我打算做的是编写一个使用SSL(TLS)连接来交换数据的客户端服务器应用程序.
由于客户端是可下载的,并且我不能保证可以访问密钥库,因此我正在寻找一种在运行时导入证书的方法.
我需要的:
>一种将服务器的公钥/证书导入客户端应用程序的方法
>一种将服务器的私钥/证书导入服务器应用程序的方法
到目前为止,我发现了什么:
// load the server's public crt (pem), exported from a https website
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(new
FileInputStream("C:\certificate.crt"));
// load the pkcs12 key generated with openssl out of the server.crt and server.key (private) (if the private key is stored in the pkcs file, this is not a solution as I need to ship it with my application)
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("C:\certificate.pkcs"), "password".toCharArray());
ks.setCertificateEntry("Alias", cert);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "password".toCharArray());
// create SSLContext to establish the secure connection
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
这对我不起作用,因为出现错误:
java.security.KeyStoreException: TrustedCertEntry not supported at ks.setCertificateEntry(“Alias”, cert);
另外,我认为pkcs12用于存储私钥,这不是我想要的.
我是Java的新手,现在真的很难解决这个问题.
提前致谢,
一雄