zoukankan      html  css  js  c++  java

  • 基于BouncyCastle的证书格式转换demo编写

    基于BouncyCastle的证书格式转换demo编写

    任务清单

    • der->pem;
    • pem->der;
    • pfx->jks;
    • jks->pfx;
    • asn.1解析。
    • 前置需求:配置BouncyCastle

    (1)der->pem

    • 主要需要的包:
    import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import java.security.cert.CertificateFactory;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
    • 代码:
    package BC;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

import java.io.*;

import java.security.cert.CertificateFactory;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;

public class DerToPem {
    public  static X509Certificate getDerCert(String path) throws IOException, CertificateException, NoSuchProviderException {
        //加载BC
        Security.addProvider( new BouncyCastleProvider() );

        //读DER证书
        File file = new File(path);
        long filesize = file.length();
        FileInputStream fis = new FileInputStream(file);
        byte[] cert = new byte[(int) filesize];
        int offset = 0;
        int numRead = 0;
        while (offset < cert.length && (numRead = fis.read(cert, offset, cert.length - offset)) >= 0) {
            offset += numRead;
        }
        fis.close();

        //输出X509格式证书
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509","BC");//使用BC获取工厂实例
        Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(cert));//用文件流读入证书
        X509Certificate x509Certificate = (X509Certificate)certificate;//强转
        return x509Certificate;
    }

    public static void writePemCert(String path, X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        //加载BC
        Security.addProvider( new BouncyCastleProvider() );

        //BC转化PEM格式证书
        StringWriter str = new StringWriter();
        PemWriter pemWriter = new PemWriter(str);
        pemWriter.writeObject(new PemObject("CERTIFICATE",x509Certificate.getEncoded()));//使用BC提供的PemWriter写入证书
        pemWriter.close();
        str.close();
        FileOutputStream fos;
        fos = new FileOutputStream(path);
        fos.write(str.toString().getBytes());
        System.out.println("Successful!");
    }

    public static void main(String[] args) throws Exception {
        //调用demo
        String pathSrc = "lzc_cert_demo.der";
        String pathDst = "lzc_cert_demo.pem";
        String s = pathSrc.substring(pathSrc.length() - 3);
        /*if (!((s.equals("pem")) || (s.equals("crt")) || (s.equals("cer")))) {
            System.out.println("输入错误!");
            System.exit(-1);
        }*/
        X509Certificate certificate  = DerToPem.getDerCert(pathSrc);
        DerToPem.writePemCert(pathDst,certificate);
    }

}

    (2)pem->der

    • 1.主要需要的包:
    import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import java.security.cert.CertificateFactory;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
    • 2.代码:
    package BC;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

import java.io.*;

import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

public class PemToDer {
    public  static X509Certificate getPemCert(String path) throws IOException, CertificateException, NoSuchProviderException {
        //加载BC
        Security.addProvider( new BouncyCastleProvider() );

        //使用BC提供的PemReader读取证书
        PemReader pemReader = new PemReader( new FileReader(path) );
        PemObject pemObject = pemReader.readPemObject();
        byte cert[] = pemObject.getContent();

        //输出X509格式证书
        InputStream inStream = new ByteArrayInputStream(cert);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");//使用BC获取工厂实例
        Certificate certificate = certificateFactory.generateCertificate(inStream);//用文件流读入证书
        X509Certificate x509Certificate = (X509Certificate)certificate;
        return x509Certificate;
    }

    public static void writeDerCert(String path, X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        //输出DER格式证书
        byte[] cert = x509Certificate.getEncoded();
        File file=new File(path);
        if(!file.exists()){
            file.createNewFile();
        }
        FileOutputStream fos = new FileOutputStream(file);
        fos.write(cert);
        fos.close();
        System.out.println("Successful!");
    }
    public static void main(String[] args) throws Exception {
        String pathSrc = "lzc_cert_demo.pem";
        String pathDst = "lzc_cert_demo.der";
        String s = pathSrc.substring(pathSrc.length() - 3);
        /*if (!((s.equals("pem")) || (s.equals("crt")) || (s.equals("cer")))) {
                System.out.println("输入错误!");
                System.exit(-1);
        }*/
        X509Certificate certificate  = PemToDer.getPemCert(pathSrc);
        PemToDer.writeDerCert(pathDst,certificate);
    }

}

    (3)pfx->jks

    • 1.主要需要的包:
    import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.security.cert.Certificate;
import java.security.*;
    • 2.代码:
    package BC;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.Certificate;
import java.util.Enumeration;

public class PfxToJks {
    public static void ToJKS(String pathSrc, String pathDst, char[] passwd) throws IOException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException, UnrecoverableKeyException {
        //读PFX证书,用密钥解密证书
        Security.addProvider(new BouncyCastleProvider());
        FileInputStream fs = new FileInputStream(pathSrc);
        KeyStore store = KeyStore.getInstance("PKCS12", "BC");//使用BC初始化KeyStore
        store.load(fs, passwd);//从给定的输入流加载密钥库
        fs.close();

        KeyStore outputKeyStore = KeyStore.getInstance("JKS");//BC不提供对于JKS的KeyStore,直接初始化KeyStore
        outputKeyStore.load(null, passwd);

