從PFX文件中獲取私鑰、公鑰證書,、公鑰

怡紅公子0526 2020-09-18

展開全文

https://blog.csdn.net/ZuoYanYouYan/article/details/77868584

該類具體功能：根據(jù)pfx證書得到私鑰,、根據(jù)私鑰字節(jié)數(shù)組獲取私鑰對象,、根據(jù)公鑰字節(jié)數(shù)組獲取公鑰,、根據(jù)pfx證書獲取證書對象，根據(jù)私鑰,、公鑰證書,、密碼生成pkcs12，根據(jù)私鑰,、公鑰證書,、密鑰，合成為pfx文件,，依賴工具包：commons-io

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Enumeration;

/**
 * Created by ssl on 2017/9/5.
 */
public class PFXUtil {

    /**
     * 獲取RSA算法的keyFactory
     *
     * @return
     */
    private static KeyFactory getKeyFactory() throws Exception {
        return getKeyFactory("RSA");
    }

    /**
     * 獲取指定算法的keyFactory
     *
     * @param algorithm
     * @return
     */
    private static KeyFactory getKeyFactory(String algorithm) throws Exception {
        KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
        return keyFactory;
    }

    /**
     * 根據(jù)pfx證書獲取keyStore
     *
     * @param pfxData
     * @param password
     * @return
     * @throws Exception
     */
    private static KeyStore getKeyStore(byte[] pfxData, String password) throws Exception {
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(new ByteArrayInputStream(pfxData), password.toCharArray());
        return keystore;
    }

    /**
     * 根據(jù)pfx證書得到私鑰
     *
     * @param pfxData
     * @param password
     * @throws Exception
     */
    public static PrivateKey getPrivateKeyByPfx(byte[] pfxData, String password) throws Exception {
        PrivateKey privateKey = null;
        KeyStore keystore = getKeyStore(pfxData, password);
        Enumeration<String> enums = keystore.aliases();
        String keyAlias = "";
        while (enums.hasMoreElements()) {
            keyAlias = enums.nextElement();
            if (keystore.isKeyEntry(keyAlias)) {
                privateKey = (PrivateKey) keystore.getKey(keyAlias, password.toCharArray());
            }
        }
        return privateKey;
    }

    /**
     * 根據(jù)pfx證書得到私鑰
     *
     * @param pfxPath
     * @param password
     * @return
     * @throws Exception
     */
    public static PrivateKey getPrivateKeyByPfx(String pfxPath, String password) throws Exception {
        File pfxFile = new File(pfxPath);
        return getPrivateKeyByPfx(FileUtils.readFileToByteArray(pfxFile), password);
    }

    /**
     * 根據(jù)私鑰字節(jié)數(shù)組獲取私鑰對象
     *
     * @param privateKeyByte
     * @return
     * @throws Exception
     */
    public static PrivateKey getPrivateKey(byte[] privateKeyByte) throws Exception {
        PrivateKey privateKey = null;
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyByte);
        KeyFactory keyFactory = getKeyFactory();
        privateKey = keyFactory.generatePrivate(keySpec);
        return privateKey;
    }

    /**
     * 根據(jù)私鑰Base64字符串獲取私鑰對象
     *
     * @param privateKeyStr
     * @return
     * @throws Exception
     */
    public static PrivateKey getPrivateKey(String privateKeyStr) throws Exception {
        byte[] privateKeyByte = Base64.decodeBase64(privateKeyStr);
        return getPrivateKey(privateKeyByte);
    }

    /**
     * 根據(jù)公鑰字節(jié)數(shù)組獲取公鑰
     *
     * @param publicKeyByte 公鑰字節(jié)數(shù)組
     * @return
     * @throws Exception
     */
    public static PublicKey getPublicKey(byte[] publicKeyByte) throws Exception {
        PublicKey publicKey = null;
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyByte);
        KeyFactory keyFactory = getKeyFactory();
        publicKey = keyFactory.generatePublic(keySpec);
        return publicKey;
    }

    /**
     * 根據(jù)公鑰base64字符串獲取公鑰
     *
     * @param publicKeyStr Base64編碼后的公鑰字節(jié)數(shù)組
     * @return
     * @throws Exception
     */
    public static PublicKey getPublicKey(String publicKeyStr) throws Exception {
        byte[] publicKeyByte = Base64.decodeBase64(publicKeyStr);
        return getPublicKey(publicKeyByte);
    }

    /**
     * 根據(jù)pfx證書獲取證書對象
     *
     * @param pfxData  pfx的字節(jié)數(shù)組
     * @param password pfx證書密碼
     * @return
     * @throws Exception
     */
    public static X509Certificate getX509Certificate(byte[] pfxData, String password) throws Exception {
        X509Certificate x509Certificate = null;
        KeyStore keystore = getKeyStore(pfxData, password);
        Enumeration<String> enums = keystore.aliases();
        String keyAlias = "";
        while (enums.hasMoreElements()) {
            keyAlias = enums.nextElement();
            if (keystore.isKeyEntry(keyAlias)) {
                x509Certificate = (X509Certificate) keystore.getCertificate(keyAlias);
            }
        }
        return x509Certificate;
    }

