2019独角兽企业重金招聘Python工程师标准>>> 
Java代码操作密钥库和证书的代码
/**
* 查看密钥库中密钥条目的别名
* 密钥库类型是JKS
*
* @throws Exception
*/
@Test
public void test1() throws Exception {
String pass = "123456";
String name = "E:\\keytool\\cnivi4.keystore";
FileInputStream in = new FileInputStream(name);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, pass.toCharArray());
Enumeration e = ks.aliases();
while (e.hasMoreElements()) {
System.out.println(e.nextElement());
}
}
/**
* 打印X509标准证书的信息
*
* @throws Exception
*/
@Test
public void test2() throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream("E:\\keytool\\cnivi.cer");
Certificate c = cf.generateCertificate(in);
in.close();
X509Certificate t = (X509Certificate) c;
System.out.println("版本号 " + t.getVersion());
System.out.println("序列号 " + t.getSerialNumber().toString(16));
System.out.println("全名 " + t.getSubjectDN());
System.out.println("签发者全名 " + t.getIssuerDN());
System.out.println("有效期起始日 " + t.getNotBefore());
System.out.println("有效期截至日 " + t.getNotAfter());
System.out.println("签名算法 " + t.getSigAlgName());
System.out.println("签名" + Base64.encodeBase64String(t.getSignature()));
System.out.println("公钥" + Base64.encodeBase64String(t.getPublicKey().getEncoded()));
}
/**
* 从密钥库得到证书
* 然后打印证书
*
* @throws Exception
*/
@Test
public void test3() throws Exception {
String pass = "034039";
String alias = "www.niutv.cn";
String name = "E:\\keytool\\cnivi2.keystore";
FileInputStream in = new FileInputStream(name);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, pass.toCharArray());
Certificate c = ks.getCertificate(alias);
in.close();
System.out.println(c.toString());
}
/**
* 从证书文件打印证书
*/
@Test
public void test5() throws Exception {
String cerPath = "E:\\keytool\\cnivi.cer";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(cerPath);
Certificate c = cf.generateCertificate(in);
in.close();
System.out.println(c.toString());
}
/**
* 修改密钥库的口令
*/
@Test
public void test6() throws Exception {
char[] oldpass = "034039".toCharArray();
char[] newpass = "123456".toCharArray();
String name = "E:\\keytool\\cnivi.keystore";
FileInputStream in = new FileInputStream(name);
KeyStore ks = KeyStore.getInstance("JKS");
/**
* 加载密钥库
*/
ks.load(in, oldpass);
in.close();
FileOutputStream output = new FileOutputStream(name);
/**
* 保存密钥库
* 使用新密码
*/
ks.store(output, newpass);
output.close();
}
/**
* 通过JCEKS类型的密钥库得到密钥
* 密钥库类型是JCEKS
*
* @throws Exception
*/
@Test
public void test8() throws Exception {
String storePass = "123456";
String keyPass = "034039";
String alias = "cnivi.seckey";
String storePath = "E:\\keytool\\cnivi.keystore";
FileInputStream in = new FileInputStream(storePath);
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(in, storePass.toCharArray());
SecretKey secretKey = (SecretKey) ks.getKey(alias, keyPass.toCharArray());
System.out.println(Base64.encodeBase64String(secretKey.getEncoded()));
}
/**
* 删除密钥库的条目
*/
@Test
public void test9() throws Exception {
String pass = "123456";
String name = "E:\\keytool\\cnivi4.keystore";
String alias = "www.cnivi.cn";
FileInputStream in = new FileInputStream(name);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, pass.toCharArray());
if (ks.containsAlias(alias)) {
ks.deleteEntry(alias);
FileOutputStream output = new FileOutputStream(name);
ks.store(output, pass.toCharArray());
System.out.println("Alias " + alias + " deleted");
} else {
System.out.println("Alias not exist");
}
}
/**
* JCEKS类型的密钥库添加一条密钥条目(DESede密钥)
*
* @throws Exception
*/
@Test
public void test10() throws Exception {
String pass = "123456";
String name = "E:\\keytool\\test9.keystore";
String alias = "cnivi.seckey.2";
SecretKey key = (SecretKey) DESedeCoder.tokey(DESedeCoder.initKey());
FileInputStream in = new FileInputStream(name);
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(in, pass.toCharArray());
if (!ks.containsAlias(alias)) {
