Download - Svetlin Nakov

More documents

Recommendations

Info

InputStream aCertStream) throws GeneralSecurityException { CertificateFactory cf=CertificateFactory.getInstance(X509_CERTIFICATE_TYPE); X509Certificate cert = (X509Certificate)cf.generateCertificate(aCertStream); return cert; } /** * Loads X.509 certificate from DER-encoded binary file (.CER file). */ public static X509Certificate loadX509CertificateFromCERFile(String aFileName) throws GeneralSecurityException, IOException { FileInputStream fis = new FileInputStream(aFileName); X509Certificate cert = null; try { cert = loadX509CertificateFromStream(fis); } finally { fis.close(); } return cert; } /** * Loads a certification chain from given Base64-encoded string, containing * ASN.1 DER formatted chain, stored with PkiPath encoding. */ public static CertPath loadCertPathFromBase64String( String aCertChainBase64Encoded) throws CertificateException, IOException { byte[] certChainEncoded = Base64Utils.base64Decode(aCertChainBase64Encoded); CertificateFactory cf=CertificateFactory.getInstance(X509_CERTIFICATE_TYPE); InputStream certChainStream = new ByteArrayInputStream(certChainEncoded); CertPath certPath; try { certPath = cf.generateCertPath(certChainStream, CERT_CHAIN_ENCODING); } finally { certChainStream.close(); } return certPath; } /** * Verifies given digital singature. Checks if given signature is obtained by * signing given document with the private key corresponing to given public key. */ public static boolean verifyDocumentSignature(byte[] aDocument, PublicKey aPublicKey, byte[] aSignature) throws GeneralSecurityException { Signature signatureAlgorithm = Signature.getInstance(DIGITAL_SIGNATURE_ALGORITHM_NAME); signatureAlgorithm.initVerify(aPublicKey); signatureAlgorithm.update(aDocument); boolean valid = signatureAlgorithm.verify(aSignature); return valid; } /** * Verifies given digital singature. Checks if given signature is obtained * by signing given document with the private key corresponing to given * certificate. */ public static boolean verifyDocumentSignature(byte[] aDocument, X509Certificate aCertificate, byte[] aSignature) throws GeneralSecurityException { 128
} PublicKey publicKey = aCertificate.getPublicKey(); boolean valid = verifyDocumentSignature(aDocument, publicKey, aSignature); return valid; /** * Verifies a certificate. Checks its validity period and tries to find a * trusted certificate from given list of trusted certificates that is directly * signed given certificate. The certificate is valid if no exception is thrown. * * @param aCertificate the certificate to be verified. * @param aTrustedCertificates a list of trusted certificates to be used in * the verification process. * * @throws CertificateExpiredException if the certificate validity period is * expired. * @throws CertificateNotYetValidException if the certificate validity period is * not yet started. * @throws CertificateValidationException if the certificate is invalid (can not * be validated using the given set of trusted certificates. */ public static void verifyCertificate(X509Certificate aCertificate, X509Certificate[] aTrustedCertificates) throws GeneralSecurityException { // First check certificate validity period aCertificate.checkValidity(); // Check if the certificate is signed by some of the given trusted certs for (int i=0; i it is invalid throw new CertificateValidationException( "Can not find trusted parent certificate."); /** * Verifies certification chain using "PKIX" algorithm, defined in RFC-3280. * It is considered that the given certification chain start with the target * certificate and finish with some root CA certificate. The