Java中JKS不同类型的keystore
JKS是Java中的keystore,keystore是java的密钥库、用来进行通信加密用的、比如数字签名。keystore就是用来保存密钥对的,比如公钥和私钥。具体用法,在网上搜java数字签名,文件加密就行了、有很多教程的。
接下来我们将展示如何使用纯Java代码的JKS keystore。
1.创建JKS的keystore
创建一个硕密钥库创建一个空的密钥库的最简单的方法。我们可以先得到密钥库实例,然后加载一个空库。加载后的空库,我们只需要为密钥的密钥。密钥名称和密码store()。
下面是一个简单的演示:
package cn.iigrowing.keystore.store;
import java.io.FileOutputStream;
import java.security.KeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class IigJavaStore {
final static Logger logger = LoggerFactory.getLogger(IigJavaStore.class);
public static void main(String[] args) throws Exception {
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.store(new FileOutputStream("mytestkey.jks"), "password".toCharArray());
} catch (Exception ex) {
ex.printStackTrace();
}
}
}2.存储私钥
现在让我们来存储一个私钥和相关的证书链的密钥。注意我们不能存储私钥不相关的证书链到一个密钥使用JDK。与其他一些库或本地库,你可以存储私钥不相关的证书链。
请确保前面的代码正确运行了, 这样下那个项目下面会创建一个mytestkey.jks文件, 这样在相同项目里面在创建下面代码, 才能正确运行, 代码如下:
package cn.iigrowing.keystore.store;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
//import javax.security.cert.X509Certificate;
import sun.security.x509.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class IigJavaStore2 {
final static Logger logger = LoggerFactory.getLogger(IigJavaStore2.class);
public static void main(String[] args) throws Exception {
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("mytestkey.jks"), "password".toCharArray());
CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA1WithRSA");
gen.generate(1024);
Key key = gen.getPrivateKey();
X509Certificate cert = gen.getSelfCertificate(new X500Name("CN=ROOT"), (long) 365 * 24 * 3600);
X509Certificate[] chain = new X509Certificate[1];
chain[0] = cert;
keyStore.setKeyEntry("mykey", key, "password".toCharArray(), chain);
keyStore.store(new FileOutputStream("mytestkey.jks"), "password".toCharArray());
} catch (Exception ex) {
ex.printStackTrace();
}
}
}3.存储证书
package cn.iigrowing.keystore.store;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
//import javax.security.cert.X509Certificate;
import sun.security.x509.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class IigJavaStore3 {
final static Logger logger = LoggerFactory.getLogger(IigJavaStore3.class);
public static void main(String[] args) throws Exception {
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("mytestkey.jks"), "password".toCharArray());
CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA1WithRSA");
gen.generate(1024);
X509Certificate cert = gen.getSelfCertificate(new X500Name("CN=SINGLE_CERTIFICATE"),
(long) 365 * 24 * 3600);
keyStore.setCertificateEntry("single_cert", cert);
keyStore.store(new FileOutputStream("mytestkey.jks"), "password".toCharArray());
} catch (Exception ex) {
ex.printStackTrace();
}
}
}4.加载私钥
package cn.iigrowing.keystore.store;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class IigJavaStore5 {
final static Logger logger = LoggerFactory.getLogger(IigJavaStore5.class);
public static void main(String[] args) throws Exception {
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("mytestkey.jks"), "password".toCharArray());
Key key = keyStore.getKey("alias", "password".toCharArray());
// System.out.println("Private key : "+key.toString()); //You will
// get a NullPointerException if you uncomment this line
java.security.cert.Certificate[] chain = keyStore.getCertificateChain("mykey");
for (java.security.cert.Certificate cert : chain) {
System.out.println(cert.toString());
}
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
注意注释行,关键是空的预期。我们可以拿到证书链正常但。
代码
[
[
Version: V3
Subject: CN=ROOT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 90980299845597512779139009881469177009407272139633139241921529845092210461181243924599150259446249079941561941533303439718936138867375776965995893255358889228584415558006141961051402385279285497775776996780406808976543439543789816486513982581378223575354716191394304768315366544413052547926792470794374067383
public exponent: 65537
Validity: [From: Sat Sep 06 09:57:28 CST 2014,
To: Sun Sep 06 09:57:28 CST 2015]
Issuer: CN=ROOT
SerialNumber: [ 206b697b]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 53 6A FD FE E6 3A 5E 6E A6 43 C4 F4 D1 56 D4 08 Sj...:^n.C...V..
