一 JAVA使用microsoft 的CAPI(CSP)读取CA客户端证书
package com.mchz.pki.capi;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
public class Main {
/**
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, "12".toCharArray());
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
System.out.println("alias: " + alias);
X509Certificate x509 = (X509Certificate) ks.getCertificate(alias);
System.out.println(x509.getSubjectX500Principal().toString());
System.out.println(x509.getSubjectX500Principal().getName("RFC1779"));
System.out.println(x509.getPublicKey());
// PrivateKey key = (PrivateKey) ks.getKey("1", "1234".toCharArray());
// System.out.println(key.toString());
}
}
}
二 JAVA使用PKCS11读取CA客户端证书
package com.mchz.pki.capi;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
public class Main2 {
/**
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
String configName = "F:\\pkcs11.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
KeyStore ks = KeyStore.getInstance("PKCS11-et199");
// KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, "1234".toCharArray());
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
System.out.println("alias: " + alias);
}
// X509Certificate x509 = (X509Certificate) ks
// .getCertificate("alfredxu's MCHZ CLIENT CA ID");
// System.out.println(x509.getSubjectX500Principal().toString());
}
}
需要使用一个配置文件
name=et199 library=F:\\et199csp11.dll
还要应用一个针对pkcs11的一个实现的DLL