zoukankan      html  css  js  c++  java
  • 聊聊、Java Keytool P12 转 JKS

      最近公司合作机构需要更改服务证书,总共给了 3 个文件过来。openapi-cert.p12、openapi-cert.key、openapi-cert.crt。

      openapi-cert.crt - 客户端证书文件,用于盈米服务器验证客户端。

      openapi-cert.key - 客户端证书文件的秘钥文件。 

      openapi-cert.p12 - 客户端证书文件的p12格式文件。

      P12 的生成过程是 openssl pkcs12 -export -in openapi-cert.crt -inkey openapi-cert.key > openapi-cert.p12。实质上给过来的 P12(PKCS12) 文件不能直接导入 keyStore。直接导入会报 X.509 格式错误。因为 Java SSL 默认格式 JKS,那我们只能将 P12 转成 JKS。

      谈下我用到的两种方法:

      1.使用 keyTool 转换

      keytool -v -importkeystore -srckeystore openapi-cert.p12 -srcstoretype PKCS12 -destkeystore tomcat.keystore -deststoretype JKS

      2.使用 Java 类转换  

    package com.xxx.fpay.initdata.main;
    
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.security.Key;
    import java.security.KeyStore;
    import java.security.cert.Certificate;
    import java.util.Enumeration;
    
    public class PKCSToJKS {
    
    	/**
    	 * 从PKCS12格式转换为JKS格式
    	 * 
    	 * @param srcFile
    	 *            String PKCS12格式的证书库
    	 * @param srcPasswd
    	 *            String PKCS12格式的证书库密码
    	 * @param destFile
    	 *            String JKS格式的证书库
    	 * @param destPasswd
    	 *            String JKS格式的证书库密码
    	 */
    	public void PKCS12ToJKS(String srcFile, String srcPasswd, String destFile,
    			String destPasswd) {
    		try {
    			KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
    			FileInputStream fis = new FileInputStream(srcFile);
    			char[] srcPwd = null, destPwd = null;
    			if ((srcPasswd == null) || srcPasswd.trim().equals("")) {
    				srcPwd = null;
    			} else {
    				srcPwd = srcPasswd.toCharArray();
    			}
    			if ((destPasswd == null) || destPasswd.trim().equals("")) {
    				destPwd = null;
    			} else {
    				destPwd = destPasswd.toCharArray();
    			}
    			inputKeyStore.load(fis, srcPwd);
    			fis.close();
    			KeyStore outputKeyStore = KeyStore.getInstance("JKS");
    			outputKeyStore.load(null, destPwd);
    			Enumeration<String> enums = inputKeyStore.aliases();
    			while (enums.hasMoreElements()) {
    				String keyAlias = (String) enums.nextElement();
    				System.out.println("alias=[" + keyAlias + "]");
    				if (inputKeyStore.isKeyEntry(keyAlias)) {
    					Key key = inputKeyStore.getKey(keyAlias, srcPwd);
    					Certificate[] certChain = inputKeyStore
    							.getCertificateChain(keyAlias);
    					outputKeyStore.setKeyEntry(keyAlias, key, destPwd,
    							certChain);
    				}
    			}
    			FileOutputStream out = new FileOutputStream(destFile);
    			outputKeyStore.store(out, destPwd);
    			out.close();
    		} catch (Exception ex) {
    			ex.printStackTrace();
    		}
    	}
    
    
    	public static void main(String[] args) {
    		
    		PKCSToJKS c = new PKCSToJKS();	
    		c.PKCS12ToJKS(
    				"D:/xxx/xxx/openapi-cert.p12",
    				"password1", "D:/xxx/xxx/tomcat.keystore",
    				"password2");
    		
    	}
    
    }
    

      这里的两个 password,第一个是 P12 准入密码,第二个是 JKS 准入密码。

     当然也可以将 JKS 转 P12。

    package com.lakala.fpay.initdata.main;
    
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.security.Key;
    import java.security.KeyStore;
    import java.security.cert.Certificate;
    import java.util.Enumeration;
    
    public class PKCSToJKS {
    
        /**
         * 从JKS格式转换为PKCS12格式
         * 
         * @param srcFile
         *            String JKS格式证书库
         * @param srcPasswd
         *            String JKS格式证书库密码
         * @param destFile
         *            String PKCS12格式证书库
         * @param destPasswd
         *            String PKCS12格式证书库密码
         */
         public void JSKToPKCS12(String srcFile, String srcPasswd, String
         destFile, String destPasswd){
         try {
         KeyStore inputKeyStore = KeyStore.getInstance("JKS");
         FileInputStream fis = new FileInputStream(srcFile);
         char[] srcPwd = null, destPwd = null;
         if ((srcPasswd == null) || srcPasswd.trim().equals("")) {
         srcPwd = null;
         } else {
         srcPwd = srcPasswd.toCharArray();
         }
         if ((destPasswd == null) || destPasswd.trim().equals("")) {
         destPwd = null;
         } else {
         destPwd = destPasswd.toCharArray();
         }
         inputKeyStore.load(fis, srcPwd);
         fis.close();
         KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
         Enumeration<String> enums = inputKeyStore.aliases();
         while (enums.hasMoreElements()) {
         String keyAlias = (String) enums.nextElement();
         System.out.println("alias=[" + keyAlias + "]");
         outputKeyStore.load(null, destPwd );
         if (inputKeyStore.isKeyEntry(keyAlias)) {
         Key key = inputKeyStore.getKey(keyAlias, srcPwd);
         Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
         outputKeyStore.setKeyEntry(keyAlias, key, destPwd, certChain);
         }
         String fName = destFile.substring(0, destFile.indexOf(".pfx"));
         fName += "_" + keyAlias + ".pfx";
         FileOutputStream out = new FileOutputStream(fName);
         outputKeyStore.store(out, destPwd);
         out.close();
         outputKeyStore.deleteEntry(keyAlias);
         }
         } catch (Exception e) {
         e.printStackTrace();
         }
         }
        public static void main(String[] args) {
            PKCSToJKS c = new PKCSToJKS();
            c.JSKToPKCS12(
                    "D:/xxx/xxx/tomcat.keystore", "password1", "D:/xxx/xxx/openapi-cert.p12", "password2"); 
        } 
    }
    

     谢谢大家观看!希望有所帮助。

  • 相关阅读:
    函数
    python操作文件
    POJ-2689-Prime Distance(素数区间筛法)
    POJ-2891-Strange Way to Express Integers(线性同余方程组)
    POJ-2142-The Balance
    POJ-1061-青蛙的约会(扩展欧几里得)
    Educational Codeforces Round 75 (Rated for Div. 2) D. Salary Changing
    Educational Codeforces Round 75 (Rated for Div. 2) C. Minimize The Integer
    Educational Codeforces Round 75 (Rated for Div. 2) B. Binary Palindromes
    Educational Codeforces Round 75 (Rated for Div. 2) A. Broken Keyboard
  • 原文地址:https://www.cnblogs.com/xums/p/8017608.html
Copyright © 2011-2022 走看看