如何以可编程方式将受信任的证书导入现有密钥库？ [英] How do I import a trusted certificate into an existing keystore programmatically?

问题描述

我需要将一个受信任的证书导入一个已经存在的密钥库，这里是我的代码，但它抛出了一个EOFException，可能是错误？

I need to import a trusted certificate into an already existing keystore, here is my code but its throwing me an EOFException, what could be wrong?

public void importTrustedCertificate( String alias, byte [] trustedCertificate )
        throws Exception
    {
        KeyStore keyStore = KeyStore.getInstance( "JKS" );
        FileInputStream fileInputStream = new FileInputStream( "keystore" + File.separator + "ClientRegistrarKeyStore.jks" );
        FileOutputStream fileOutputStream = new FileOutputStream( "keystore" + File.separator + "ClientRegistrarKeyStore.jks" );

        keyStore.load( fileInputStream, "keystore".toCharArray() );
        keyStore.setCertificateEntry( alias, new X509Certificate( trustedCertificate ) );

        keyStore.store( fileOutputStream, "keystore".toCharArray() );
        fileInputStream.close();
        fileOutputStream.close();

        return;
    }

错误：

Exception in thread "main" java.io.EOFException
    at java.io.DataInputStream.readInt(DataInputStream.java:375)
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:628)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at com.netrust.passportverification.clientregistrar.setup.IniFileGenerator.importTrustedCertificate(IniFileGenerator.java:107)
    at com.netrust.passportverification.clientregistrar.setup.IniFileGenerator.processZipFile(IniFileGenerator.java:165)
    at com.netrust.passportverification.clientregistrar.setup.IniFileGenerator.main(IniFileGenerator.java:180)

Java Result: 1

推荐答案

您确定此位置的档案不是空的吗？可以 keytool 列出其内容吗？这个 EOFException 看起来并不特定于keystore，但是你尝试加载的初始文件似乎比它应该的短。

Are you sure the file at this location is not empty? Can keytool list its contents? This EOFException doesn't look specific to keystores, but it seems that the initial file you're trying to load from is shorter than it should be.

此外，您的 FileInputStream 和 FileOutputStream 指的是同一个文件。我建议在写入另一个之前关闭你的读取，以避免冲突：

In addition, your FileInputStream and FileOutputStream refer to the same file. I'd suggest closing the one your read from before writing to the other one, to avoid conflicts:

FileInputStream fileInputStream = new FileInputStream( "keystore" + File.separator + "ClientRegistrarKeyStore.jks" );
keyStore.load( fileInputStream, "keystore".toCharArray() );
fileInputStream.close();
keyStore.setCertificateEntry( alias, new X509Certificate( trustedCertificate ) );

FileOutputStream fileOutputStream = new FileOutputStream( "keystore" + File.separator + "ClientRegistrarKeyStore.jks" );
keyStore.store( fileOutputStream, "keystore".toCharArray() );
fileOutputStream.close();

这篇关于如何以可编程方式将受信任的证书导入现有密钥库？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！