Java 在不使用 keytool 的情况下以编程方式将 CA 信任证书导入现有的密钥库文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18889058/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Programmatically Import CA trust cert into existing keystore file without using keytool
提问by user2767117
I would like to create a JAVA program that import the .cer CA into the existing keystore file. So that end-user can insert the CA cert more convenience(without using CMD and key in the command).
我想创建一个将 .cer CA 导入现有密钥库文件的 JAVA 程序。这样最终用户可以更方便地插入 CA 证书(无需使用 CMD 和键入命令)。
Is that anywhere that JAVA code can do this?
JAVA 代码可以做到这一点吗?
i try some way, but still fail in getting the cert into java
我尝试了一些方法,但仍然无法将证书导入 java
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Certificate certs = cf.generateCertificates(certstream);
the error is incompatible types, is there any other suggestion?
错误是类型不兼容,还有其他建议吗?
Thanks Lot
多谢
采纳答案by user2767117
The following code inserts the CA cert file yourcert.cerinto your keystore without using keytool:
以下代码在yourcert.cer不使用的情况下将 CA 证书文件插入到您的密钥库中keytool:
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.DataInputStream;
import java.io.ByteArrayInputStream;
import java.security.spec.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;
public class ImportCA {
public static void main(String[] argv) throws Exception {
String certfile = "yourcert.cer"; /*your cert path*/
FileInputStream is = new FileInputStream("yourKeyStore.keystore");
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, "yourKeyStorePass".toCharArray());
String alias = "youralias";
char[] password = "yourKeyStorePass".toCharArray();
//////
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Certificate certs = cf.generateCertificate(certstream);
///
File keystoreFile = new File("yourKeyStorePass.keystore");
// Load the keystore contents
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, password);
in.close();
// Add the certificate
keystore.setCertificateEntry(alias, certs);
// Save the new keystore contents
FileOutputStream out = new FileOutputStream(keystoreFile);
keystore.store(out, password);
out.close();
}
private static InputStream fullStream ( String fname ) throws IOException {
FileInputStream fis = new FileInputStream(fname);
DataInputStream dis = new DataInputStream(fis);
byte[] bytes = new byte[dis.available()];
dis.readFully(bytes);
ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
return bais;
}
}
回答by Karthikeyan Sukkoor
Download certs from links and store into specific path.. then load that file into trustStore during runtime using below code.. i hope this exaple will help you..
从链接下载证书并存储到特定路径..然后在运行时使用下面的代码将该文件加载到 trustStore.. 我希望这个例子能帮助你..
KeyStore keyStore = KeyStore.getInstance("JKS");
String fileName = "D:\certs_path\cacerts"; // cerrtification file path
System.setProperty("javax.net.ssl.trustStore", fileName);
