[英]Programmatically Import CA trust cert into existing keystore file without using keytool
I would like to create a JAVA program that import the .cer CA into the existing keystore file.我想创建一个将 .cer CA 导入现有密钥库文件的 JAVA 程序。 So that end-user can insert the CA cert more convenience(without using CMD and key in the command).
这样最终用户可以更方便地插入 CA 证书(无需使用 CMD 和键入命令)。
Is that anywhere that JAVA code can do this? JAVA 代码可以做到这一点吗?
i try some way, but still fail in getting the cert into java我尝试了一些方法,但仍然无法将证书导入 java
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Certificate certs = cf.generateCertificates(certstream);
the error is incompatible types, is there any other suggestion?错误是类型不兼容,还有其他建议吗?
Thanks Lot多谢
The following code inserts the CA cert file yourcert.cer
into your keystore without using keytool
: 以下代码在不使用
keytool
情况下将CA证书文件yourcert.cer
插入到密钥库中:
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.DataInputStream;
import java.io.ByteArrayInputStream;
import java.security.spec.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;
public class ImportCA {
public static void main(String[] argv) throws Exception {
String certfile = "yourcert.cer"; /*your cert path*/
FileInputStream is = new FileInputStream("yourKeyStore.keystore");
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, "yourKeyStorePass".toCharArray());
String alias = "youralias";
char[] password = "yourKeyStorePass".toCharArray();
//////
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Certificate certs = cf.generateCertificate(certstream);
///
File keystoreFile = new File("yourKeyStorePass.keystore");
// Load the keystore contents
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, password);
in.close();
// Add the certificate
keystore.setCertificateEntry(alias, certs);
// Save the new keystore contents
FileOutputStream out = new FileOutputStream(keystoreFile);
keystore.store(out, password);
out.close();
}
private static InputStream fullStream ( String fname ) throws IOException {
FileInputStream fis = new FileInputStream(fname);
DataInputStream dis = new DataInputStream(fis);
byte[] bytes = new byte[dis.available()];
dis.readFully(bytes);
ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
return bais;
}
}
Download certs from links and store into specific path.. then load that file into trustStore during runtime using below code.. i hope this exaple will help you.. 从链接下载证书并存储到特定路径..然后在运行时使用下面的代码将该文件加载到trustStore ..我希望这个exaple将帮助您..
KeyStore keyStore = KeyStore.getInstance("JKS");
String fileName = "D:\\certs_path\\cacerts"; // cerrtification file path
System.setProperty("javax.net.ssl.trustStore", fileName);
Sorry, this answer brings nothing new but the code in the accepted answer is so terrible that I just have to post it.抱歉,这个答案没有带来任何新内容,但是接受的答案中的代码太糟糕了,我只好发布它。 It's just a polished version, nothing more.
这只是一个抛光版本,仅此而已。 So consider copy/pasting from here but upvoting the accepted answer rather than this one.
因此,请考虑从此处复制/粘贴,但对已接受的答案而不是此答案进行投票。
public static void addX509CertificateToTrustStore(String certPath, String certAlias, String storePath, String storePassword, String storeType)
throws FileNotFoundException, KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
char[] storePasswordCharArr = Objects.requireNonNull(storePassword, "").toCharArray();
KeyStore keystore;
try (FileInputStream storeInputStream = new FileInputStream(storePath);
FileInputStream certInputStream = new FileInputStream(certPath)) {
keystore = KeyStore.getInstance(storeType);
keystore.load(storeInputStream, storePasswordCharArr);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(certInputStream);
keystore.setCertificateEntry(certAlias, certificate);
} finally {
}
try (FileOutputStream storeOutputStream = new FileOutputStream(storePath)) {
keystore.store(storeOutputStream, storePasswordCharArr);
} finally {
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.