Java/Security/KeyStore

Материал из Java эксперт
Перейти к: навигация, поиск

Create a keystore with a self-signed certificate, using the keytool command

   <source lang="java">

keytool -keystore mySrvKeystore -keypasswd 123456 -genkey -keyalg RSA -alias mycert 


 </source>



Exporting a Certificate to a File

   <source lang="java">

import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.OutputStreamWriter; import java.io.Writer; import java.nio.charset.Charset; import java.security.KeyStore; import java.security.cert.Certificate; public class Main { 

 public static void main(String[] argv) throws Exception {
   FileInputStream is = new FileInputStream("your.keystore");
   KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
   keystore.load(is, "my-keystore-password".toCharArray());
   String alias = "myalias";
   Certificate cert = keystore.getCertificate(alias);
   File file = null;
   byte[] buf = cert.getEncoded();
   FileOutputStream os = new FileOutputStream(file);
   os.write(buf);
   os.close();
   Writer wr = new OutputStreamWriter(os, Charset.forName("UTF-8"));
   wr.write(new sun.misc.BASE64Encoder().encode(buf));
   wr.flush();
 }

} 


 </source>



Import a key/certificate pair from a pkcs12 file into a regular JKS format keystore

   <source lang="java">

// // Copyright (c) 1999 Jason Gilbert // $Id: PKCS12Import.java,v 1.3 2004/05/09 20:32:49 gregwilkins Exp $ //

import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStreamReader; import java.io.OutputStream; import java.security.Key; import java.security.KeyStore; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Enumeration; /** 

* This class can be used to import a key/certificate pair from a pkcs12 file
* into a regular JKS format keystore for use with jetty and other java based
* SSL applications, etc.
*
 *    usage: java PKCS12Import {pkcs12file} [newjksfile]
 *
*
* If you don"t supply newjksfile, newstore.jks will be used.  This can be an
* existing JKS keystore.
*

* Upon execution, you will be prompted for the password for the pkcs12 keystore * as well as the password for the jdk file. After execution you should have a * JKS keystore file that contains the private key and certificate that were in * the pkcs12 * <P> * You can generate a pkcs12 file from PEM encoded certificate and key files * using the following openssl command: * 

 *    openssl pkcs12 -export -out keystore.pkcs12 -in www.crt -inkey www.key
 * 
* then run:
* 
 *    java PKCS12Import keystore.pkcs12 keytore.jks
 * 
*
* @author Jason Gilbert <jason@doozer.ru>
*/

public class PKCS12Import { 

  public static void main(String[] args) throws Exception
  {
     if (args.length < 1) {
        System.err.println(
              "usage: java PKCS12Import {pkcs12file} [newjksfile]");
        System.exit(1);
     }
     File fileIn = new File(args[0]);
     File fileOut;
     if (args.length > 1) {
        fileOut = new File(args[1]);
     } else {
        fileOut = new File("newstore.jks");
     }
     if (!fileIn.canRead()) {
        System.err.println(
              "Unable to access input keystore: " + fileIn.getPath());
        System.exit(2);
     }
     if (fileOut.exists() && !fileOut.canWrite()) {
        System.err.println(
              "Output file is not writable: " + fileOut.getPath());
        System.exit(2);
     }
     KeyStore kspkcs12 = KeyStore.getInstance("pkcs12");
     KeyStore ksjks = KeyStore.getInstance("jks");
     System.out.print("Enter input keystore passphrase: ");
     char[] inphrase = readPassphrase();
     System.out.print("Enter output keystore passphrase: ");
     char[] outphrase = readPassphrase();
     kspkcs12.load(new FileInputStream(fileIn), inphrase);
     ksjks.load(
           (fileOut.exists())
           ? new FileInputStream(fileOut) : null, outphrase);
     Enumeration eAliases = kspkcs12.aliases();
     int n = 0;
     while (eAliases.hasMoreElements()) {
        String strAlias = (String)eAliases.nextElement();
        System.err.println("Alias " + n++ + ": " + strAlias);
        if (kspkcs12.isKeyEntry(strAlias)) {
           System.err.println("Adding key for alias " + strAlias);
           Key key = kspkcs12.getKey(strAlias, inphrase);
           Certificate[] chain = kspkcs12.getCertificateChain(strAlias);
           ksjks.setKeyEntry(strAlias, key, outphrase, chain);
        }
     }
     OutputStream out = new FileOutputStream(fileOut);
     ksjks.store(out, outphrase);
     out.close();
  }
  static void dumpChain(Certificate[] chain)
  {
     for (int i = 0; i < chain.length; i++) {
        Certificate cert = chain[i];
        if (cert instanceof X509Certificate) {
           X509Certificate x509 = (X509Certificate)chain[i];
           System.err.println("subject: " + x509.getSubjectDN());
           System.err.println("issuer: " + x509.getIssuerDN());
        }
     }
  }
  static char[] readPassphrase() throws IOException
  {
     InputStreamReader in = new InputStreamReader(System.in);
     char[] cbuf = new char[256];
     int i = 0;

readchars: 

     while (i < cbuf.length) {
        char c = (char)in.read();
        switch (c) {
           case "\r":
              break readchars;
           case "\n":
              break readchars;
           default:
              cbuf[i++] = c;
        }
     }
     char[] phrase = new char[i];
     System.arraycopy(cbuf, 0, phrase, 0, i);
     return phrase;
  }

} 


 </source>



Listing the Aliases in a Key Store: A key store is a collection of keys and certificates.

   <source lang="java">

import java.io.FileInputStream; import java.security.KeyStore; import java.util.Enumeration; public class Main { 

 public static void main(String[] argv) throws Exception {
   FileInputStream is = new FileInputStream("yourfile"+".keystore");
   KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
   String password = "my-keystore-password";
   keystore.load(is, password.toCharArray());
   Enumeration e = keystore.aliases();
   for (; e.hasMoreElements();) {
     String alias = (String) e.nextElement();
     boolean b = keystore.isKeyEntry(alias);
     b = keystore.isCertificateEntry(alias);
   }
   is.close();
 }

} 


 </source>



Listing the Aliases in a Key Store using keytool:

   <source lang="java">

keytool -list -storepass my-keystore-password 


 </source>



Retrieving a Key Pair from a Key Store

   <source lang="java">

import java.io.FileInputStream; import java.security.Key; import java.security.KeyPair; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.Certificate; public class Main { 

 public static void main(String[] argv) throws Exception {
   FileInputStream is = new FileInputStream("your.keystore");
   KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
   keystore.load(is, "my-keystore-password".toCharArray());
   String alias = "myalias";
   Key key = keystore.getKey(alias, "password".toCharArray());
   if (key instanceof PrivateKey) {
     // Get certificate of public key
     Certificate cert = keystore.getCertificate(alias);
     // Get public key
     PublicKey publicKey = cert.getPublicKey();
     // Return a key pair
     new KeyPair(publicKey, (PrivateKey) key);
   }
 }

} 


 </source>

Источник — «http://jexp.ru/index.php?title=Java/Security/KeyStore&oldid=7619»