http://jexp.ru/index.php?action=history&feed=atom&title=Java%2FSecurity%2FKeyStore
Java/Security/KeyStore - История изменений
2026-04-15T19:11:54Z
История изменений этой страницы в вики
MediaWiki 1.30.0
http://jexp.ru/index.php?title=Java/Security/KeyStore&diff=7619&oldid=prev
Admin: 1 версия
2010-06-01T06:48:55Z
<p>1 версия</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style="vertical-align: top;" lang="ru">
<td colspan="1" style="background-color: white; color:black; text-align: center;">← Предыдущая</td>
<td colspan="1" style="background-color: white; color:black; text-align: center;">Версия 06:48, 1 июня 2010</td>
</tr><tr><td colspan="2" style="text-align: center;" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>
Admin
http://jexp.ru/index.php?title=Java/Security/KeyStore&diff=7618&oldid=prev
в 18:01, 31 мая 2010
2010-05-31T18:01:45Z
<p></p>
<p><b>Новая страница</b></p><div>== Create a keystore with a self-signed certificate, using the keytool command ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
keytool -keystore mySrvKeystore -keypasswd 123456 -genkey -keyalg RSA -alias mycert<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Exporting a Certificate to a File ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
import java.io.File;<br />
import java.io.FileInputStream;<br />
import java.io.FileOutputStream;<br />
import java.io.OutputStreamWriter;<br />
import java.io.Writer;<br />
import java.nio.charset.Charset;<br />
import java.security.KeyStore;<br />
import java.security.cert.Certificate;<br />
public class Main {<br />
public static void main(String[] argv) throws Exception {<br />
FileInputStream is = new FileInputStream("your.keystore");<br />
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());<br />
keystore.load(is, "my-keystore-password".toCharArray());<br />
String alias = "myalias";<br />
Certificate cert = keystore.getCertificate(alias);<br />
File file = null;<br />
byte[] buf = cert.getEncoded();<br />
FileOutputStream os = new FileOutputStream(file);<br />
os.write(buf);<br />
os.close();<br />
Writer wr = new OutputStreamWriter(os, Charset.forName("UTF-8"));<br />
wr.write(new sun.misc.BASE64Encoder().encode(buf));<br />
wr.flush();<br />
}<br />
}<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Import a key/certificate pair from a pkcs12 file into a regular JKS format keystore ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
// <br />
// Copyright (c) 1999 Jason Gilbert<br />
// $Id: PKCS12Import.java,v 1.3 2004/05/09 20:32:49 gregwilkins Exp $<br />
// <br />
<br />
import java.io.File;<br />
import java.io.FileInputStream;<br />
import java.io.FileOutputStream;<br />
import java.io.IOException;<br />
import java.io.InputStreamReader;<br />
import java.io.OutputStream;<br />
import java.security.Key;<br />
import java.security.KeyStore;<br />
import java.security.cert.Certificate;<br />
import java.security.cert.X509Certificate;<br />
import java.util.Enumeration;<br />
/**<br />
* This class can be used to import a key/certificate pair from a pkcs12 file<br />
* into a regular JKS format keystore for use with jetty and other java based<br />
* SSL applications, etc. <br />
*<PRE><br />
* usage: java PKCS12Import {pkcs12file} [newjksfile]<br />
*</PRE><br />
*<br />
* If you don"t supply newjksfile, newstore.jks will be used. This can be an<br />
* existing JKS keystore.<br />
* <P><br />
* Upon execution, you will be prompted for the password for the pkcs12 keystore<br />
* as well as the password for the jdk file. After execution you should have a<br />
* JKS keystore file that contains the private key and certificate that were in<br />
* the pkcs12<br />
* <P><br />
* You can generate a pkcs12 file from PEM encoded certificate and key files<br />
* using the following openssl command:<br />
* <PRE><br />
* openssl pkcs12 -export -out keystore.pkcs12 -in www.crt -inkey www.key<br />
* </PRE><br />
* then run:<br />
* <PRE><br />
* java PKCS12Import keystore.pkcs12 keytore.jks<br />
* </PRE><br />
*<br />
* @author Jason Gilbert &lt;jason@doozer.ru&gt;<br />
*/<br />
public class PKCS12Import<br />
{<br />
public static void main(String[] args) throws Exception<br />
{<br />
if (args.length < 1) {<br />
System.err.println(<br />
"usage: java PKCS12Import {pkcs12file} [newjksfile]");<br />
System.exit(1);<br />
}<br />
File fileIn = new File(args[0]);<br />
File fileOut;<br />
if (args.length > 1) {<br />
fileOut = new File(args[1]);<br />
} else {<br />
fileOut = new File("newstore.jks");<br />
}<br />
if (!fileIn.canRead()) {<br />
System.err.println(<br />
"Unable to access input keystore: " + fileIn.getPath());<br />
System.exit(2);<br />
}<br />
if (fileOut.exists() && !fileOut.canWrite()) {<br />
System.err.println(<br />
"Output file is not writable: " + fileOut.getPath());<br />
System.exit(2);<br />
}<br />
KeyStore kspkcs12 = KeyStore.getInstance("pkcs12");<br />
KeyStore ksjks = KeyStore.getInstance("jks");<br />
System.out.print("Enter input keystore passphrase: ");<br />
char[] inphrase = readPassphrase();<br />
System.out.print("Enter output keystore passphrase: ");<br />
char[] outphrase = readPassphrase();<br />
kspkcs12.load(new FileInputStream(fileIn), inphrase);<br />
ksjks.load(<br />
(fileOut.exists())<br />
? new FileInputStream(fileOut) : null, outphrase);<br />
Enumeration eAliases = kspkcs12.aliases();<br />
int n = 0;<br />
while (eAliases.hasMoreElements()) {<br />
String strAlias = (String)eAliases.nextElement();<br />
System.err.println("Alias " + n++ + ": " + strAlias);<br />
if (kspkcs12.isKeyEntry(strAlias)) {<br />
System.err.println("Adding key for alias " + strAlias);<br />
Key key = kspkcs12.getKey(strAlias, inphrase);<br />
Certificate[] chain = kspkcs12.getCertificateChain(strAlias);<br />
ksjks.setKeyEntry(strAlias, key, outphrase, chain);<br />
}<br />
}<br />
OutputStream out = new FileOutputStream(fileOut);<br />
ksjks.store(out, outphrase);<br />
out.close();<br />
}<br />
static void dumpChain(Certificate[] chain)<br />
{<br />
for (int i = 0; i < chain.length; i++) {<br />
Certificate cert = chain[i];<br />
if (cert instanceof X509Certificate) {<br />
X509Certificate x509 = (X509Certificate)chain[i];<br />
System.err.println("subject: " + x509.getSubjectDN());<br />
System.err.println("issuer: " + x509.getIssuerDN());<br />
}<br />
}<br />
}<br />
static char[] readPassphrase() throws IOException<br />
{<br />
InputStreamReader in = new InputStreamReader(System.in);<br />
char[] cbuf = new char[256];<br />
int i = 0;<br />
readchars:<br />
while (i < cbuf.length) {<br />
char c = (char)in.read();<br />
switch (c) {<br />
case "\r":<br />
break readchars;<br />
case "\n":<br />
break readchars;<br />
default:<br />
cbuf[i++] = c;<br />
}<br />
}<br />
char[] phrase = new char[i];<br />
System.arraycopy(cbuf, 0, phrase, 0, i);<br />
return phrase;<br />
}<br />
}<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Listing the Aliases in a Key Store: A key store is a collection of keys and certificates. ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
import java.io.FileInputStream;<br />
import java.security.KeyStore;<br />
import java.util.Enumeration;<br />
public class Main {<br />
public static void main(String[] argv) throws Exception {<br />
FileInputStream is = new FileInputStream("yourfile"+".keystore");<br />
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());<br />
String password = "my-keystore-password";<br />
keystore.load(is, password.toCharArray());<br />
Enumeration e = keystore.aliases();<br />
for (; e.hasMoreElements();) {<br />
String alias = (String) e.nextElement();<br />
boolean b = keystore.isKeyEntry(alias);<br />
b = keystore.isCertificateEntry(alias);<br />
}<br />
is.close();<br />
}<br />
}<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Listing the Aliases in a Key Store using keytool: ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
keytool -list -storepass my-keystore-password<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Retrieving a Key Pair from a Key Store ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
import java.io.FileInputStream;<br />
import java.security.Key;<br />
import java.security.KeyPair;<br />
import java.security.KeyStore;<br />
import java.security.PrivateKey;<br />
import java.security.PublicKey;<br />
import java.security.cert.Certificate;<br />
public class Main {<br />
public static void main(String[] argv) throws Exception {<br />
FileInputStream is = new FileInputStream("your.keystore");<br />
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());<br />
keystore.load(is, "my-keystore-password".toCharArray());<br />
String alias = "myalias";<br />
Key key = keystore.getKey(alias, "password".toCharArray());<br />
if (key instanceof PrivateKey) {<br />
// Get certificate of public key<br />
Certificate cert = keystore.getCertificate(alias);<br />
// Get public key<br />
PublicKey publicKey = cert.getPublicKey();<br />
// Return a key pair<br />
new KeyPair(publicKey, (PrivateKey) key);<br />
}<br />
}<br />
}<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --></div>