keystore格式與pfx格式證書互轉
阿新 • • 發佈:2018-12-17
今天運維同事在阿里雲上申請了pfx格式的SSL證書,但是tomcat只能識別keystore格式的,所以需要轉換一下。按照下面的程式碼轉換,需要注意的是KEYSTORE_PASSWORD這裡的密碼不是隨便弄的,是生成pfx證書的時候會同時生成一個密碼,,然後就使用這個密碼。。。
package com.cloud.frame.common.util; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.Key; import java.security.KeyStore; import java.security.cert.Certificate; import java.util.Enumeration; /** * @author duxin * @date 2018-12-13 * @desc pfx格式和keystore格式的證書互轉 */ public class ConvertPFXToKeystoreUtil { public static final String PKCS12 = "PKCS12"; public static final String JKS = "JKS"; public static final String PFX_KEYSTORE_FILE = "G:\\boyacx.pfx"; public static final String KEYSTORE_PASSWORD = "Ibmr3JWC"; public static final String JKS_KEYSTORE_FILE = "G:\\bycx.keystore"; /** * 將pfx或p12的檔案轉為keystore */ public static void coverTokeyStore() { try { KeyStore inputKeyStore = KeyStore.getInstance("PKCS12"); FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE); char[] nPassword = null; if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals("")) { nPassword = null; } else { nPassword = KEYSTORE_PASSWORD.toCharArray(); } inputKeyStore.load(fis, nPassword); fis.close(); KeyStore outputKeyStore = KeyStore.getInstance("JKS"); outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray()); Enumeration enums = inputKeyStore.aliases(); while (enums.hasMoreElements()) { // we are readin just one // certificate. String keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) { Key key = inputKeyStore.getKey(keyAlias, nPassword); Certificate[] certChain = inputKeyStore .getCertificateChain(keyAlias); outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain); } } FileOutputStream out = new FileOutputStream(JKS_KEYSTORE_FILE); outputKeyStore.store(out, nPassword); out.close(); } catch (Exception e) { e.printStackTrace(); } } /** * 將keystore轉為pfx */ public static void coverToPfx() { try { KeyStore inputKeyStore = KeyStore.getInstance("JKS"); FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE); char[] nPassword = null; if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals("")) { nPassword = null; } else { nPassword = KEYSTORE_PASSWORD.toCharArray(); } inputKeyStore.load(fis, nPassword); fis.close(); KeyStore outputKeyStore = KeyStore.getInstance("PKCS12"); outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray()); Enumeration enums = inputKeyStore.aliases(); while (enums.hasMoreElements()) { // we are readin just one // certificate. String keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) { Key key = inputKeyStore.getKey(keyAlias, nPassword); Certificate[] certChain = inputKeyStore .getCertificateChain(keyAlias); outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain); } } FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE); outputKeyStore.store(out, nPassword); out.close(); } catch (Exception e) { e.printStackTrace(); } } public static void main(String[] args) { coverTokeyStore(); }