在Java中创建密钥库文件(.jks)和自签名证书(.cer / .crt)
[英]Create a keystore file (.jks) and a self signed certificate (.cer/.crt) in Java
问题描述
我想在Java中创建一个密钥库文件(.jks)和一个自签名证书(.cer / .crt)。 我正在尝试使用:
生成密钥库:
protected void getKeyStore(X509Certificate certificate)
{
File newSnKeyStoreFile = new File("Mypath..\\keyStore.jks");
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
if(!certificate.toString().isEmpty())
{
keyStore.store(new FileOutputStream(newSnKeyStoreFile), "password".toCharArray());
if (keyStore.getCertificateAlias(certificate) == null) {
keyStore.setCertificateEntry("cert"+ count++, certificate);
}
}
keyStore.store(new FileOutputStream(newSnKeyStoreFile), KEYSTORE_PASSWORD.toCharArray());
// Write to .jks file
BufferedWriter out = null;
try {
out = new BufferedWriter(new FileWriter(newSnKeyStoreFile));
out.write(keyStore.toString());
} catch ( Exception e ) {
e.printStackTrace();
} finally {
if ( out != null ) out.close();
}
}catch(Exception ke){
System.out.print("Error occurred while setting up keyStore: " + ke.getMessage());
}
}
我生成证书:
protected X509Certificate genCertificate()
{
try {
//Generate self signed certificate
CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA1WithRSA")
gen.generate(1024);
X509Certificate cert = gen.getSelfCertificate(new X500Name("CN=ROOT"), (long) 365 * 24 * 3600);
File certFile = new File("Mypath..\\Cert.cer");
// Write to .cer file
BufferedWriter out = null;
try {
out = new BufferedWriter(new FileWriter(certFile));
out.write(certificate.getEncoded().toString());
} catch ( Exception e ) {
e.printStackTrace();
} finally {
if ( out != null ) out.close();
}
return cert;
}catch (Exception e) {
System.out.println("Error : " + e.getMessage());
}
return null;
}
现在,当我运行此文件时,将创建.jks和.cer文件,但是当我尝试使用cmd命令检查密钥库时,出现错误:
命令keytool -list -keystore keyStore.jks
keytool error: java.io.IOException: Invalid keystore format
和
命令keytool -printcert -v -file Cert.cer
keytool error: java.lang.Exception: Empty input
java.lang.Exception: Empty input
at sun.security.tools.KeyTool.printCertFromStream(KeyTool.java:2234)
at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:2423)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:1069)
at sun.security.tools.KeyTool.run(KeyTool.java:340)
at sun.security.tools.KeyTool.main(KeyTool.java:333)
关于我可能要去哪里的任何指示?
1 个解决方案
解决方案1
1 已采纳 2016-03-09 07:18:29
protected void getKeyStore(X509Certificate certificate)
{
File newSnKeyStoreFile = new File("Mypath..\\keyStore.jks");
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
if(!certificate.toString().isEmpty())
这个测试是没有意义的。 如果您有证书,则其字符串表示形式将不会为空。 如果不这样做,则根本不应该调用此方法。 去掉。
{
keyStore.store(new FileOutputStream(newSnKeyStoreFile), "password".toCharArray());
为什么? 里面什么都没有。 去掉。
if (keyStore.getCertificateAlias(certificate) == null) {
keyStore.setCertificateEntry("cert"+ count++, certificate);
如果它不为null,则无论如何都应覆盖该条目或引发异常,而不是默默地忽略条件。
}
}
keyStore.store(new FileOutputStream(newSnKeyStoreFile), KEYSTORE_PASSWORD.toCharArray());
很好,但您需要关闭此FileOutputStream 。
// Write to .jks file
BufferedWriter out = null;
try {
out = new BufferedWriter(new FileWriter(newSnKeyStoreFile));
out.write(keyStore.toString());
} catch ( Exception e ) {
e.printStackTrace();
} finally {
if ( out != null ) out.close();
}
删除所有这些毫无意义的垃圾。 您已经存储了密钥库。 您在这里所要做的就是破坏它。
File certFile = new File("Mypath..\\Cert.cer");
// Write to .cer file
BufferedWriter out = null;
错误。 证书文件是二进制的。 使用FileOutputStream.
try {
out = new BufferedWriter(new FileWriter(certFile));
错误,请参见上文。 out = new FileOutputStream(certFile);
out.write(certificate.getEncoded().toString());
又错了。 这应该是
out.write(certificate.getEncoded());
您似乎有一种将事物转换为字符串的狂热。 尝试逐渐减小。
如何获取* .cer文件以将自签名HTTPS证书添加为Java信任
[英]How to get a *.cer file to add a self-signed HTTPS certificate as trusted for Java
如何将rootca.cer,subca.cer和certificate.crt导入到JKS中
[英]How to Import rootca.cer, subca.cer and certificate.crt into jks
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.