certification * chain is valid if no exception is thrown. * * @param aCertChain the certification chain to be verified. * @param aTrustedCACertificates a list of most trusted root CA certificates. * @throws CertPathValidatorException if the certification chain is invalid. */ public static void verifyCertificationChain(CertPath aCertChain, X509Certificate[] aTrustedCACertificates) throws GeneralSecurityException { int chainLength = aCertChain.getCertificates().size(); if (chainLength < 2) { throw new CertPathValidatorException("The certification chain is too " + "short. It should consist of at least 2 certiicates."); } 129
Page 2 and 3:
Java за цифрово подпи
Page 4 and 5:
НАЦИОНАЛНА АКАДЕМИ
Page 6 and 7:
Съдържание СЪДЪРЖА
Page 8 and 9:
Увод Настоящата ра
Page 10 and 11:
сървърът има довер
Page 12 and 13:
Page 14 and 15:
обратното. Това пра
Page 16 and 17:
Цифрово подписване
Page 18 and 19:
Фигура 1-2. Верифика
Page 20 and 21:
независима страна,
Page 22 and 23:
(транзитивно). Техн
Page 24 and 25:
това лице (име, орга
Page 26 and 27:
В света на цифроват
Page 28 and 29:
Саморъчно подписан
Page 30 and 31:
Тя започва от серти
Page 32 and 33:
Хранилищата са защ
Page 34 and 35:
Издаване на сертиф
Page 36 and 37:
По подразбиране пр
Page 38 and 39:
Фигура 1-11. Списък с
Page 40 and 41:
Закупуване на цифр
Page 42 and 43:
.NET Windows Forms контрола
Page 44 and 45:
Фигура 1-13. Подписан
Page 46 and 47:
Предимство на тази
Page 48 and 49:
Java аплетите и сигур
Page 50 and 51:
Глава 2. Цифрови под
Page 52 and 53:
java.security.KeyStore Класът
Page 54 and 55:
certFactory.generateCertificate(str
Page 56 and 57:
java.security.cert.TrustAnchor Кл
Page 58 and 59:
Преди извикване на
Page 60 and 61:
Използване на Sun PKCS#
Page 62 and 63:
Page 64 and 65:
- DocumentSigningDemoWebApp - Java-
Page 66 and 67:
Тази команда подпи
Page 68 and 69:
Стандартно Java апле
Page 70 and 71:
Процесът на подпис
Page 72 and 73:
Директна верификац
Page 74 and 75:
Глава 4. NakovDocumentSigner -
Page 76 and 77:
* The applet asks the user to locat
Page 78 and 79: } "Unable to access the local file
Page 80 and 81: private KeyStore loadKeyStoreFromPF
Page 82 and 83: import java.awt.event.*; import jav
Page 84 and 85: * Called when the browse button is
Page 86 and 87: ** * File filter class, intended to
Page 88 and 89: Skip padding from the end of encode
Page 90 and 91: след кодиране с Base64
Page 92 and 93: Важно е да не из
Page 94 and 95: Сертификати за тес
Page 96 and 97: * All rights reserved. This code is
Page 98 and 99: new PKCS11LibraryFileAndPINCodeDial
Page 100 and 101: Provider pkcs11Provider = (Provider
Page 102 and 103: import java.awt.*; import java.awt.
Page 104 and 105: ** * Called when the "Browse" butto
Page 106 and 107: } } return mResult; /** * File filt
Page 108 and 109: Резултатът от изпъ
Page 110 and 111: Фигура 4-3. Java Plug-In 1.5
Page 112 and 113: За директната пров
Page 114 and 115: Document signing apple
Page 116 and 117: scriptable="true" fileNameField="up
Page 118 and 119: * * Copyright (c) 2003 by Svetlin N
Page 120 and 121: displayFileInfo(mReceivedFile, mRec
Page 122 and 123: * and displays the verification res
Page 124 and 125: Read all X.509 certificate files on
Page 126 and 127: Фигура 4-7. Резултат
Page 130 and 131: Create a set of trust anchors from
Page 132 and 133: web.xml action org.apache.strut
Page 134 and 135:
Page 136 and 137: НАЦИОНАЛНА АКАДЕМИ
Page 138 and 139: на удостоверителни
Page 140 and 141: НАЦИОНАЛНА АКАДЕМИ
Page 142 and 143: тите, инсталирани в
Page 144: 14. [MSDN WinForms] MSDN Library: D
show all

Download - Svetlin Nakov

Create successful ePaper yourself

Delete template?

Save as template?