以编程方式将自签名证书添加到密钥库/信任库
[英]Programmatically add a self-signed certificate to your keystore/truststore
问题描述
I saw this question (and others) where it is explained how to add a (self-signed) certificate to your keystore/cacerts manually by using the commandline. 
我看到了这个问题 (以及其他问题 ),其中解释了如何使用命令行手动将(自签名)证书添加到密钥库/ cacerts。 When doing this, you can set up a secured connection with a server without a signed certificate, if you were given the certificate (.cert file). 执行此操作时,如果您获得了证书(.cert文件),则可以与没有签名证书的服务器建立安全连接。 This is can be useful for testing purposes. 这对于测试目的非常有用。
I would like to program this, so users don't need to do this manually. 我想对此进行编程,因此用户无需手动执行此操作。 The basic concept would be the following: The user has a local copy of the .cert file, and gives my program the path to where that file resides in his file system. 基本概念如下:用户拥有.cert文件的本地副本,并为我的程序提供该文件驻留在其文件系统中的路径。 My program fetches the file and adds it to the keystore. 我的程序获取文件并将其添加到密钥库。
My question is: how to add this certificate to the keystore within my program, so that the turstmanager will accept it as a trustworthy/signed certificate, given the (path) to the .cert file? 我的问题是:如何将此证书添加到我的程序中的密钥库中,以便turstmanager将其作为可信/签名证书接受,给定.cert文件的(路径)? Are there any tutorials or code snippets regarding to this problem? 是否有关于此问题的任何教程或代码片段?
PS: I do NOT need the "accept all certificates" trustmanager trick as described here PS:我不需要这里描述的“接受所有证书”信任管理员技巧
1 个解决方案
解决方案1
6 已采纳 2014-02-14 10:36:04
Rather simple: 相当简单:
InputStream input = ...;
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) factory.generateCertificate(input);
KeyStore keystore = ...;
keystore.setCertificateEntry(alias, cert);
Loading and storing the keystore is evident from the javadoc: http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html 从javadoc可以看出加载和存储密钥库: http : //docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.