S.SAHU S.SAHU - 2 months ago 17
Java Question

I want to sign data using a certificate installed on browser using java

I know how to sign data using a certificate present on system(machine) but the requirement is to sign the data using certi present on browser. Below is the code. If anyone find my code wrong then please let me know because i am not sure regarding its correctness.

PS - This code works.

import java.io.FileInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

public class class123 {
public static void main(String[] args) {
String input = "shubham";
byte[] signature = createSignature(input.getBytes());
System.out.println(createSignature(input.getBytes()));
verifySignature(input.getBytes(), signature);
}

private static byte[] createSignature(byte[] file) {
byte[] signature = null;
String Password="abc";
try {
java.security.KeyStore keyStoreFile = java.security.KeyStore.getInstance("PKCS12");
keyStoreFile.load(new FileInputStream("D:\\1.p12"), Password.toCharArray()); //address of certificate (pfx file) and corresponding password.
Enumeration<String> aliases = keyStoreFile.aliases();
String alias = aliases.nextElement();
PrivateKey privateKey = (PrivateKey) keyStoreFile.getKey(alias, Password.toCharArray());

Signature dsa = Signature.getInstance("SHA1withRSA");
dsa.initSign(privateKey);
dsa.update(file, 0, file.length);
signature = dsa.sign();

} catch (Exception e) {

e.printStackTrace();
}
return signature;

}

private static void verifySignature(byte[] file, byte[] sign) {
String Password="abc";
try {
java.security.KeyStore keyStoreFile = java.security.KeyStore.getInstance("PKCS12");
keyStoreFile.load(new FileInputStream("D:\\1.p12"), Password.toCharArray());
Enumeration<String> aliases = keyStoreFile.aliases();
String alias = aliases.nextElement();
Signature dsa = Signature.getInstance("SHA1withRSA");
dsa.initVerify(((X509Certificate) keyStoreFile.getCertificate(alias)).getPublicKey());
dsa.update(file);
boolean ret = dsa.verify(sign);
System.out.println(ret);


} catch (Exception e) {

e.printStackTrace();
}


}


}

Answer
import java.io.FileOutputStream;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;

public class CertificateFromBrowser {
    public static void main(String[] args) throws Exception {
        testConnectionTo(""); // pass the url (eg: https://www.example.com)
    }

    public static void testConnectionTo(String aURL) throws Exception {
        URL destinationURL = new URL(aURL);
        HttpsURLConnection conn = (HttpsURLConnection) destinationURL.openConnection();
        conn.connect();
        Certificate[] certs = conn.getServerCertificates();
        System.out.println("nb = " + certs.length);
        for (Certificate cert : certs) {
            System.out.println("");
            System.out.println("");
            System.out.println("");
            System.out.println("################################################################");
            System.out.println("");
            System.out.println("");
            System.out.println("");
            System.out.println("Certificate is: " + cert);
            if (cert instanceof X509Certificate) {
                try {
                    ((X509Certificate) cert).checkValidity();
                    System.out.println("Certificate is active for current date");

                } catch (CertificateExpiredException cee) {
                    System.out.println("Certificate is expired");
                }
            } else {
                System.err.println("Unknown certificate type: " + cert);
            }
        }
    }
}