Java Tutorial/Security/Keystore
Содержание
- 1 Adding a Certificate to a Key Store
- 2 Create a keystore with a self-signed certificate, using the keytool command
- 3 Listing the Aliases in a Key Store: A key store is a collection of keys and certificates.
- 4 Listing the Aliases in a Key Store using keytool:
- 5 Retrieving a Certificate from a Key Store
- 6 Retrieving a Key Pair from a Key Store
- 7 Specify the keystore of certificates using the javax.net.ssl.keyStore system property:
Adding a Certificate to a Key Store
<source lang="java">
import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.Key; import java.security.KeyStore; import java.security.cert.Certificate; public class Main {
public static void main(String[] argv) throws Exception { FileInputStream is = new FileInputStream("your.keystore"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, "my-keystore-password".toCharArray()); String alias = "myalias"; char[] password = "password".toCharArray(); Certificate cert = keystore.getCertificate(alias); File keystoreFile = new File("your.keystore"); // Load the keystore contents FileInputStream in = new FileInputStream(keystoreFile); keystore.load(in, password); in.close(); // Add the certificate keystore.setCertificateEntry(alias, cert); // Save the new keystore contents FileOutputStream out = new FileOutputStream(keystoreFile); keystore.store(out, password); out.close(); }
}</source>
Create a keystore with a self-signed certificate, using the keytool command
<source lang="java">
keytool -keystore mySrvKeystore -keypasswd 123456 -genkey -keyalg RSA -alias mycert</source>
Listing the Aliases in a Key Store: A key store is a collection of keys and certificates.
<source lang="java">
import java.io.FileInputStream; import java.security.KeyStore; import java.util.Enumeration; public class Main {
public static void main(String[] argv) throws Exception { FileInputStream is = new FileInputStream("yourfile"+".keystore"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "my-keystore-password"; keystore.load(is, password.toCharArray()); Enumeration e = keystore.aliases(); for (; e.hasMoreElements();) { String alias = (String) e.nextElement(); boolean b = keystore.isKeyEntry(alias); b = keystore.isCertificateEntry(alias); } is.close(); }
}</source>
Listing the Aliases in a Key Store using keytool:
<source lang="java">
keytool -list -storepass my-keystore-password</source>
Retrieving a Certificate from a Key Store
<source lang="java">
import java.io.FileInputStream; import java.security.KeyStore; public class Main {
public static void main(String[] argv) throws Exception { FileInputStream is = new FileInputStream("your.keystore"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, "my-keystore-password".toCharArray()); // Get certificate java.security.cert.Certificate cert = keystore.getCertificate("myalias"); }
}</source>
Retrieving a Key Pair from a Key Store
<source lang="java">
import java.io.FileInputStream; import java.security.Key; import java.security.KeyPair; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.Certificate; public class Main {
public static void main(String[] argv) throws Exception { FileInputStream is = new FileInputStream("your.keystore"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, "my-keystore-password".toCharArray()); String alias = "myalias"; Key key = keystore.getKey(alias, "password".toCharArray()); if (key instanceof PrivateKey) { // Get certificate of public key Certificate cert = keystore.getCertificate(alias); // Get public key PublicKey publicKey = cert.getPublicKey(); // Return a key pair new KeyPair(publicKey, (PrivateKey) key); } }
}</source>
Specify the keystore of certificates using the javax.net.ssl.keyStore system property:
<source lang="java">
java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer</source>