使用 java 将 .cer 转换为 .jks [英] Converting .cer to .jks using java

查看:111
本文介绍了使用 java 将 .cer 转换为 .jks的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想将扩展名为 .cer 的文件转换为 .jks 文件.有人可以帮我解决这个问题吗?我用谷歌搜索,但没有得到太多信息.即使是教程或链接也可以.我猜使用了 Java Key Store.谢谢.

I wanted to convert a file with a .cer extension to .jks file. Can somebody please help me with this? I googled it but did not get much information. Even a tutorial or link would is fine. I guess Java Key Store is used. Thanks.

推荐答案

我使用 BouncyCastle 库,最新版本 (1.51)

I use BouncyCastle library, latest version (1.51)

 String certificateString = textSerializer.readStringFromFile(context, certificateFileName); //CERT IN PEM
 X509CertificateHolder x509CertificateHolder = pemConverter.convertPEMtoX509CertificateHolder(certificateString);

PEMConverter 是我自己的类,这个方法看起来像这样

PEMConverter is my own class and this method looks like this

public X509CertificateHolder convertPEMtoX509CertificateHolder(String certPEMData)
    throws IOException {
    PEMParser pemParser = new PEMParser(new StringReader(certPEMData));
    Object parsedObj = pemParser.readObject();
    if (parsedObj instanceof X509CertificateHolder) {
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) parsedObj;
        return x509CertificateHolder;
    } else {
        System.out.println("The object " + parsedObj.toString() + " is not an X509CertificateHolder.");
    }
}

这会为您提供 BouncyCastle X509 证书.您可以使用转换器将其转换为 JCE 证书.

This gives you a BouncyCastle X509Certificate. You can convert this to JCE Certificate with the converter.

public X509Certificate convertToJceX509Certificate(X509CertificateHolder x509CertificateHolder) //java.security.cert.x509certificate
{
    try
    {
        return new JcaX509CertificateConverter()
            .setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(x509CertificateHolder);
    }
    catch (CertificateException e)
    {
        log.error("Error during BC -> JCA conversion of Certificate.", e);
        throw new RuntimeException(e);
    }
}

现在您可以使用它将其加载到密钥库中

Now you can use this to load it into a keystore

    KeyPair keyPair = this.keyPairReader.readKeyPairFromFile(context, keyPairFileName);
    PrivateKey privateKey = keyPair.getPrivate();

    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    try
    {
        KeyStore ks = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
        ks.load(null);
        ks.setKeyEntry("key-alias", (Key) privateKey, password.toCharArray(),
                       new java.security.cert.Certificate[] { certificate });
        ks.store(bos, password.toCharArray());
        bos.close();
        Log.d(PKCS12KeyStoreExporter.class.getName(), "Export to byte array complete.");
    }
    catch(...)
    {
        //...
    }
    return bos.toByteArray();

而这个 byte[] 是您的 PKCS12 文件.但是,JKS 的唯一区别是使用标准 JCE 提供程序,并获取 JKS 实例 KeyStore 而不是 PKCS12 实例.

And this byte[] is your PKCS12 file. However, the only difference for JKS is to use the standard JCE provider, and to get a JKS instance KeyStore instead of the PKCS12 one.

这篇关于使用 java 将 .cer 转换为 .jks的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