D3   B5 C6 EF 47 1D 35 A0 2A  teI.j.,....G.5.*
0020: 5B C4 13 14 5A 89 2F 4C   F2 49 3D 2F 2C E3 49 0C  [...Z./L.I=/,.I.
0030: 1A 9A F8 97 3D 35 BF A7   F3 09 C3 F6 99 75 3D 82  ....=5.......u=.
0040: A7 4A 78 7C C4 CA A3 80   04 89 39 10 55 EC 8A 3E  .Jx.......9.U..>
0050: AD 3A E6 5D A2 D8 C6 82   8C AB 06 55 FE 30 AC F7  .:.].......U.0..
0060: 97 17 F8 32 2F 35 AC C9   03 D0 2B 2D B7 CB B4 38  ...2/5....+-...8
0070: B7 86 B7 71 B5 84 C3 61   BB DF 03 F7 ED DD F5 A5  ...q...a........
0080: 76 71 74 BB B1 9A 3F DB   66 B0 42 DF A6 2D 71 20  vqt...?.f.B..-q 
0090: CE CB 83 ED AD D0 53 8A   10 89 42 96 17 E2 9A 97  ......S...B.....
00A0: 27 6F 5B A5 29 54 1F 6B   19 87 7A 77 2C 6A FA AF  'o[.)T.k..zw,j..
00B0: 03 28 AC E6 1D 64 E2 17   48 9A DA 60 98 B9 B2 A1  .(...d..H..`....
00C0: BC 6F 33 D9 11 2C B8 D2   94 66 8F 90 88 C4 12 9D  .o3..,...f......
00D0: DD 7C DA DA 25 F6 F9 28   9D EA A4 BB F7 C0 FE 50  ....%..(.......P
00E0: A1 84 3A C9 25 A8 B5 59   7B 81 A6 89 D6 0E C9 6D  ..:.%..Y.......m
00F0: 6B D2 8E 9E B2 81 40 FD   47 7F 20 E8 D0 B9 5D 71  k.....@.G. ...]q

]

After this, you can store the certificate into an external KeyStore file such as PKCS12. For details on how to store the certificate into a keystore such as PKCS12, please read Different types of keystore in Java -- PKCS12.

JAVA EXAMPLE X509 PKCS12 CERTIFICATEFACTORY

  SAVE AS PDF   MARK AS READ   MARK AS IMPORTANT

Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious

  RELATED


  0 COMMENT


No comment for this article.


  WRITE ARTICLE

When boss walks by

By sonic0002