验证公、私钥证书是否有效

公钥在服务端使用

私钥是由服务端提供给客户端使用

问题：服务端提供的证书是否配对，怎么验证？

public class SignTest {

 /**
  * @author HONGXUSHUAN605
  * @date 2012-6-21
  * @todo TODO
  * @param args
  */
 private static String KEYSTORE_FILENAME="D:/translateCertificate/EXV_BIS_IFRONT_PCIS__001_PRD.pfx";   // 私钥
 private static String KEYSTORE_PASSWORD="paic1234";
 private static String KEYSTORE_ALIAS="1";
 private static String PUBLICKEY_FILENAME="D:/translateCertificate/_PRD.cer";   // 公钥

 public static void main(String[] args) {
  String data="abcd";
  System.out.println("开始签名...");
  String signValue=signData(data,KEYSTORE_FILENAME,KEYSTORE_PASSWORD,KEYSTORE_ALIAS);
  System.out.println("签名结果："+signValue);
  System.out.println("****************************");
  System.out.println("开始验签...");
  boolean verifies=verifyData(data,signValue+"a",PUBLICKEY_FILENAME);
  System.out.println("验签结果："+verifies);

 }
 
 public static boolean verifyData(String data, String signValue,String p7bFileName) {
  boolean verifies = false;
  FileInputStream in = null;
  try {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");//取X.509格式的证书
    in = new FileInputStream(p7bFileName);//取公钥证书文件的流
    Certificate cert = cf.generateCertificate(in);//取出证书
    PublicKey publicKey = cert.getPublicKey();//从证书里取出公钥
    Signature dsa = Signature.getInstance("SHA1withRSA");//指定签名算法
    dsa.initVerify(publicKey);//加入公钥
    dsa.update(data.getBytes());//更新数据
    BASE64Decoder decoder = new BASE64Decoder();
    verifies = dsa.verify(decoder.decodeBuffer(signValue));//base64解码并用公钥验证签名
   }
  catch(Exception e)
  {
   e.printStackTrace();
  }
  return verifies;
  }
 
 /**
  * 签名算法
  * @author HONGXUSHUAN605
  * @date 2012-7-2
  * @todo TODO
  * @param data  需要签名的内容
  * @param keyStoreFileName  含私钥的文件
  * @return
  */
 public static String signData(String data,String keyStoreFileName,String keyStorePassword,String keyStoreAlias)
 {
  
  KeyStore keyStore;
  byte[]  signRstByte=null;
  String signValue="";
  try {
   String certificateType = "";
   if(keyStoreFileName.toUpperCase().indexOf("PFX")>=0){
    certificateType = "PKCS12";
   }else{
    certificateType = "JKS";
   }
   keyStore = KeyStore.getInstance(certificateType);//获取JKS证书实例
   FileInputStream in=new FileInputStream(keyStoreFileName);//获取证书文件流
   char[]pwdChar=keyStorePassword.toCharArray();//证书密码
   keyStore.load(in, pwdChar);//加载证书到keystore中
   PrivateKey privateKey=(PrivateKey)keyStore.getKey(keyStoreAlias, pwdChar);//从证书中获取私钥
   Signature sign=Signature.getInstance("SHA1WithRSA");//SHA1WithRSA签名算法
   sign.initSign(privateKey);//设置私钥
   sign.update(data.getBytes());//设置明文
   signRstByte=sign.sign();//加密
   BASE64Encoder encoder=new BASE64Encoder();
   signValue=encoder.encodeBuffer(signRstByte);//BASE64编码
   //System.out.println("签名并编码后的内容signValue=="+signValue);
  } catch (KeyStoreException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  } catch (FileNotFoundException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  } catch (NoSuchAlgorithmException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  } catch (CertificateException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  } catch (IOException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  } catch (UnrecoverableKeyException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  } catch (InvalidKeyException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  } catch (SignatureException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  }
  return signValue;
  
  
 }
 
}