    /**
     * 根據(jù)pfx證書獲取證書對象
     *
     * @param pfxPath  pfx證書路徑
     * @param password pfx證書密碼
     * @return
     * @throws Exception
     */
    public static X509Certificate getX509Certificate(String pfxPath, String password) throws Exception {
        File pfxFile = new File(pfxPath);
        return getX509Certificate(FileUtils.readFileToByteArray(pfxFile), password);
    }

    //生成pkcs12

    /**
     * 根據(jù)私鑰,、公鑰證書、密碼生成pkcs12
     *
     * @param privateKey      私鑰
     * @param x509Certificate 公鑰證書
     * @param password        需要設(shè)置的密鑰
     * @return
     * @throws Exception
     */
    public static byte[] generatorPkcx12(PrivateKey privateKey, X509Certificate x509Certificate, String password)
            throws Exception {
        Certificate[] chain = {x509Certificate};
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(null, password.toCharArray());
        keystore.setKeyEntry(x509Certificate.getSerialNumber().toString(), privateKey, password.toCharArray(), chain);
        ByteArrayOutputStream bytesos = new ByteArrayOutputStream();
        keystore.store(bytesos, password.toCharArray());
        byte[] bytes = bytesos.toByteArray();
        return bytes;
    }

    //合成pfx

    /**
     * 根據(jù)私鑰,、公鑰證書,、密鑰，保存為pfx文件
     *
     * @param privateKey      私鑰
     * @param x509Certificate 公鑰證書
     * @param password        打開pfx的密鑰
     * @param saveFile        保存的文件
     * @return
     * @throws Exception
     */
    public static String generatorPFX(PrivateKey privateKey, X509Certificate x509Certificate, String password, File
            saveFile) throws Exception {
        //判斷文件是否存在
        if (!saveFile.exists()) {
            //判斷文件的目錄是否存在
            if (!saveFile.getParentFile().exists()) {
                saveFile.getParentFile().mkdirs();
            }
            saveFile.createNewFile();
        }
        byte[] pkcs12Byte = generatorPkcx12(privateKey, x509Certificate, password);
        FileUtils.writeByteArrayToFile(saveFile, pkcs12Byte);
        return saveFile.getPath();
    }

    public static void main(String[] args) throws Exception {
        String pfxPath = "C:\\Users\\49383\\Desktop\\文件\\國新測試證書-1.pfx";
        String password = "1";
        //私鑰：pfx文件中獲取私鑰對象
        PrivateKey privateKey = getPrivateKeyByPfx(pfxPath, password);
        byte[] privateKeyByte = privateKey.getEncoded();
        String privateKeyStr = Base64.encodeBase64String(privateKeyByte);
        System.out.println("私鑰Base64字符串：" + privateKeyStr);
        //=====私鑰Base64字符串轉(zhuǎn)私鑰對象
        PrivateKey privateKey2 = getPrivateKey(privateKeyStr);
        System.out.println("私鑰Base64字符串2：" + Base64.encodeBase64String(privateKey2.getEncoded()));
        //證書：從pfx文件中獲取證書對象
        X509Certificate certificate = getX509Certificate(pfxPath, password);
        System.out.println("證書主題：" + certificate.getSubjectDN().getName());
        String publicKeyStr = Base64.encodeBase64String(certificate.getPublicKey().getEncoded());
        System.out.println("公鑰Base64字符串：" + publicKeyStr);
        //=====根據(jù)公鑰Base64字符串獲取公鑰對象
        System.out.println("公鑰Base64字符串2：" + Base64.encodeBase64String(getPublicKey(publicKeyStr).getEncoded()));
        //PFX：合成pfx（需要私鑰,、公鑰證書）
        String savePath = generatorPFX(privateKey, certificate, "1", new File
                ("C:\\Users\\49383\\Desktop\\文件\\009\\009.pfx"));
        System.out.println(savePath);
    }
}

本站是提供個(gè)人知識管理的網(wǎng)絡(luò)存儲空間,，所有內(nèi)容均由用戶發(fā)布，不代表本站觀點(diǎn),。請注意甄別內(nèi)容中的聯(lián)系方式,、誘導(dǎo)購買等信息，謹(jǐn)防詐騙,。如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容,，請點(diǎn)擊一鍵舉報(bào),。

轉(zhuǎn)藏 分享

QQ空間 QQ好友新浪微博微信

獻(xiàn)花（0） +1

來自：怡紅公子0526 > 《待分類》

舉報(bào)/認(rèn)領(lǐng)