将CertStore转换为X509Certificate []数组JAVA [英] convert CertStore into X509Certificate[ ] array JAVA

问题描述

我建立了一个证书库，并希望从此类中的另一个函数添加另一个证书.

I made a cert store and want to add another certificate from another function in this class.

使用caCert和intermediateCert制作类别1中的链:

Make chain in class 1 with caCert and intermediateCert:

List<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(0, interCert);
certList.add(1, caCert);
Store<X509Certificate> certs = new JcaCertStore(certList);
certStore = new JcaCertStoreBuilder().addCertificates(certs).build();

我想在第2类中添加一个新的构建用户证书:

I want to add a new build user certificate in class 2:

certStore = new JcaCertStoreBuilder().addCertificate(certHolder).build();

要将新密钥保存到我的KeyStore中，我需要一组证书(X509Certificate[]).如何将certStore文件转换为数组以使privatekeyentry工作?

To save the new key to my KeyStore I need an array of the certificates (X509Certificate[]). How can I convert the certStore file to an array to get the privatekeyentry working?

PrivateKeyEntry privKeyEntry = new PrivateKeyEntry(pair.getPrivate(), chain);
store.setEntry(alias, privKeyEntry, new KeyStore.PasswordProtection(storePassword));

推荐答案

我正在使用 BouncyCastle 1.56 和 JDK 1.7 .

我认为最简单的方法是从证书存储中获取所有证书并将其添加到数组中(而不是创建另一个证书存储并进行转换).

I think the easiest way is to get all the certificates from the cert store and add them to an array (instead of creating another cert store and converting).

要获取证书存储中的所有证书，您可以执行以下操作:

To get all the certificates in the cert store, you can do:

// get all certificates in certStore
Collection<? extends Certificate> allCerts = certStore.getCertificates(null);

某些实现不接受null参数.在这种情况下，您必须创建一个像这样的选择器(使用java.security.cert.X509CertSelector类):

Some implementations don't accept the null argument. In this case, you must create a selector like this (using java.security.cert.X509CertSelector class):

Collection<? extends Certificate> allCerts = certStore.getCertificates(new X509CertSelector() {
    @Override
    public boolean match(Certificate cert) {
        // match all certificates (so it'll return all of them)
        return true;
    }
});

之后，allCerts将具有certStore中的2个证书.

After that, allCerts will have the 2 certificates that are in certStore.

现在，您创建阵列并添加所需的所有证书:

Now you create your array and add all the certificates you need:

// create array
X509Certificate[] certificatesArray = new X509Certificate[3];

// add certificates in allCerts (the 2 that were in certStore)
int i = 0;
for (Certificate c : allCerts) {
    certificatesArray[i] = (X509Certificate) c;
    i++;
}

// add the new certificate (newCert being a X509Certificate)
certificatesArray[2] = newCert;

---

注意: 如果新证书的类型为org.bouncycastle.cert.X509CertificateHolder，则可以使用org.bouncycastle.cert.jcajce.JcaX509CertificateConverter类将其转换为java.security.cert.X509Certificate:

---

Note: If your new certificate's type is a org.bouncycastle.cert.X509CertificateHolder, you can convert it to a java.security.cert.X509Certificate using the org.bouncycastle.cert.jcajce.JcaX509CertificateConverter class:

X509CertificateHolder certHolder = ...;
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);

或者您可以使用java.security.cert.CertificateFactory手动进行操作:

Or you can do it manually with a java.security.cert.CertificateFactory:

X509CertificateHolder certHolder = ...;
CertificateFactory f = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) f.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));

这篇关于将CertStore转换为X509Certificate []数组JAVA的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！