from http://www.cnblogs.com/rainwang/p/4252912.html
JKS文件是一个java中的密钥管理库,里面可以放各种密钥文件,JKS文件的生成这里暂且不说,这里主要是关注如何从JKS文件中将已有的密钥读取出来。
下面是两个java读取JKS文件中密钥的方法
当然在看懂下面两个方法之前要对JKS文件的结构有所了解:
JKS文件就好像一个仓库,里面可以放很多的东西,这里只存放一类东西就是密钥,仓库当然会有一把锁,防范别人随便乱拿,这个就是JKS文件的密 码。里面存放的密钥也各有不同,每个密钥都有一个名字(在下面叫别名),一类就密钥对,一类叫公钥,一类叫私钥,密钥对就是包含公钥和私钥的。这里的公钥 只要你能进入仓库你就可以随便查看拿走,私钥则是有密码的,只允许有权限的人查看拿走。所以在下面读取密钥时也就有点细微的不同之处,对于读取公钥只需要 知道JKS文件(仓库)的密码就可以了,但是在读取私钥时则必须有私钥的密码也就是你必须要有权限,在下面你会发现,在读取私钥时多了一个参数,对应的就 是私钥的密码。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
package
com.java.security;
import
java.io.File;
import
java.io.FileInputStream;
import
java.io.FileWriter;
import
java.security.Key;
import
java.security.KeyPair;
import
java.security.KeyStore;
import
java.security.KeyStoreException;
import
java.security.NoSuchAlgorithmException;
import
java.security.PrivateKey;
import
java.security.PublicKey;
import
java.security.UnrecoverableKeyException;
import
java.security.cert.Certificate;
import
sun.misc.*;
/**
*
* 从jks文件中导出私钥和证书
*
*/
public
class
ExportKey {
private
File keystoreFile;
private
String keyStoreType;
private
char
[] password;
private
String alias;
private
File exportedPrivateKeyFile;
private
File exportedPublicKeyFile;
public
static
KeyPair getKeyPair(KeyStore keystore, String alias,
char
[] password) {
try
{
Key key = keystore.getKey(alias, password);
if
(key
instanceof
PrivateKey) {
Certificate cert = keystore.getCertificate(alias);
PublicKey publicKey = cert.getPublicKey();
return
new
KeyPair(publicKey, (PrivateKey) key);
}
}
catch
(UnrecoverableKeyException e) {
}
catch
(NoSuchAlgorithmException e) {
}
catch
(KeyStoreException e) {
}
return
null
;
}
public
void
exportPrivate()
throws
Exception {
KeyStore keystore = KeyStore.getInstance(keyStoreType);
KeyPair keyPair = getKeyPair(keystore, alias, password);
BASE64Encoder encoder =
new
BASE64Encoder();
keystore.load(
new
FileInputStream(keystoreFile), password);
PrivateKey privateKey = keyPair.getPrivate();
String encoded = encoder.encode(privateKey.getEncoded());
FileWriter fw =
new
FileWriter(exportedPrivateKeyFile);
fw.write(
"-----BEGIN PRIVATE KEY-----\n"
);
fw.write(encoded);
fw.write(
"\n"
);
fw.write(
"-----END PRIVATE KEY-----"
);
fw.close();
}
public
void
exportCertificate()
throws
Exception {
KeyStore keystore = KeyStore.getInstance(keyStoreType);
BASE64Encoder encoder =
new
BASE64Encoder();
keystore.load(
new
FileInputStream(keystoreFile), password);
Certificate cert = keystore.getCertificate(alias);
String encoded = encoder.encode(cert.getEncoded());
FileWriter fw =
new
FileWriter(exportedPublicKeyFile);
fw.write(
"-----BEGIN CERTIFICATE-----\n"
);
fw.write(encoded);
fw.write(
"\n"
);
fw.write(
"-----END CERTIFICATE-----"
);
fw.close();
}
public
static
void
main(String args[])
throws
Exception {
ExportKey export =
new
ExportKey();
export.keystoreFile =
new
File(
"/home/rain/test.jks"
);
export.keyStoreType =
"JKS"
;
export.password =
"123456"
.toCharArray();
export.alias =
"test"
;
export.exportedPrivateKeyFile =
new
File(
"/home/rain/key/exported-pkcs8.key"
);
export.exportedPublicKeyFile =
new
File(
"/home/rain/key/exported-public.key"
);
export.exportPrivate();
export.exportCertificate();
}
}
|