使用 java 将 .cer 转换为 .jks [英] Converting .cer to .jks using java
问题描述
我想将扩展名为 .cer 的文件转换为 .jks 文件.有人可以帮我解决这个问题吗?我用谷歌搜索,但没有得到太多信息.即使是教程或链接也可以.我猜使用了 Java Key Store.谢谢.
I wanted to convert a file with a .cer extension to .jks file. Can somebody please help me with this? I googled it but did not get much information. Even a tutorial or link would is fine. I guess Java Key Store is used. Thanks.
推荐答案
我使用 BouncyCastle 库,最新版本 (1.51)
I use BouncyCastle library, latest version (1.51)
String certificateString = textSerializer.readStringFromFile(context, certificateFileName); //CERT IN PEM
X509CertificateHolder x509CertificateHolder = pemConverter.convertPEMtoX509CertificateHolder(certificateString);
PEMConverter 是我自己的类,这个方法看起来像这样
PEMConverter is my own class and this method looks like this
public X509CertificateHolder convertPEMtoX509CertificateHolder(String certPEMData)
throws IOException {
PEMParser pemParser = new PEMParser(new StringReader(certPEMData));
Object parsedObj = pemParser.readObject();
if (parsedObj instanceof X509CertificateHolder) {
X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) parsedObj;
return x509CertificateHolder;
} else {
System.out.println("The object " + parsedObj.toString() + " is not an X509CertificateHolder.");
}
}
这会为您提供 BouncyCastle X509 证书.您可以使用转换器将其转换为 JCE 证书.
This gives you a BouncyCastle X509Certificate. You can convert this to JCE Certificate with the converter.
public X509Certificate convertToJceX509Certificate(X509CertificateHolder x509CertificateHolder) //java.security.cert.x509certificate
{
try
{
return new JcaX509CertificateConverter()
.setProvider(BouncyCastleProvider.PROVIDER_NAME)
.getCertificate(x509CertificateHolder);
}
catch (CertificateException e)
{
log.error("Error during BC -> JCA conversion of Certificate.", e);
throw new RuntimeException(e);
}
}
现在您可以使用它将其加载到密钥库中
Now you can use this to load it into a keystore
KeyPair keyPair = this.keyPairReader.readKeyPairFromFile(context, keyPairFileName);
PrivateKey privateKey = keyPair.getPrivate();
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try
{
KeyStore ks = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
ks.load(null);
ks.setKeyEntry("key-alias", (Key) privateKey, password.toCharArray(),
new java.security.cert.Certificate[] { certificate });
ks.store(bos, password.toCharArray());
bos.close();
Log.d(PKCS12KeyStoreExporter.class.getName(), "Export to byte array complete.");
}
catch(...)
{
//...
}
return bos.toByteArray();
而这个 byte[]
是您的 PKCS12 文件.但是,JKS 的唯一区别是使用标准 JCE 提供程序,并获取 JKS
实例 KeyStore 而不是 PKCS12
实例.
And this byte[]
is your PKCS12 file. However, the only difference for JKS is to use the standard JCE provider, and to get a JKS
instance KeyStore instead of the PKCS12
one.
这篇关于使用 java 将 .cer 转换为 .jks的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!