先生成jks,再将jks轉化為pfx
之是以所有的參數都用info[],是為了統一測試,還有就是我比較懶,不想再改了>v<
1.生成jks
package ca;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509V3CertificateGenerator;
public class MyJKS {
/**
* 根據seed産生密鑰對
* @param seed
* @return
* @throws NoSuchAlgorithmException
*/
public KeyPair generateKeyPair(int seed) throws NoSuchAlgorithmException {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(, new SecureRandom(new byte[seed]));
KeyPair keyPair = kpg.generateKeyPair();
return keyPair;
}
/**
* 建立空的jks檔案
* String[] info長度為9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber}
*/
public void generateJKS(String[] info){
try {
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(null,null);
keyStore.store(new FileOutputStream("D:/"+info[]+".jks"), "password".toCharArray());
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
e.printStackTrace();
}
}
/**
* 使用空的jks建立自己的jks
* String[] info長度為9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber}
*/
public void storeJKS(String[] info,KeyPair keyPair_root,KeyPair keyPair_user){
KeyStore keyStore;
try {
//use exited jks file
keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("D:/"+info[]+".jks"),
"password".toCharArray());
//generate user's keystore by info[8] -----keypair
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(new BigInteger(info[]));
certGen.setIssuerDN(new X509Name(
"CN=huahua, OU=hnu, O=university , C=china"));
certGen.setNotBefore(new Date(Long.parseLong(info[])));
certGen.setNotAfter(new Date(Long.parseLong(info[])));
certGen.setSubjectDN(new X509Name(
"C="+info[]+",OU="+info[]+",O="+info[]+",C="+info[]+",L="+info[]+",ST="+info[]));
certGen.setPublicKey(keyPair_user.getPublic());
certGen.setSignatureAlgorithm("SHA1WithRSA");
X509Certificate cert = null;
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
cert = certGen.generateX509Certificate( keyPair_root.getPrivate(), "BC");
X509Certificate[] chain = new X509Certificate[];
chain[] = cert;
keyStore.setKeyEntry("mykey", keyPair_user.getPrivate(), "password".toCharArray(), chain);
keyStore.setCertificateEntry("single_cert", cert);
keyStore.store(new FileOutputStream("D:/"+info[]+".jks"),
"password".toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) throws NoSuchAlgorithmException{
MyJKS myJks = new MyJKS();
String[] info = {"huahua_user","hnu","university","china","hunan","changsha","111111","11111111","1"};
KeyPair keyPair_root = myJks.generateKeyPair();
KeyPair keyPair_user = myJks.generateKeyPair();
MyJKS myJKS = new MyJKS();
myJKS.generateJKS(info);
myJKS.storeJKS(info, keyPair_root, keyPair_user);
}
}
2将jks轉化為pfx
package ca;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.util.Enumeration;
public class ConvertToPFX {
public static final String PKCS12 = "PKCS12";
public static String KEYSTORE_PASSWORD = "password";
public void toPFX(String[] info){
try {
String pfx_keystore_file = "D:/"+info[]+".pfx";
String jkx_keystore_file = "D:/"+info[]+".jks";
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(jkx_keystore_file);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)
|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
java.security.cert.Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(pfx_keystore_file);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args){
String[] info = {"huahua_user","hnu","university","china","hunan","changsha","111111","11111111","1"};
ConvertToPFX ctf = new ConvertToPFX();
ctf.toPFX(info);
}
}
第一步會生成
第二步會生成
打開pfx