<<PREV | ToC | NEXT>>

?

Since: Jun./06th/2004

?

dq?AJ??A髢ｧ??Mf[^`FbN@???B

J?}?ilA?j??At?驍ｱ?????(certificate)?B

????驍ｱ???A???AF?(CA: Certificate Authority)????g?BCA?????AJ??A??At?B??CA???驍ｱ?????A??F???Kv????B

?F?Kw?????[gigbvxj???ﾑ、[g???s?F???[gF?????AE?????A[gF???JXg?Aio?????驍ｱ???P?B??AMS I.E.?A[c[] -> [C^[lbgIvV] -> [Rec] -> [?] -> [M?[g?@]??AR[hT[oF????g?Xg??B

X.509?

??g???tH[}bgX.509????BX.509????o[W?AJavaT|[g??o[W3?B1988N?J?o[W1?`{I?K{??????F

• o[W...??Kp X.509 Ki?o[W
• VA?...??VA?
• ASY?q...CAgASY
• s?...?X.500?
• L...Jn??I?
• F??...??J???X.500?(DN)
• F???J...J?ASY?q

X.500??(DN: Distinguished Name)???????AC^[lbg???O????F

• CN... O (Common Name)
• OU... gD?(Organization Unit Name)
• O... gD(Organization Name)
• L... n (Locality)
• ST... B??An(State or Province Name)
• C... (Country)

keytool

??????AJava2 SDK?keytoolt??B"${java.home}/security/cacerts" ?o??B

>keytool -list -v -keystore C:\j2sdk1.4.2_04\jre\lib\security\cacerts
L[XgA?pX[h??:  changeit

L[XgA?^Cv: jks
L[XgA?voC_: SUN

L[XgA? 25 Gg???B

?: equifaxsecureebusinessca1
?: 2003/07/24
Gg?^Cv: trustedCertEntry

L: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
s: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
VA?: 4
L: Mon Jun 21 13:00:00 JST 1999 L: Sun Jun 21 13:00:00 JST 2020
??tBK[vg:
         MD5:  64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
         SHA1: DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41


*******************************************
*******************************************

?

keytool g????驍ｱ???B"c:\java""myKeystore.store" ?L[XgA?Amsugai?ACAX??yA???B

C:\java>keytool -genkey -keystore mykeystore.store -alias msugai
L[XgA?pX[h??:  password
??B
  [Unknown]:  manabu sugai
gDP???B
  [Unknown]:  JAVA PRESS
gD??B
  [Unknown]:  Zp]_
ss??n譁ｼ??B
  [Unknown]:  
B??n??B
  [Unknown]:  i
?P??Y 2 ????B
  [Unknown]:  ja
CN=manabu sugai, OU=JAVA PRESS, O=Zp]_, L=, ST=i, C=ja ????
  [no]:  y

<msugai> ?pX[h??B
        (L[XgA?pX[h?? RETURN ?):  javapress

?L[XgAAJ??^???A-export??t@C?o?BJ??l?A?t@C-import??L[XgA?????B

C:\java>keytool -export -keystore mykeystore.store -alias msugai -file msugai.cert
L[XgA?pX[h??:  password
?t@C  ???B

C:\java>keytool -import -keystore anotherkeystore.store -alias msugai -file msugai.cert
L[XgA?pX[h??:  altpassword
L: CN=manabu sugai, OU=JAVA PRESS, O=Zp]_, L=, ST=i, C=ja
s: CN=manabu sugai, OU=JAVA PRESS, O=Zp]_, L=, ST=i, C=ja
VA?: 408178c4
L: Sun Apr 18 03:34:44 JST 2004 L: Sat Jul 17 03:34:44 JST 2004
??tBK[vg:
         MD5:  0A:85:58:41:57:0A:BF:5F:61:98:AB:DA:F0:F6:7B:46
         SHA1: 2B:05:83:D0:07:E1:66:7E:56:51:94:10:02:FA:EB:2A:91:A4:53:05
??M?? [no]:  y
?L[XgA???B

-certreq ?驍ｱ??A???F???髀�??v(CSR)??驍ｱ???Bkeytool????ASun?hLgQ??B

R[h

髢ｧ?R[h??AM??A?L[XgA???M??A|Vt@C????ANZX^驍ｱ???BR[hjarsignerc[g?B

1. jar -cfJARt@C?
2. jarsignjerg?L[XgA?髢ｧJARt@C?
3. s}Vkeytoolg?L[XgA?A髢ｧ????J???
4. s}V???ANZX^|Vt@C?
5. ?R[hs

??Ajarsigner ?AJARt@C Myappl.jar ?AL[XgA mystore.store ?ACAXmsugai?髢ｧ????R}h??s?B

>jarsigner -keystore mykeystore.store Myappl.jar msugai
L[XgA?pX[h??: password
msugai ?pX[h??: javapress

jar tf> JARt@CXg?A"META-INF" fBNg "MSUGAI.PAT" "MSUGAI.DSA" ??驍ｱ??B"*.SF" ?}jtFXg?A"*.DSA" f[^?BAvbg??A[h?}10???_CAO\?B??{^?A??eXg??B???A???C??????驍ｱ??\?AF?????O?@???Yt????AM????B -------------------------------------------------- -------------------------------------------------- }10. ?R[h?F?_CAO ANZX^??As}V?|Vt@CkeystoreGg[LqAgrantGg[signedBytB[h?ANZX^ACAXw??iXg11jB Xg11. ??|Vt@C -------------------------------------------------- keystore "myLocalStore.store", "JKS"; grant signedBy "msugai" { permission java.io.FilePermission "<>", "read, write"; ... // ? ... }; -------------------------------------------------- jarsigner????ASun?hLg(http://java.sun.com/j2se/1.4/ja/docs/ja/tooldocs/win32/jarsigner.html)Q??B ?? X.509??Ajava.security.cert.Certificatepjava.security.cert.X509Certificate?\?B??@\?ARAEpbP[W??p?????AIvVpbP[Wsun.security.x509AT[hx_[?pbP[Wg???BXg12?ASSL?M?vAX.509?A謫ｾ???T[ubg?R[h?B Xg12. SSL?謫ｾ -------------------------------------------------- if (request.isSecure()) { java.security.cert.X509Certificate[] certs = request.getAttribute("javax.servlet.request.X509Certificate"); if (certs != null) { for (int = 0; i < certs.length; i++) { if (certs[i] != null) { // X509Certificate?Qb^[??謫ｾ java.security.Principal userDN = certs[i].getSubjectDN(); java.security.Principal issureDN = certs[i].getIssureDN(); int version = certs[i].getVersion(); java.util.Date notBefore = certs[i].getNotBefore(); java.util.Date notAfter = certs[i].getNotAfter(); java.math.BigInteger serial = certs[i].getSerialNumber(); ... // ? ... } } } } --------------------------------------------------

<<PREV | ToC | NEXT>>