ߘ ޛ ̓͂ ̓ Ŋ
ś

Todd Sundsted ߜ
JavaWorld
͕͟ ΂ :݇ͅ



˜ ŋ (Certificate) ߘ ˜ X.509 ͘
˜ ˂ ś ޟ .ŋ ߃ ͅߙ ߜ X.509 ߘ
.˜ ͐ ˝ ɟ߅ X.509

.˟͟ ͕ ΃ ޛ ̓͂ ̓ ޅ ̓ ˟

ߛ ͐ public-key ̘ Λ ś
݂ secret-key ̘ Λ ˟ ˂ Ś ͟
͂銂 ߛ ނ ޟ . ɟ߅
ߘ ͂ Ο ނ .ˌ ߃ ̘ Λ public-key
鉃 (Certificate Authorities) CA ނԂ ߉ ͟


(Simple Distributed Security Infrastructure) ˜ ŋ ߇ߛ ߘ
ߘ ͕ ś ޟ .X.509 PGP (Pretty Good Privacy) SDSI
.ݝ ɟ߅ ŋ PKI ˜



X.509 ś͕
鐋߅ X.509 ߘ ś͕ ITU (International Telecommunication Union)
(Internet Engineering Task Force) ͘ ԋ߅ ś͕ ޟ .ߛ ͌
.ˌ ˟삅 IETF

(Abstract Syntax Notation One) ASN.1 ݂ ˂ ڛ X.509 ˜
ߜ ŋ ˜ ނ ASN.1 .霗 ؟͐ ߘ ś͕
.˟ ɟ͌ ͕ Ś ܖ ͇

Internet X.509 Public-Key Infrstructure-Certificate and CRL Profile ˜
ASN.1 ˂ ߍ X.509 ߘ ś͕ ŋ ˌ ͌ PKIX ͘ ԋ߅
.˝ ɟ߅

˜߅ ŋ ˟ ߘ ˜ ߜ
ASN.1 霛 ޟ˃ .˝ ɟ߅ ş ͋ ߍ ߜ ߛ
.˜ ˂ (Distinguished Encoding Rules) DER

̓ ڟ X.509 ߘ ASN.1 ؟͐ ڟ DER ڛ ˟߅
霂ߊ .˟ߜ ˜ߊ X.509 ߘ ˟ߜ ߂ ̓͂
X.509 ߘ J2SE ͕ Ś ͟ .ŋ ߌ ˜ ͂ ޟ




̓ (͖) X.509
java.security.cert ߃͛ Пͅ К
ނ 酟 API ͟ ˜ Certificate .˜
雂 韕ͅ К ˜ ڟ ŋ ˌ factory
͂ 雂 ̙ ˜ ͇ .˜ ؟͐ ̓
factory К ߛ ߏ .˜ ˟ ͅ " ˜߅
.˜͘ ΂ ˂ ͇ К ߘ͟ ߛ

java.security.cert.CRL java.security.cert.Certificate 鞋
CRL Certificate .霜 ؟͐ Пͅ
CertificateFactory К .˜ ނ (Certificate Revocation Lists)
.ŋ factory Ο

Certificate 釛 ΂˂ java.security.cert
CRL К ޟ .CRL X.509 ߘ К : CRL
陛 Є ˜ ΂ ˂ ͗ ՜
К ߛ CertificateFactory ߛ .˜ ԋ X.509
X.509 ˜ ˂ ̓ ˜͘ ΂
.˟ ܟ˃

ͅ java.security.cert X.509 extension Пͅ
͂ ͅ ޟ .˜ ؟͐ X.509 Certificate ͅ
ł鏚 ݝ͕ ߘ ނ˜΂ ̓ ˜
鋘 ߘ ŋ ޗ ܂ ̓ .˜ Ë ߘ ͂ ͅ
.˜ ˂ ̓ KeyUsage

