远程服务器创建的JKS证书下载到本地 并对业务数据进行签名实现
一、创建远程证书
private X509V3CertificateGenerator builder(int days){
var cert=new X509V3CertificateGenerator();
cert.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
cert.setIssuerDN(new X500Principal(ISSUER));
cert.setNotBefore(new Date(System.currentTimeMillis()-1000L*60*60*24));
cert.setNotAfter(new Date(System.currentTimeMillis()+1000L*60*60*24*days));
var subject= Optional.ofNullable(System.getenv("appid")).orElse(SUBJECT);
cert.setSubjectDN(new X500Principal(subject));
cert.setPublicKey(publicKey);
cert.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
return cert;
}
二、复制JKS文件到本地
三、本地加载JKS文件
var keyStore=KeyStore.getInstance("JKS")
var filename= Optional.ofNullable(System.getenv("appid")).orElse(ALIAS);
keyStore.load(new FileInputStream(filename+".jks"),PASSWORD);
var cert=(X509Certificate)keyStore.getCertificate(ALIAS);
return Map.of("pri",keyStore.getKey(ALIAS,PASSWORD),"pub",cert.getPublicKey());
这样导入私钥和公钥就成功了
注意ALIAS与PASSWORD与远程生成证书时应相同。