0010: 7E 3B 8B 73 68 71 56 AB 96 FE 24 E7 2D DC 04 BB .;.shqV...$.-...
0020: 14 B0 C6 71 8D F0 3E EC FE D8 5B BB 8C 0F 55 63 ...q..>...[...Uc
0030: 2B 38 8E 45 F1 2D F0 BB 8C 6D 13 A8 11 37 E1 FA +8.E.-...m...7..
0040: 77 AF C7 73 72 2B 40 4F 74 32 F6 3C 24 E6 AB ED w..sr+@Ot2.<$...
0050: 2C 6F 19 2E DC 58 5F CB 75 62 40 2F 3E BE 59 99 ,o...X_.ub@/>.Y.
0060: C0 1F 7A 70 15 AF C3 66 B3 4F C9 11 C3 45 59 EF ..zp...f.O...EY.
0070: 36 F4 1C C9 9B FA 5E 43 A0 28 DB 07 0D F2 53 6E 6.....^C.(....Sn
]
5.加载证书
package cn.iigrowing.keystore.store;
import java.io.FileInputStream;
import java.security.KeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class IigJavaStore6 {
final static Logger logger = LoggerFactory.getLogger(IigJavaStore6.class);
public static void main(String[] args) throws Exception {
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("mytestkey.jks"), "password".toCharArray());
java.security.cert.Certificate cert = keyStore.getCertificate("single_cert");
System.out.println(cert.toString());
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
输出将是:
代码
[
[
Version: V3
Subject: CN=SINGLE_CERTIFICATE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 99756834215197288877309915243024788596281418171661241282881476656110879586349799740269767889529808199104172091786860877280382867461569439907754755558759387462421169749111354565793974372777424046360810758009149155148290676527032833774084635148674232352006810533640038723102562578516643345287042787777951043863
public exponent: 65537
Validity: [From: Sat Sep 06 10:14:33 CST 2014,
To: Sun Sep 06 10:14:33 CST 2015]
Issuer: CN=SINGLE_CERTIFICATE
SerialNumber: [ 6943e549]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 35 58 70 96 F4 35 82 2A 95 9F BB 31 02 6E 7C 29 5Xp..5.*...1.n.)
0010: 4A FE AF EB 2D B5 3A A7 C7 9D 4C 9A 34 2C 5C 46 J...-.:...L.4,\F
0020: C2 82 A8 AC 1A C0 98 A5 67 21 74 7B 1E E2 E5 AC ........g!t.....
0030: DE B2 1D 87 BE 16 45 9B D0 2A D3 2B F6 E1 4B 35 ......E..*.+..K5
0040: 27 8B A7 0A EF F2 07 41 90 A6 69 07 BE 87 C5 B1 '......A..i.....
0050: 54 DE DB A2 5A 41 47 3B 3F A7 74 6F 5C C8 8D B4 T...ZAG;?.to\...
0060: C8 65 2B 0F 8E 94 A8 80 C7 8B B5 78 FA C2 9C ED .e+........x....
0070: 8E EC 28 E4 8E 62 A1 59 6A BC 37 7B 0D FC C7 AF ..(..b.Yj.7.....
]
既然我们不能提取张根硕私钥,所以我们只能导入证书硕。然而,我们可以从其他类型的密钥提取私钥(12),然后将它们存储在keystore硕。
我们将在以后的文章中其他类型keystore。来源: http://www.webkfa.com/one7/w495.html