Certificate[] cchain = ks.getCertificateChain(alias);
//向密钥库中添加新的条目
ks.setKeyEntry(alias, key, pass.toCharArray(), cchain);
in.close();
//将KeyStore对象内容写入新文件
FileOutputStream output = new FileOutputStream("E:\\keytool\\test9.keystore");
ks.store(output, pass.toCharArray());
output.close();
} else {
System.out.println("该密钥库中已经存在该条目");
}
}
/**
* test10测试结果
* E:\keytool>keytool -list -v -keystore test9.keystore -storetype jceks
* 输入密钥库口令:
* 密钥库类型: JCEKS
* 密钥库提供方: SunJCE
* 您的密钥库包含 2 个条目
* 别名: cnivi.seckey
* 创建日期: 2014-6-9
* 条目类型: SecretKeyEntry
* ******************************************
* ******************************************
* 别名: cnivi.seckey.2
* 创建日期: 2014-6-9
* 条目类型: SecretKeyEntry
* ******************************************
* ******************************************
*/test2测试方法打印结果
证书所包含的信息:
版本号 3
序列号 4b780999
全名 CN=cnivi.cn, OU=cnivi, O=cnivi, L=sy, ST=sy, C=CN
签发者全名 CN=cnivi.cn, OU=cnivi, O=cnivi, L=sy, ST=sy, C=CN
有效期起始日 Wed May 14 09:35:28 CST 2014
有效期截至日 Tue Dec 06 09:35:28 CST 2112
签名算法 SHA1withRSA
签名X8slRzoCFu+PKxOr3o8VzIgm0ifdoEaeems0uNgTgtR6dVsASXmMKLA0F23ddv/Ym0qX4qsOgjHN9UK7OMqBpll1QpofSIv4g/6fwVq9VnL2yh2JrdMuw6Ja8PSpZSe3E5g/tij5L5Ew4yaIofpLBl54K8tVZqG4cEfTSf5RoSEm7wtcx6tlDt/AsAMiiPnKHrCEe2bmYmMon25Pk19k3etZwvzpZejSZTFN0ceUQzjq35N/mT+eMmMxCSHKTBp9EUtIqbDmIvbsFOUGvKJZ8ovuZ4S8rZbKJ3jH4Mz+T7lpuJAvFrwoCQGVh8NyUs/VKX9k1YJ5O6RDYudKrzSxGA==
公钥MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZaxNWQCWjs0KmFxb0wkKxWfmy3enzT2jM9tMH5r3K2tPNIWWy9n/UXa/VQBamKfTPxlaxkPIrA1KAkfd69+9OZlBSNyoiXR+c64QRNl4zQUP5+DlaZnc0qvAheZuf9hfRFqXsy2HXTBGBSmoLePt6sKyM4jyZuebxiictfjBxnQbmbLTGCv3m4cRVQjNLJX0tfjNoPHuTXTx8vX/ijl0CPj+9ekLMkMzLdCup9kiWCOOJRqwBellYDj3ezk7rJHu3+f7n1Evpbm4utyle+5XIDhilndlIvS/QQCa+eNLoqK9neIfJ3jIDcsU+LUXm38zz7pxOZj9gp2dkmx//ufPwIDAQAB
Java操作JCEKS类型的密钥库
如何生成JCEKS的密钥库详见该文章:http://my.oschina.net/xinxingegeya/blog/264783
查看JCEKS类型的密钥库:
E:\keytool>keytool -list -keystore cnivi.keystore -storetype jceks -v
输入密钥库口令:
密钥库类型: JCEKS
密钥库提供方: SunJCE
您的密钥库包含 1 个条目
别名: cnivi.seckey
创建日期: 2014-5-14
条目类型: SecretKeyEntry
*******************************************
*******************************************增加一条密钥条目到该密钥库
Java代码:
package encryption.operate;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.SecretKey;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
/**
* Created with IntelliJ IDEA.
* User: ASUS
* Date: 14-5-14
* Time: 下午4:18
* To change this template use File | Settings | File Templates.
*/
public class AddSecretKeyToKeyStore {
public static void main(String args[]) throws Exception {
String storePass = "123456";
String keyPass = "034039";
String alias = "cnivi.seckey";
String storePath = "E:\\keytool\\cnivi.keystore";
FileInputStream in = new FileInputStream(storePath);
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(in, storePass.toCharArray());
//得到对称密钥SecretKey
SecretKey secretKey = (SecretKey) ks.getKey(alias, keyPass.toCharArray());
System.out.println(Base64.encodeBase64String(secretKey.getEncoded()));
System.out.println("该secretkey的算法是=" + secretKey.getAlgorithm());
/**
* 再把这个对称密钥添加进该密钥库中,起另一个别名
*/
KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(secretKey);
ks.setEntry("cnivi.secret.2", entry, new KeyStore.PasswordProtection(keyPass.toCharArray()));
//将KeyStore对象内容写入新文件
FileOutputStream output = new FileOutputStream("E:\\keytool\\cnivi.keystore");
ks.store(output, storePass.toCharArray());
output.close();
}
}查看该密钥库的详细信息
E:\keytool>keytool -list -keystore cnivi.keystore -storetype jceks -v
输入密钥库口令:
密钥库类型: JCEKS
密钥库提供方: SunJCE
您的密钥库包含 2 个条目
别名: cnivi.seckey
创建日期: 2014-5-14
条目类型: SecretKeyEntry
*******************************************
*******************************************
别名: cnivi.secret.2
创建日期: 2014-5-14
条目类型: SecretKeyEntry
*******************************************
*******************************************可以看到该密钥有了两条密钥条目,别名分别为cnivi.seckey和cnivi.seckey.2。