SSL证书转换(JKS、PFX)

package com.hengbao;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;

public class ConventPFX {
	public static final String PKCS12 = "PKCS12";
	public static final String JKS = "JKS";
	public static final String PFX_KEYSTORE_FILE = "G:\\0002.pfx";// pfx文件位置
	public static final String KEYSTORE_PASSWORD = "111111";// 导出为pfx文件的设的密码
	public static final String JKS_KEYSTORE_FILE = "G:\\key.jks"; // jks文件位置

	public static void main(String[] args) {
		coverTokeyStore();
	}

	public static void coverTokeyStore() {
		try {
			KeyStore inputKeyStore = KeyStore.getInstance(PKCS12);
			FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE);
			char[] mPwd = null;
			if (KEYSTORE_PASSWORD == null
					|| KEYSTORE_PASSWORD.trim().equals("")) {
				mPwd = null;
			} else {
				mPwd = KEYSTORE_PASSWORD.toCharArray();
			}
			inputKeyStore.load(fis, mPwd);
			fis.close();
			KeyStore outKeyStore = KeyStore.getInstance(JKS);
			outKeyStore.load(null, mPwd);
			Enumeration enums = inputKeyStore.aliases();
			while (enums.hasMoreElements()) {
				String keyAlias = (String) enums.nextElement();
				System.out.println("alias=[" + keyAlias + "]");
				if (inputKeyStore.isKeyEntry(keyAlias)) {
					java.security.Key key = inputKeyStore
							.getKey(keyAlias, mPwd);
					Certificate[] certChain = inputKeyStore
							.getCertificateChain(keyAlias);
					outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain);
				}
				FileOutputStream fos = new FileOutputStream(JKS_KEYSTORE_FILE);
				outKeyStore.store(fos, mPwd);
				fos.close();
			}
		} catch (KeyStoreException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (FileNotFoundException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (CertificateException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (UnrecoverableKeyException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

	public static void coverToPfx() {
		try {
			KeyStore inputKeyStore = KeyStore.getInstance(JKS);
			FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
			char[] mPwd = null;
			if (KEYSTORE_PASSWORD == null
					|| KEYSTORE_PASSWORD.trim().equals("")) {
				mPwd = null;
			} else {
				mPwd = KEYSTORE_PASSWORD.toCharArray();
			}
			inputKeyStore.load(fis, mPwd);
			fis.close();
			KeyStore outKeyStore = KeyStore.getInstance(PKCS12);
			outKeyStore.load(null, mPwd);
			Enumeration enums = inputKeyStore.aliases();
			while (enums.hasMoreElements()) {
				String keyAlias = (String) enums.nextElement();
				System.out.println("alias=[" + keyAlias + "]");
				if (inputKeyStore.isKeyEntry(keyAlias)) {
					java.security.Key key = inputKeyStore
							.getKey(keyAlias, mPwd);
					Certificate[] certChain = inputKeyStore
							.getCertificateChain(keyAlias);
					outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain);
				}
				FileOutputStream fos = new FileOutputStream(PFX_KEYSTORE_FILE);
				outKeyStore.store(fos, mPwd);
				fos.close();
			}
		} catch (KeyStoreException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (FileNotFoundException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (CertificateException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (UnrecoverableKeyException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
}

 

利用openssl完成X509证书和PFX证书之间的互转

1.将X509格式的数字证书转换成微软的PFX格式

# openssl pkcs12 -export -inkey server.key -in server.crt -out server.pfx


2.将微软的PFX数字证书转换成X509格式

# openssl pkcs12 -in server.pfx -nodes -out server.pem # 生成明文所有内容
# openssl rsa -in server.pem -out server.key # 取 key 文件
# openssl x509 -in server.pem -out server.crt # 取证书



 

你可能感兴趣的:(Android)