网站配置https,需要为域名申请证书,例如域名为:www.xxx.com,申请的证书为:
从上图可以看出,证书除了公钥/私钥,直接为:Nginx、Apache、IIS、Tomcat做好了准备。
读取.pem、.key、.crt
package com.what21.demo.cert;
import cn.hutool.crypto.PemUtil;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public class CertKeyUtils {
/**
* 读取 .pem 文件
*
* @param file
* @return
* @throws Exception
*/
public static BCRSAPublicKey readPemToPublicKey(String file) throws Exception {
InputStream input=new FileInputStream(file);
BCRSAPublicKey key=(BCRSAPublicKey) PemUtil.readPemKey(input);
return key;
}
/**
* 读取 .key 文件
*
* @param file
* @return
* @throws Exception
*/
public static BCRSAPrivateCrtKey readKeyToPrivateKey(String file) throws Exception {
InputStream input=new FileInputStream(file);
BCRSAPrivateCrtKey key=(BCRSAPrivateCrtKey) PemUtil.readPemPrivateKey(input);
return key;
}
/**
* 读取 .crt 文件
*
* @param file
* @return
* @throws Exception
*/
public static X509Certificate readCrtToPublicKey(String file) throws Exception {
InputStream input=new FileInputStream(file);
CertificateFactory cf=CertificateFactory.getInstance("X.509");
X509Certificate cert=(X509Certificate) cf.generateCertificate(input);
return cert;
}
public static void main(String[] args) throws Exception {
String pemFile="D:\\wx\\www.xxx.com\\www.xxx.com.pem";
System.out.println(readPemToPublicKey(pemFile));
String keyFile="D:\\wx\\www.xxx.com\\www.xxx.com.key";
System.out.println(readKeyToPrivateKey(keyFile));
String crtFile="D:\\wx\\www.xxx.com\\Nginx\\1_www.xxx.com_bundle.crt";
System.out.println(readCrtToPublicKey(crtFile));
}
}
读取JKS
package com.what21.demo.cert;
import java.io.FileInputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
public class JksUtils {
/**
* @param storePath 秘钥库文件路径
* @param storePasswd 秘钥库密码
* @return
* @throws Exception
*/
public static KeyStore keyStore(String storePath, String storePasswd)
throws Exception {
KeyStore keyStore=KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(storePath), storePasswd.toCharArray());
return keyStore;
}
/**
* @param keyStore 秘钥库
* @param alias 证书别名
* @param trustPasswd 证书密码
* @return
* @throws Exception
*/
public static KeyPair keyPair(KeyStore keyStore, String alias, String trustPasswd)
throws Exception {
PrivateKey privateKey=(PrivateKey) keyStore.getKey(alias, trustPasswd.toCharArray());
PublicKey publicKey=keyStore.getCertificate(alias).getPublicKey();
return new KeyPair(publicKey, privateKey);
}
public static void main(String[] args) throws Exception {
String jksFile="D:\\wx\\www.xxx.com\\Tomcat\\www.xxx.com.jks";
String keystorePass="y696wyxqvsy3i";
KeyStore keyStore=keyStore(jksFile, keystorePass);
System.out.println(keyStore);
// 别名为域名
String alias="www.xxx.com";
// 证书秘钥与秘钥库密码一致
String trustPasswd="y696wyxqvsy3i";
KeyPair keyPair=keyPair(keyStore, alias, trustPasswd);
System.out.println(keyPair.getPublic());
System.out.println(keyPair.getPrivate());
}
}
读取PFX
package com.what21.demo.cert;
import java.io.FileInputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
public class PfxUtils {
/**
* @param storePath 秘钥库文件路径
* @param storePasswd 秘钥库密码
* @return
* @throws Exception
*/
public static KeyStore keyStore(String storePath, String storePasswd)
throws Exception {
KeyStore keyStore=KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(storePath), storePasswd.toCharArray());
return keyStore;
}
/**
* @param keyStore 秘钥库
* @param alias 证书别名
* @param trustPasswd 证书密码
* @return
* @throws Exception
*/
public static KeyPair keyPair(KeyStore keyStore, String alias, String trustPasswd)
throws Exception {
PrivateKey privateKey=(PrivateKey) keyStore.getKey(alias, trustPasswd.toCharArray());
PublicKey publicKey=keyStore.getCertificate(alias).getPublicKey();
return new KeyPair(publicKey, privateKey);
}
public static void main(String[] args) throws Exception {
String pfxFile="D:\\wx\\www.xxx.com\\IIS\\www.xxx.com.pfx";
String keystorePass="y696wyxqvsy3i";
KeyStore keyStore=keyStore(pfxFile, keystorePass);
System.out.println(keyStore);
// 别名为域名
String alias="www.xxx.com";
// 证书秘钥与秘钥库密码一致
String trustPasswd="y696wyxqvsy3i";
KeyPair keyPair=keyPair(keyStore, alias, trustPasswd);
System.out.println(keyPair.getPublic());
System.out.println(keyPair.getPrivate());
}
}