堆栈内存溢出
  简体   繁体   English

在不使用 keytool 的情况下以编程方式将 CA 信任证书导入现有的密钥库文件

[英]Programmatically Import CA trust cert into existing keystore file without using keytool

 原文  2013-09-19 07:52:56       java/ keytool

问题描述

I would like to create a JAVA program that import the .cer CA into the existing keystore file.我想创建一个将 .cer CA 导入现有密钥库文件的 JAVA 程序。 So that end-user can insert the CA cert more convenience(without using CMD and key in the command).这样最终用户可以更方便地插入 CA 证书(无需使用 CMD 和键入命令)。

Is that anywhere that JAVA code can do this? JAVA 代码可以做到这一点吗?

i try some way, but still fail in getting the cert into java我尝试了一些方法,但仍然无法将证书导入 java

CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Certificate certs = cf.generateCertificates(certstream);

the error is incompatible types, is there any other suggestion?错误是类型不兼容,还有其他建议吗?

Thanks Lot多谢

3 个解决方案

解决方案1
 35 已采纳  2013-09-19 08:34:38

The following code inserts the CA cert file yourcert.cer into your keystore without using keytool : 以下代码在不使用keytool情况下将CA证书文件yourcert.cer插入到密钥库中: 

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.DataInputStream;
import java.io.ByteArrayInputStream;
import java.security.spec.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;

public class ImportCA {

    public static void main(String[] argv) throws Exception {
        String certfile = "yourcert.cer"; /*your cert path*/
        FileInputStream is = new FileInputStream("yourKeyStore.keystore");

        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        keystore.load(is, "yourKeyStorePass".toCharArray());

        String alias = "youralias";
        char[] password = "yourKeyStorePass".toCharArray();

        //////

        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream certstream = fullStream (certfile);
        Certificate certs =  cf.generateCertificate(certstream);

        ///
        File keystoreFile = new File("yourKeyStorePass.keystore");
        // Load the keystore contents
        FileInputStream in = new FileInputStream(keystoreFile);
        keystore.load(in, password);
        in.close();

        // Add the certificate
        keystore.setCertificateEntry(alias, certs);

        // Save the new keystore contents
        FileOutputStream out = new FileOutputStream(keystoreFile);
        keystore.store(out, password);
        out.close();
    }

    private static InputStream fullStream ( String fname ) throws IOException {
        FileInputStream fis = new FileInputStream(fname);
        DataInputStream dis = new DataInputStream(fis);
        byte[] bytes = new byte[dis.available()];
        dis.readFully(bytes);
        ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
        return bais;
    }
}

解决方案2
 6  2013-09-19 08:10:20

Download certs from links and store into specific path.. then load that file into trustStore during runtime using below code.. i hope this exaple will help you.. 从链接下载证书并存储到特定路径..然后在运行时使用下面的代码将该文件加载到trustStore ..我希望这个exaple将帮助您.. 

KeyStore keyStore = KeyStore.getInstance("JKS");
String fileName = "D:\\certs_path\\cacerts"; // cerrtification file path
System.setProperty("javax.net.ssl.trustStore", fileName);

解决方案3
 0  2021-11-05 13:09:21

Sorry, this answer brings nothing new but the code in the accepted answer is so terrible that I just have to post it.抱歉,这个答案没有带来任何新内容,但是接受的答案中的代码太糟糕了,我只好发布它。 It's just a polished version, nothing more.这只是一个抛光版本,仅此而已。 So consider copy/pasting from here but upvoting the accepted answer rather than this one.因此,请考虑从此处复制/粘贴,但对已接受的答案而不是此答案进行投票。

    public static void addX509CertificateToTrustStore(String certPath, String certAlias, String storePath, String storePassword, String storeType)
            throws FileNotFoundException, KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {

        char[] storePasswordCharArr = Objects.requireNonNull(storePassword, "").toCharArray();

        KeyStore keystore;
        try (FileInputStream storeInputStream = new FileInputStream(storePath);
                FileInputStream certInputStream = new FileInputStream(certPath)) {
            keystore = KeyStore.getInstance(storeType);
            keystore.load(storeInputStream, storePasswordCharArr);

            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Certificate certificate = certificateFactory.generateCertificate(certInputStream);

            keystore.setCertificateEntry(certAlias, certificate);
        } finally {
        }

        try (FileOutputStream storeOutputStream = new FileOutputStream(storePath)) {
            keystore.store(storeOutputStream, storePasswordCharArr);
        } finally {
        }
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在不使用keytool命令行实用程序的情况下导入新的Java CA证书? - How do I import a new Java CA cert without using the keytool command line utility? 使用现有的中间CA密钥和证书以及keytool生成客户端证书 - Using existing intermediate CA key and cert with keytool to generate client certs 使用 keytool 将 p7b 文件导入 Java Keystore - Import p7b file to Java Keystore using keytool 如何生成密钥对并以编程方式将其插入KeyStore(不使用Java KeyTool)? - How can I generate a key pair and insert it into a KeyStore programmatically (without using the Java KeyTool)? 没有密钥库的Keytool - Keytool without keystore 如何在单个命令中使用keytool导入和信任java中的Web服务器证书? - How to import and trust a webserver certificate in java using keytool in a single command? 我可以使用keytool创建没有密码的Java信任库吗? - Can I create a Java trust store without a password using keytool? JDBC + SSL:将CA证书,客户端证书和客户端捆绑到一个密钥库文件中 - JDBC+SSL: Bundling a CA cert, client cert and client into a single keystore file Java密钥库-从PKS文件导入现有的通配符证书 - Java Keystore - Importing existing wildcard cert from a PKS file 使用keytool在jre中导入.pem文件[Windows 7] - import .pem file in jre using keytool [Windows 7]
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM