通过Java API打开x509证书存储 [英] Open x509 Certificate store from Java APIs

问题描述

我试图显示JSP中客户端证书存储中的证书列表。
在.Net中，可以使用以下代码显示证书列表...

I am trying to show the list of certificates from the Client Certificate store in JSP. In .Net there is an option to show the list of certificates with the following code...

X509Store xStore = new X509Store(...);
xStore.Open(...); // This will open the list of certicates in open dialog box.

是否有类似的功能来获取Java中的此信息？

Is there any similar functionality to get this information in Java?

推荐答案

您可以使用默认的JDK类打开JKS存储，打开pkcs12文件或类似文件，您需要像bouncycastle这样的库。例如：

You can open a JKS store using the default JDK classes, to open a pkcs12 file or the likes you need a library like bouncycastle. For example:

KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");

然后加载实际的密钥库：

Then load the actual keystore:

keystore.load(inputStream, password);

请注意，bouncycastle或jdk对空密码的处理方式不同（一个密码需要一个空字符串，另一个则为null iirc）。拥有密钥库实例后，可以通过遍历别名并检查类型来轻松获得证书：

Note that an empty password is handled differently by bouncycastle or jdk (one requires an empty string the other null iirc). Once you have a keystore instance, you can get the certificates easily by looping over the aliases and checking the types:

Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
    String alias = aliases.nextElement();
    if (store.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class))
        certificates.put(alias, (X509Certificate) store.getCertificate(alias));
}

这篇关于通过Java API打开x509证书存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！