java从 .pfx或.p12文件中获取公钥和私钥

java.security.KeyStore也支持PKCS12编码格式的文件解析,从.pfx或.p12文件中获取证书和私钥可以通过java.security.KeyStore来进行操作

要注意的地方是有关密钥的别名(alias)
我们用keytool工具产生证书和密钥时会被要求定义一个别名。

但用openssl之类的工具产生证书和密钥时,别名不是必须的。
获取密钥和证书时,需要指定别名。

String keystorefile = "c:\\test.p12";
String keypasswd = "mypasswd";
String keyalias = "alias";
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fin = new FileInputStream(keystorefile);
ks.load(fin,keypasswd.toCharArray());
PrivateKey prikey = (PrivateKey)ks.getKey(keyalias,keypasswd.toCharArray());
Certificate cert = ks.getCertificate(keyalias);
PublicKey pubkey = cert.getPublicKey();

当你不知道别名时,可以通过KeyStore的aliases()方法获取该文件包含的所有别名。
openssl产生的.p12文件,别名是诸如1,2,3.....
而通过导入IE再导出的.pfx文件,别名则是{xxxxx-xxxxx...}之类的。

Be careful about the password. It can *not* be empty
/**
 * Read a p12 format digital certificate. Be careful about the file format.
 * Sometimes, it might be incompatible. If it happens, import/export again
 * using netscape(p12) or IE(pfx).
 */
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Key;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import java.io.*;
import java.util.*;

public class ReadP12Cert
{
    public static void main(String[] args)
    {
        final String KEYSTORE_FILE     = "cert/dev_coo1.p12";
        final String KEYSTORE_PASSWORD = "123";
        final String KEYSTORE_ALIAS    = "alias";

        try
        {
            KeyStore ks = KeyStore.getInstance("PKCS12");
            FileInputStream fis = new FileInputStream(KEYSTORE_FILE);

            // If the keystore password is empty(""), then we have to set
            // to null, otherwise it won't work!!!
            char[] nPassword = null;
            if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals(""))
            {
                nPassword = null;
            }
            else
            {
                nPassword = KEYSTORE_PASSWORD.toCharArray();
            }
            ks.load(fis, nPassword);
            fis.close();

            System.out.println("keystore type=" + ks.getType());

            // Now we loop all the aliases, we need the alias to get keys.
            // It seems that this value is the "Friendly name" field in the
            // detals tab <-- Certificate window <-- view <-- Certificate
            // Button <-- Content tab <-- Internet Options <-- Tools menu
            // In MS IE 6.
            Enumeration enum = ks.aliases();
            String keyAlias = null;
            if (enum.hasMoreElements()) // we are readin just one certificate.
            {
                keyAlias = (String)enum.nextElement();
                System.out.println("alias=[" + keyAlias + "]");
            }

            // Now once we know the alias, we could get the keys.
            System.out.println("is key entry=" + ks.isKeyEntry(keyAlias));
            PrivateKey prikey = (PrivateKey) ks.getKey(keyAlias, nPassword);
            Certificate cert = ks.getCertificate(keyAlias);
            PublicKey pubkey = cert.getPublicKey();

            System.out.println("cert class = " + cert.getClass().getName());
            System.out.println("cert = " + cert);
            System.out.println("public key = " + pubkey);
            System.out.println("private key = " + prikey);
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }
}

你可能感兴趣的:(java-签名加密算法)