SPI (Service Provider Interface) К 雂 java.security.cert 鋃
(SPI.Java2) Certificate ͂ П͋ ޟ .ˌ


java.security.cert 酋 Пͅ ܟ ˟ ΂
.ݟ ͖ ̓ ߛ



java.security.cert.CertificateFactory
CertificateFactory ߛ static ˅ CertificateFactory К
CRL Certificate 韂 ߘ ߜ ̓
̓͂ ߉ ݞ ˅ ޛ .˜΂
.ݟ ͂ ޟ ˗ ݝ ɟ߅

public static CertificateFactory getInstance(String stringtype)
public static CertificateFactory getInstance(String stringtype, String stringProvider)
͂ 錛 ߘ ̓ CertificateFactory ߛ
X.509 stringType 閛 ͘ ߛ ̓ .˜͘ ΂ stringType
銂 Ë CertificateFactory К ߛ ˅ ͝ ˌ
.˜͘ ΂ X.509 CRL x.509 Certificate ߛ
韘 ނߘ ߜ ̘ Λ ˜ П͋ ݂
.˜ ˂ ͕ џ

public final Certificate generateCertificate(InputStream inputstream)
. ΂ inputstream ˌ ˜ߊ ڛ ߘ
reset() mark() ł雏 ˌ ߘ ڟ џ ނ͇
.˜ߊ Certificate ڟ ˅ ˜

public final collection generateCertificates(InputStream inputstream)

΂ inputstream ˌ ˜ߊ ڛ Certificate collection
關 mark() reset() ł ނ͇ ͘ .˜͘
.˟ ˂ ނ͇ ˅



public final CRL gernateCRL(InputStream inputstream)

. ΂ inputstream ˌ ˜ߊ ڛ CRL
reset() mark() ł ˌ CRL ڟ џ ނ͇
ނ 鉛 ˜ߊ CRL ڟ Ԗ ˅ ˜
.˝ ͟

ߛ public final collection generateCRLs(InputStream inputstream)
΂ inputstream ˂ CRL
˅ ˜ reset() mark() ނ͇ ͘ .˜͘
.˝ ͖ ˂ ߛ ނ͇ ܗ

:ݟ ̓ ߕ ˅ ͂ ͗ ߉ ˟ ΂
߅ ˟ generateCertificate() generateCRL() ˅
.߃ ˝ߊ ҂ CRL ߘ ڟ ͘ ˌ ˌ ˗ DER ߜ

ނ 鉛 generateCertificate() generateCRL() ˅
.˜ ˂ PKCS#7 CRL DER ˌ ̘ Λ џ ̓





java.security.cert.Certificate
X.509 PGP ͅ Пͅ java.jecurity.cert.Certificate
: ˜͂ К ޟ ˛ ˅ .˜ ؟͐ ͘ ߘ ˜

韝ߘ ߃͛ PublicKey public abstract PublicKey getPublicKey()
.˜͘ ΂ ˜ߊ ͕ ˅ ޟ

.˜͘ ΂ ߘ ˌ ˗ ܗ public abstract byte [] getEncoded()
public abstract void verify(PublicKey publickey)
public abstract void verify(PublicKey publickey, String stringProvider)
陗 ͘ .˜ PublicKey ߃͛ ߍ ˟
.˜ ˂ Signature exception ˅ ͝ ˜ ˜ ͂΂



java.security.cert.X.509Certificate
. ϟ X.509 ԋ ߕ ߘ К К ޟ
߂ Certificate ԋ ޟ ߛ ͟ .ŋ ݞ ߗ̛ К


΂ ) public_abstract_byte_[]_getEncoded()
.˜ ˂ ߘ ̓ DER ̘ Λ ˅ ޟ .˜͘

ܛ Java.Security.cert.X.509Certificate ͘ ͗ ͆
酛 ޟ .˜ Certificate ͂ ˜ Query
: ˜͂

.˜͘ ΂ ߘ public abstract int getVersion()

ߘ ߎߛ ͂ public abstract principal getSubjectDN()
.˜͘ ΂

͌ ͂ public abstract principal getIssuerDN()
.˜͘ ΂ ŋ CA "ߛ

public abstract_Date getNotAfter()
霜͘ ΂ ͟˂ public abstract Date getNotBefore()
.˜ ˉ Ŗ PublicKey ܂ ̓ ͌

΂ ߘ ܂͋ ͂ public abstract BigInteger getSerialNumber()
.ŋ ͕ ͍ ͌ ݂ ܂͋ ͂ ͅ .˜͘

public abstract String getSigAlgName()
ߘ ͂ public abstract String getSigAlgOID()
.˜͘ ΂ ߘ ˟ ̓ ͂

