第一步:生成Keystore
package keyTools;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Provider.Service;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
public class PKCS12KeyStoreExample {
public static void genP12() {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, null);
X509Certificate cert = generateCertificate(keyPair);
char[] password = "your_password".toCharArray();
keyStore.setKeyEntry("mytest", keyPair.getPrivate(), password, new Certificate[]{cert});
FileOutputStream fos = new FileOutputStream("keystore.p12");
keyStore.store(fos, password);
fos.close();
System.out.println("PKCS12 密钥库已生成!");
} catch (Exception e) {
e.printStackTrace();
}
}
private static X509Certificate generateCertificate(KeyPair keyPair) throws Exception {
X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.setSerialNumber(BigInteger.valueOf(1));
certGenerator.setSubjectDN(new X509Principal("CN=My Certificate"));
certGenerator.setIssuerDN(new X509Principal("CN=My Certificate"));
certGenerator.setNotBefore(new Date());
certGenerator.setNotAfter(new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000L));
certGenerator.setPublicKey(keyPair.getPublic());
certGenerator.setSignatureAlgorithm("SHA256withRSA");
return certGenerator.generate(keyPair.getPrivate());
}
public static void gen() {
for (Provider provider : Security.getProviders()) {
Set<Service> set= provider.getServices();
for (Iterator iterator = set.iterator(); iterator.hasNext();) {
Service service = (Service) iterator.next();
if(service.getAlgorithm().contains("SHA256")) {
System.out.println(service.getAlgorithm());
}
}
}
}
}
第二步:解析私钥
package com.apj.read;
import java.io.FileReader;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
public class PrivateKeyParser {
public static PrivateKey read() {
try {
FileReader fileReader = new FileReader("mygovhk/cert/PRIVATE_KEY.pem");
PemReader pemReader = new PemReader(fileReader);
PemObject pemObject = pemReader.readPemObject();
byte[] privateKeyBytes = pemObject.getContent();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
System.out.println("私钥算法:" + privateKey.getAlgorithm());
System.out.println("私钥格式:" + privateKey.getFormat());
System.out.println("私钥格式:" + privateKey.toString());
pemReader.close();
return privateKey;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static void main(String[] args) {
read();
}
}
第三步:解析公钥
String certPath = "mygovhk/cert/server.crt";
KeyStore keyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(keystorePath);
keyStore.load(fis, keystorePassword.toCharArray());
fis.close();
FileInputStream certificateInputStream = new FileInputStream(certPath);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(certificateInputStream);
certificateInputStream.close();
PublicKey publicKey= certificate.getPublicKey();
第四步:导入keystore,验证公私钥是否匹配
package keyTools;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStore.PasswordProtection;
import java.security.KeyStore.ProtectionParameter;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import com.apj.read.PrivateKeyParser;
public class KeyStoreImportExample {
public static void main(String[] args) {
try {
PKCS12KeyStoreExample.genP12();
String keystorePath = "keystore.p12";
String keystorePassword = "your_password";
String certPath = "mygovhk/cert/server.crt";
KeyStore keyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(keystorePath);
keyStore.load(fis, keystorePassword.toCharArray());
fis.close();
FileInputStream certificateInputStream = new FileInputStream(certPath);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(certificateInputStream);
certificateInputStream.close();
PublicKey publicKey= certificate.getPublicKey();
PrivateKey privateKey = PrivateKeyParser.read();
KeyStore.PrivateKeyEntry privateKeyEntry =
new KeyStore.PrivateKeyEntry(privateKey, new Certificate[] {certificate});
System.out.println(privateKey);
ProtectionParameter param = new PasswordProtection(keystorePassword.toCharArray());
keyStore.setEntry("mytest22",privateKeyEntry,param);
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
byte[] data = "Hello, World!".getBytes();
signature.update(data);
byte[] signatureBytes = signature.sign();
signature.initVerify(publicKey);
signature.update(data);
boolean verified = signature.verify(signatureBytes);
if (verified) {
System.out.println("公钥与私钥匹配!");
FileOutputStream fos = new FileOutputStream(keystorePath);
keyStore.store(fos, keystorePassword.toCharArray());
fos.close();
} else {
System.out.println("公钥与私钥不匹配!");
}
System.out.println("证书已成功导入到密钥库!");
} catch (Exception e) {
e.printStackTrace();
}
}
}