Download - Svetlin Nakov

More documents

Recommendations

Info

* and displays the verification results. The received document, certificate and * signature are taken from the member variables mReceivedFileData, mCertificate * and mSignature respectively. */ private void verifyReceivedSignature() throws IOException { mOut.println("Digital signature status: "); try { boolean signatureValid = DigitalSignatureUtils.verifyDocumentSignature( mReceivedFileData, mCertificate, mSignature); if (signatureValid) mOut.println("Signature is verified to be VALID."); else mOut.println("Signature is INVALID!"); } catch (Exception e) { e.printStackTrace(); mOut.println("Signature verification failed due to exception: " + e.toString()); } mOut.println(""); } /** * Displays information about given certificate. This information includes the * certificate subject distinguished name and its purposes (public key usages). */ private void displayCertificate(X509Certificate aCertificate) throws IOException { String certificateSubject = aCertificate.getSubjectDN().toString(); mOut.println("Certificate subject: " + certificateSubject + " "); } boolean[] certKeyUsage = aCertificate.getKeyUsage(); mOut.println("Certificate purposes (public key usages): "); if (certKeyUsage != null) { if (certKeyUsage[KEY_USAGE_DIGITAL_SIGNATURE]) mOut.println("[digitalSignature] - verify digital signatures "); if (certKeyUsage[KEY_USAGE_NON_REPUDIATION]) mOut.println("[nonRepudiation] - verify non-repudiation "); if (certKeyUsage[KEY_USAGE_KEY_ENCIPHERMENT]) mOut.println("[keyEncipherment] - encipher keys for transport"); if (certKeyUsage[KEY_USAGE_DATA_ENCIPHERMENT]) mOut.println("[dataEncipherment] - encipher user data "); if (certKeyUsage[KEY_USAGE_KEY_AGREEMENT]) mOut.println("[keyAgreement] - use for key agreement "); if (certKeyUsage[KEY_USAGE_CERT_SIGN]) mOut.println("[keyCertSign] - verify signatures on certs "); if (certKeyUsage[KEY_USAGE_CRL_SIGN]) mOut.println("[cRLSign] - verify signatures on CRLs "); if (certKeyUsage[KEY_USAGE_ENCIPHER_ONLY]) mOut.println("[encipherOnly] - encipher during key agreement "); if (certKeyUsage[KEY_USAGE_DECIPHER_ONLY]) mOut.println("[decipherOnly] - decipher during key agreement "); } else { mOut.println("[No purposes defined] "); } /** * Verifies received certificate directly and displays the verification results. * The certificate for verification is taken form mCertificate member variable. * Trusted certificates are taken from the CERTS_FOR_DIRECT_VALIDATION_DIR * directory. This directory should be relative to the Web application root * directory and should contain only .CER files (DER-encoded X.509 cert.). */ 122
private void verifyReceivedCertificate() throws IOException, GeneralSecurityException { // Create the list of the trusted certificates for direct validation X509Certificate[] trustedCertificates = getCertificateList(mApplicationContext,CERTS_FOR_DIRECT_VALIDATION_DIR); } // Verify the certificate and display the verification results mOut.println("Certificate direct verification status: "); try { DigitalSignatureUtils.verifyCertificate( mCertificate, trustedCertificates); mOut.println("Certificate is verified to be VALID."); } catch (CertificateExpiredException cee) { mOut.println("Certificate is INVALID (validity period expired)!"); } catch (CertificateNotYetValidException cnyve) { mOut.println("Certificate is INVALID (validity period not started)!"); } catch (DigitalSignatureUtils.CertificateValidationException cve) { mOut.println("Certificate is INVALID! " + cve.getMessage()); } mOut.println(""); /** * Verifies received certification chain and displays the verification results. * The chain for verification is taken form mCertPath member variable. Trusted * CA root certificates are taken from the TRUSTED_CA_ROOT_CERTS_DIR directory. * This directory should be relative to the Web application root directory and * should contain only .CER files (DER-encoded X.509 certificates). */ private void verifyReceivedCertificationChain() throws IOException, GeneralSecurityException { // Create the most trusted CA set of trust anchors X509Certificate[] trustedCACerts = getCertificateList(mApplicationContext, TRUSTED_CA_ROOT_CERTS_DIR); } // Verify the