![](/img/trans.png)
[英]How do I import a trusted certificate into an existing keystore programmatically?
[英]How do I programmatically create a new KeyStore?
我正在嘗試以編程方式在 Java 中創建一個新的密鑰庫。以下代碼:
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.setCertificateEntry("alias", cert);
拋出未初始化的 KeyStore 異常。
要在Java中創建新的KeyStore,首先需要創建KeyStore文件,然后使用store(FileOutputStream, char[])
方法存儲它:
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = "some password".toCharArray();
ks.load(null, password);
// Store away the keystore.
FileOutputStream fos = new FileOutputStream("newKeyStoreFileName");
ks.store(fos, password);
fos.close();
我希望這有幫助,你可以在這里看到更多信息。
KeyStore需要在創建后加載。 load方法要求FileInputStream讀取,但如果提供null,則加載空的KeyStore。
看到這個鏈接
我使用這個代碼,它的工作原理,希望它可以提供幫助。
public static KeyStore createKeyStore() throws Exception {
File file = new File("/Users/keyserverstore.keystore");
KeyStore keyStore = KeyStore.getInstance("JKS");
if (file.exists()) {
// if exists, load
keyStore.load(new FileInputStream(file), "123456".toCharArray());
} else {
// if not exists, create
keyStore.load(null, null);
keyStore.store(new FileOutputStream(file), "123456".toCharArray());
}
return keyStore;
}
// load the keystore
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(new FileInputStream("KEYSTORE.p12"), "passwd".toCharArray());
// load the private key entry from the keystore
Key key = p12.getKey("mykey", "passwd".toCharArray());
PrivateKey privKey = (PrivateKey) key;
如果你想使用一個 bean (Spring Boot 2.4.x):
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
@Configuration
public class KeyStoreConfiguration {
private static final String KEY_STORE = "keystore.p12";
private static final String KEY_STORE_TYPE = "PKCS12";
private static final String KEY_STORE_PASSWORD = "password";
@Bean
public KeyStore keyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
keyStore.load(new ClassPathResource(KEY_STORE).getInputStream(), KEY_STORE_PASSWORD.toCharArray());
return keyStore;
}
}
public static void main(String[] args) {
// Load the JDK's cacerts keystore file
String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
FileInputStream is = new FileInputStream(filename);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = "changeit".toCharArray();
//keystore.load(is, password.toCharArray());
keystore.load(is, password);
// This class retrieves the most-trusted CAs from the keystore
PKIXParameters params = new PKIXParameters(keystore);
// Get the set of trust anchors, which contain the most-trusted CA certificates
java.security.cert.Certificate sapcert = keystore.getCertificate("SAPNetCA");
PublicKey sapcertKey = sapcert.getPublicKey();
System.out.println(sapcertKey);
Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
//System.out.println("alias certificates :"+alias);
if (keystore.isKeyEntry(alias)) {
keystore.getKey(alias, password);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.