ߘ ̓ ˌ ؟͐ ͅ ͂ ͟ ˅
.˜ ߇ ߘ Ԗ ͅ ޟ .˜

鋘 ߘ ͟ public abstract int getBasicConstraints()
醗ˉ ͟ .˜͘ ΂ ( ؟͐ ߍ) Basic Constraints
.˜ ނ ߘ Є ߇ߛ CA Certificate

鋘 ˌ ˗ ߘ ˝ public abstract boolean[] getKeyUsage()
.˜͘ ΂ KeyUsage

public Set getCriticalExtensionOIDs()
釃 ߛ public set getNonCriticalExtensionOIDs()
OID .˜͘ ΂ ͉ ͟ ͉ ͅ ̓ (OID)
.˜ ŋ ˏ

џ ͊ ߉ ߘ ˟߅ ̓ factory ˂ ߉ ͟ ˗
.˝ ނ ߘ ͂

import java.util.Set;
import java.util.Iterator;
import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

public
class Main
{
  public
  static
  void
  main(String [] arstring)
  {
    try
    {
      // Get the correct certificate factory.
      CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
      // Each file specified on the command line must contain a single
      // DER-encoded X.509 certificate. The DER-encoded certificate
      // can be in either binary or ASCII format.
      for (int i = 0; i < arstring.length; i++)
      {
        // Open the file.
        FileInputStream fileinputstream = new FileInputStream(arstring[i]);
        // Generate a certificate from the data in the file.
        X509Certificate x509certificate =
          (X509Certificate)certificatefactory.generateCertificate(fileinputstream);
        // First, let's print out information about the certificate itself.
        System.out.println("---Certificate---");
        System.out.println("type = " + x509certificate.getType());
        System.out.println("version = " + x509certificate.getVersion());
        System.out.println("subject = " + x509certificate.getSubjectDN().getName());
        System.out.println("valid from = " + x509certificate.getNotBefore());
        System.out.println("valid to = " + x509certificate.getNotAfter());
        System.out.println("serial number = " + x509certificate.getSerialNumber().toString(16));
        System.out.println("issuer = " + x509certificate.getIssuerDN().getName());
        System.out.println("signing algorithm = " + x509certificate.getSigAlgName());
        System.out.println("public key algorithm = " + x509certificate.getPublicKey().getAlgorithm());
        // Next, let's print out information about the extensions.
        System.out.println("---Extensions---");
        Set setCritical = x509certificate.getCriticalExtensionOIDs();
        if (setCritical != null && setCritical.isEmpty() == false)
          for (Iterator iterator = setCritical.iterator(); iterator.hasNext(); )
            System.out.println(iterator.next().toString() + " *critical*");
        Set setNonCritical = x509certificate.getNonCriticalExtensionOIDs();
        if (setNonCritical != null && setNonCritical.isEmpty() == false)
          for (Iterator iterator = setNonCritical.iterator(); iterator.hasNext(); )
            System.out.println(iterator.next().toString());
        // We're done.
        System.out.println("---");
        // Close the file.
        fileinputstream.close();
      }
    }
    catch (Exception exception)
    {
      exception.printStackTrace();
    }
  }
}

. ܟ ܟ К ߕ ŋ К ؟͐ ˟߅ ˟
.˟ Ҋ Certificate ܟ ˜ ڟ ˟ К ͇ ݂




:
˂镅 ߊ ̓͂ ̓ Certificate ˟ ͘
镛 ޟ ˌ ߛ ˗ ߕ API ߇ߛ ł
.˜ ݞ ˜ ˜ Ù Ο DER ASN.1 .߃ ˜ߊ


Copyright 2001, IT World / JavaWorld / International Data Group Corp / PC WORLD Iran. All rights reserved.


՜
ޟ ߛ ߊ ՜
:˟ߘ Ùԛ

-
-
-

-
Ë -
ߗ -

-
ߙԛ -
ŋ ˜ -




:ڟͅ ŋ

: ŗ͌ ݂

܃ ś
ś - ߘ ޛ ̓͂ ̓ Ŋ
ś - ߘ ޛ ̓͂ ̓ Ŋ