Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com > Java Development Tools >

Construct secure networked applications with certificates, Part 2

Learn to use X.509 certificates

By Todd Sundsted, JavaWorld.com, 02/16/01

  • Print
  • Feedback
.

Page 4 of 4

The code

The following class demonstrates how to obtain a certificate factory, how to use that factory to generate a certificate from the DER-encoded representation in a file, and how to extract and display information about the certificate. You'll notice how little you have to worry about the underlying encoding. 

import java.util.Set;
import java.util.Iterator;
import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public
class Main
{
  public
  static
  void
  main(String [] arstring)
  {
    try
    {
      // Get the correct certificate factory.
      CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
      // Each file specified on the command line must contain a single
      // DER-encoded X.509 certificate.  The DER-encoded certificate
      // can be in either binary or ASCII format.
      for (int i = 0; i < arstring.length; i++)
      {
        // Open the file.
        FileInputStream fileinputstream = new FileInputStream(arstring[i]);
        // Generate a certificate from the data in the file.
        X509Certificate x509certificate =
          (X509Certificate)certificatefactory.generateCertificate(fileinputstream);
        // First, let's print out information about the certificate itself.
        System.out.println("---Certificate---");
        System.out.println("type = " + x509certificate.getType());
        System.out.println("version = " + x509certificate.getVersion());
        System.out.println("subject = " + x509certificate.getSubjectDN().getName());
        System.out.println("valid from = " + x509certificate.getNotBefore());
        System.out.println("valid to = " + x509certificate.getNotAfter());
        System.out.println("serial number = " + x509certificate.getSerialNumber().toString(16));
        System.out.println("issuer = " + x509certificate.getIssuerDN().getName());
        System.out.println("signing algorithm = " + x509certificate.getSigAlgName());
        System.out.println("public key algorithm = " + x509certificate.getPublicKey().getAlgorithm());
        // Next, let's print out information about the extensions.
        System.out.println("---Extensions---");
        Set setCritical = x509certificate.getCriticalExtensionOIDs();
        if (setCritical != null && setCritical.isEmpty() == false)
          for (Iterator iterator = setCritical.iterator(); iterator.hasNext(); )
            System.out.println(iterator.next().toString() + " *critical*");
        Set setNonCritical = x509certificate.getNonCriticalExtensionOIDs();
        if (setNonCritical != null && setNonCritical.isEmpty() == false)
          for (Iterator iterator = setNonCritical.iterator(); iterator.hasNext(); )
            System.out.println(iterator.next().toString());
        // We're done.
        System.out.println("---");
        // Close the file.
        fileinputstream.close();
      }
    }
    catch (Exception exception)
    {
      exception.printStackTrace();
    }
  }
}


You should be able to compile the class definition in the listing above into a classfile. When you execute the class, you should specify the names of one or more certificate files on the command line.

Conclusion

If you plan to use certificates in your applications, the information on the API above and the sample code available in Resources should point you in the right direction. As far as X.509 is concerned, the material on ASN.1 and DER is interesting, but not directly important; Sun's implementation takes care of the details for you. Next month I will cover certificate revocation and the CRL and X509CRL classes. I'll also elaborate a bit more on the software presented this month.

About the author

Todd Sundsted has been writing programs since computers became available in convenient desktop models. Though originally interested in building distributed applications in C++, Todd moved on to the Java programming language when it became the obvious choice for that sort of thing. In addition to writing, Todd is cofounder and chief architect of PointFire.

Read more about Tools & Methods in JavaWorld's Tools & Methods section.

  • Print
  • Feedback

Resources