java中 较为常见的证书为pcks#8 格式的 ,但是往往很多应用需要pcks12格式的证书。 我们需要就证书合并为此格式的文件 并且导出 。通常pcks8格式的秘钥以-----BEGIN PRIVATE KEY-----为开头 这种属于非加密的私钥。一般常用于java程序中 。证书通常以-----BEGIN CERTIFICATE----- 开头 。中间的内容是以base64编码的字符 。
第一步我们将开始字符 结束字符替换掉
private final String RSA_START_STRING="-----BEGIN PRIVATE KEY-----";
private final String RSA_END_STRING="-----END PRIVATE KEY-----";
private final String CERT_START_STRING="-----BEGIN CERTIFICATE-----";
private final String CERT_END_STRING="-----END CERTIFICATE-----";
//加密串处理
if (StringUtils.isNotEmpty(secretDto.getKey()) && secretDto.getKey().contains(RSA_START_STRING)) {
String newString = secretDto.getKey().replaceAll(RSA_START_STRING, "")
.replaceAll(RSA_END_STRING, "");
secretDto.setKey(newString);
}
if (StringUtils.isNotEmpty(secretDto.getCertContent()) && secretDto.getCertContent().contains(CERT_START_STRING)) {
String newString = secretDto.getCertContent().replaceAll(CERT_START_STRING, "")
.replaceAll(CERT_END_STRING, "");
secretDto.setCertContent(newString);
}
第二步 传入处理好的内容 使用 KeyStore 加载证书和秘钥 并进行转换
KeyStore keyStore;
byte[] buffer = null;
FileInputStream fis = null;
ByteArrayOutputStream bos=null;
File file=null;
FileOutputStream fos=null;
try {
file = new File("output.p12");
fos = new FileOutputStream(file);
keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, null);
byte[] keyBytes = new BASE64Decoder().decodeBuffer(secretDto.getKey());
byte[] certBytes = new BASE64Decoder().decodeBuffer(secretDto.getCertContent());
// 取得私钥
EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf
.generateCertificate(new ByteArrayInputStream(certBytes));
keyStore.setCertificateEntry("cert", cert);
Certificate[] certificateChain = new Certificate[] { cert };
keyStore.setKeyEntry("private", privateKey, "".toCharArray(), certificateChain);
keyStore.store(fos, "".toCharArray());
fis = new FileInputStream(file);
bos = new ByteArrayOutputStream(1000);
byte[] b = new byte[1000];
int n;
while ((n = fis.read(b)) != -1) {
bos.write(b, 0, n);
}
buffer = bos.toByteArray();
} catch (Exception e) {
e.printStackTrace();
return null;
} finally {
try {
if(fos!=null) {
fos.close();
}
if(fis!=null) {
fis.close();
}
if(bos!=null) {
bos.close();
}
} catch (IOException e) {
e.printStackTrace();
logger.error("证书读取错误",e);
}
if (file.exists()) {
file.delete();
}
}