certification chain and display the verification results mOut.println("Certification chain verification: "); try { DigitalSignatureUtils.verifyCertificationChain( mCertPath, trustedCACerts); mOut.println("Certification chain verified to be VALID."); } catch (CertPathValidatorException cpve) { mOut.println("Certification chain is INVALID! Validation failed on " + "cert [" + cpve.getIndex() + "] from the chain: "+cpve.toString()); } mOut.println(" "); /** * @return a list of X509 certificates, obtained by reading all files from the * given directory. The supplied directory should be a given as a relative path * from the Web appication root (e.g. "/WEB-INF/test") and should contain only * .CER files (DER-encoded X.509 certificates). */ private X509Certificate[] getCertificateList(ServletContext aServletContext, String aCertificatesDirectory) throws IOException, GeneralSecurityException { // Get a list of all files in the given directory Set trustedCertsResNames = aServletContext.getResourcePaths(aCertificatesDirectory); // Allocate an array for storing the certificates int count = trustedCertsResNames.size(); X509Certificate[] trustedCertificates = new X509Certificate[count]; 123
Page 2 and 3:
Java за цифрово подпи
Page 4 and 5:
НАЦИОНАЛНА АКАДЕМИ
Page 6 and 7:
Съдържание СЪДЪРЖА
Page 8 and 9:
Увод Настоящата ра
Page 10 and 11:
сървърът има довер
Page 12 and 13:
Page 14 and 15:
обратното. Това пра
Page 16 and 17:
Цифрово подписване
Page 18 and 19:
Фигура 1-2. Верифика
Page 20 and 21:
независима страна,
Page 22 and 23:
(транзитивно). Техн
Page 24 and 25:
това лице (име, орга
Page 26 and 27:
В света на цифроват
Page 28 and 29:
Саморъчно подписан
Page 30 and 31:
Тя започва от серти
Page 32 and 33:
Хранилищата са защ
Page 34 and 35:
Издаване на сертиф
Page 36 and 37:
По подразбиране пр
Page 38 and 39:
Фигура 1-11. Списък с
Page 40 and 41:
Закупуване на цифр
Page 42 and 43:
.NET Windows Forms контрола
Page 44 and 45:
Фигура 1-13. Подписан
Page 46 and 47:
Предимство на тази
Page 48 and 49:
Java аплетите и сигур
Page 50 and 51:
Глава 2. Цифрови под
Page 52 and 53:
java.security.KeyStore Класът
Page 54 and 55:
certFactory.generateCertificate(str
Page 56 and 57:
java.security.cert.TrustAnchor Кл
Page 58 and 59:
Преди извикване на
Page 60 and 61:
Използване на Sun PKCS#
Page 62 and 63:
Page 64 and 65:
- DocumentSigningDemoWebApp - Java-
Page 66 and 67:
Тази команда подпи
Page 68 and 69:
Стандартно Java апле
Page 70 and 71:
Процесът на подпис
Page 72 and 73: Директна верификац
Page 74 and 75: Глава 4. NakovDocumentSigner -
Page 76 and 77: * The applet asks the user to locat
Page 78 and 79: } "Unable to access the local file
Page 80 and 81: private KeyStore loadKeyStoreFromPF
Page 82 and 83: import java.awt.event.*; import jav
Page 84 and 85: * Called when the browse button is
Page 86 and 87: ** * File filter class, intended to
Page 88 and 89: Skip padding from the end of encode
Page 90 and 91: след кодиране с Base64
Page 92 and 93: Важно е да не из
Page 94 and 95: Сертификати за тес
Page 96 and 97: * All rights reserved. This code is
Page 98 and 99: new PKCS11LibraryFileAndPINCodeDial
Page 100 and 101: Provider pkcs11Provider = (Provider
Page 102 and 103: import java.awt.*; import java.awt.
Page 104 and 105: ** * Called when the "Browse" butto
Page 106 and 107: } } return mResult; /** * File filt
Page 108 and 109: Резултатът от изпъ
Page 110 and 111: Фигура 4-3. Java Plug-In 1.5
Page 112 and 113: За директната пров
Page 114 and 115: Document signing apple
Page 116 and 117: scriptable="true" fileNameField="up
Page 118 and 119: * * Copyright (c) 2003 by Svetlin N
Page 120 and 121: displayFileInfo(mReceivedFile, mRec
Page 124 and 125: Read all X.509 certificate files on
Page 126 and 127: Фигура 4-7. Резултат
Page 128 and 129: InputStream aCertStream) throws Gen
Page 130 and 131: Create a set of trust anchors from
Page 132 and 133: web.xml action org.apache.strut
Page 134 and 135:
Page 136 and 137: НАЦИОНАЛНА АКАДЕМИ
Page 138 and 139: на удостоверителни
Page 140 and 141: НАЦИОНАЛНА АКАДЕМИ
Page 142 and 143: тите, инсталирани в
Page 144: 14. [MSDN WinForms] MSDN Library: D
show all

Download - Svetlin Nakov

Create successful ePaper yourself

Delete template?

Save as template?