以编程方式将CA信任证书导入现有密钥库文件，而不使用keytool [英] Programmatically Import CA trust cert into existing keystore file without using keytool

问题描述

我想创建一个JAVA程序，将.cer CA导入到现有的密钥库文件中。
因此，最终用户可以更方便地插入CA证书（不使用命令中的CMD和密钥）。

I would like to create a JAVA program that import the .cer CA into the existing keystore file. So that end-user can insert the CA cert more convenience(without using CMD and key in the command).

这是JAVA代码可以做的任何地方这个？

Is that anywhere that JAVA code can do this?

我尝试了一些方法，但仍然无法将证书转换为java

i try some way, but still fail in getting the cert into java

CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Certificate certs = cf.generateCertificates(certstream);

错误是不兼容的类型，还有其他建议吗？

the error is incompatible types, is there any other suggestion?

谢谢批次

推荐答案

我已经解决了问题。这是代码

I have solve the Question.Here's the code

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.DataInputStream;
import java.io.ByteArrayInputStream;
import java.security.spec.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;

public class ImportCA {
public static void main(String[] argv) throws Exception {

String certfile = "yourcert.cer"; /*your cert path*/
FileInputStream is = new FileInputStream("yourKeyStore.keystore");

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, "yourKeyStorePass".toCharArray());

String alias = "youralias";
char[] password = "yourKeyStorePass".toCharArray();

//////

CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Certificate certs =  cf.generateCertificate(certstream);

///
File keystoreFile = new File("yourKeyStorePass.keystore");
// Load the keystore contents
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, password);
in.close();

// Add the certificate
keystore.setCertificateEntry(alias, certs);

// Save the new keystore contents
FileOutputStream out = new FileOutputStream(keystoreFile);
keystore.store(out, password);
out.close();

}

private static InputStream fullStream ( String fname ) throws IOException {
    FileInputStream fis = new FileInputStream(fname);
    DataInputStream dis = new DataInputStream(fis);
    byte[] bytes = new byte[dis.available()];
    dis.readFully(bytes);
    ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
    return bais;
}
}

希望可以帮助那些需要它的人。它只是一个简单的代码，它将.cer文件CA证书插入到您的密钥库中，而不使用CMD中的keytool =）

Hope can help those people that need it. It's just a simple code that insert the .cer file CA cert into your keystore without using keytool in CMD =)

这篇关于以编程方式将CA信任证书导入现有密钥库文件，而不使用keytool的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！