        //证书写入
        Enumeration<String> enumas = store.aliases();
        while (enumas.hasMoreElements()) {
            String keyAlias = (String) enumas.nextElement();
            System.out.println("alias=[" + keyAlias + "]");
            if (store.isKeyEntry(keyAlias)) {
                Key key = store.getKey(keyAlias, passwd);//获取私钥
                Certificate[] certChain = store.getCertificateChain(keyAlias);
                outputKeyStore.setKeyEntry(keyAlias, key, passwd, certChain);
            }
        }
        FileOutputStream out = new FileOutputStream(pathDst);
        outputKeyStore.store(out, passwd);
        out.close();
    }

    public static void main(String[] args) throws CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, KeyStoreException, UnrecoverableKeyException {
        String pathSrc = "rsa.lzc.pfx";
        String pathDst = "rsa.lzc.jks";
        String passwd = "12345678";

        PfxToJks.ToJKS(pathSrc, pathDst, passwd.toCharArray());
    }
}

    (4)jks->pfx

    • 1.主要需要的包:
    import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.security.cert.Certificate;
import java.security.*;
    • 2.代码:
    package BC;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.Certificate;
import java.util.Enumeration;

public class JksToPfx {
    public static void ToPFX(String pathSrc, String pathDst, char[] passwd) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, UnrecoverableKeyException {
        //读JKS证书,用密钥解密证书
        Security.addProvider(new BouncyCastleProvider());
        FileInputStream fs = new FileInputStream(pathSrc);
        KeyStore store = KeyStore.getInstance("JKS");//BC不提供对于JKS的KeyStore,直接初始化KeyStore
        store.load(fs, passwd);//从给定的输入流加载密钥库
        fs.close();

        KeyStore outputKeyStore = KeyStore.getInstance("PKCS12", "BC");//使用BC初始化KeyStore
        outputKeyStore.load(null, passwd);

        //证书写入
        Enumeration<String> enums = store.aliases();
        while (enums.hasMoreElements()) {
            String keyAlias = (String) enums.nextElement();
            //System.out.println("alias=[" + keyAlias + "]");
            if (store.isKeyEntry(keyAlias)) {
                Key key = store.getKey(keyAlias, passwd);//获取私钥
                Certificate[] certChain = store.getCertificateChain(keyAlias);
                outputKeyStore.setKeyEntry(keyAlias, key, passwd, certChain);
            }
        }
        FileOutputStream out = new FileOutputStream(pathDst);
        outputKeyStore.store(out, passwd);
        out.close();
    }

    public static void main(String[] args) throws CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, KeyStoreException, UnrecoverableKeyException {
        String pathSrc = "rsa.lzc.jks";
        String pathDst = "rsa.lzc.pfx";
        String passwd = "12345678";

        JksToPfx.ToPFX(pathSrc, pathDst, passwd.toCharArray());
    }
}

    (5)asn1解析

    • 1.主要需要的包:
    import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
    • 2.代码:
    package BC;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.security.Security;

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class asn1read {
    public static String asn1(String path) {
        //加载BC
        Security.addProvider(new BouncyCastleProvider());

        //加载文件
        File file = new File(path);
        String output = outputFilename(path);
        File txt = new File(output);
        if (txt.exists()) {
            txt.delete();
        }
        FileInputStream fileInputStream;
        try {
            fileInputStream = new FileInputStream(file);
            ASN1InputStream aSN1InputStream = new ASN1InputStream(fileInputStream);//创建一个ASN1InputStream对象
            ASN1Primitive aSN1Primitive;
            while ((aSN1Primitive = aSN1InputStream.readObject()) != null) { //读取
                String re = ASN1Dump.dumpAsString(aSN1Primitive);//调用BC提供的ASN1Dump解析并输出字符串
                FileWriter writer = new FileWriter(output, true);//写入文件
                writer.write(re);
                writer.close();
                System.out.println(re);
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        return output;

    }

    public static String outputFilename(String path) {
        String filename = "";
        int length = path.length();
        int i;
        for (i = length - 1; i >= 0; i--) {
            if (path.charAt(i) == '.') {
                filename = path.substring(0, i + 1);
                break;
            }
        }
        filename = filename + "txt";
        return filename;
    }

    public static void main(String[] args) {
        String path = "sm2.lzc.enc.crt.pem";
        System.out.println("解析文件保存为:" + asn1(path));
    }
}
    即便不高谈理想,也要心存信仰。
  • 相关阅读:
    sklearn获得某个参数的不同取值在训练集和测试集上的表现的曲线刻画
    sklearn不同数量的训练集在测试集上的表现的曲线刻画
    pandas中一列含有多种数据类型的转换:科学计算法转浮点数、字符映射
    天池大数据之移动推荐算法大赛的一份特征工程
    pandas函数get_dummies的坑
    lightgbm的sklearn接口和原生接口参数详细说明及调参指点
    数据分箱:等频分箱,等距分箱,卡方分箱,计算WOE、IV
    封装贝叶斯优化超参数调整类
    sklearn的分类度量各种指标和make_scorer函数封装自定义度量指标
    装linux双系统
  • 原文地址:https://www.cnblogs.com/fzlzc/p/14600216.html
Copyright © 2011-2022 走看看