个人中心
gpt4 book ai didi

java - 从 keystore 获取私钥

转载 作者:行者123 更新时间:2023-12-01 11:55:53 29 4
gpt4 key购买 nike

我有由其他人签名的.cer。由此我使用下面的工具创建私钥文件.jks

keytool -importcert -file aaa.cer -keystore aaa.jks -alias abcd

输出:

Owner: CN=Sample, EMAILADDRESS=hello@gmail.com, C=IN, OU=Director, O=ABCDEF
Issuer: C=IN, O=ABCDEF, CN=Owner
Serial number: 1
Valid from: Fri Feb 20 17:11:48 IST 2015 until: Mon Feb 19 17:11:48 IST 2018
Certificate fingerprints:
         MD5:  59:9A:1C:FA:F7:F3:45:CA:06:1D:FA:AA:13:B7:68:1C
         SHA1: 3B:4E:4B:5A:57:9E:DC:D6:3E:3C:EB:18:91:60:B6:EA:9D:FB:6E:DA
         SHA256: 37:04:49:08:0A:2E:1D:5D:58:51:0E:69:C3:85:5C:45:55:F0:D9:6B:27:EE:99:6B:E7:08:B7:4A:EA:E0:83:EC
         Signature algorithm name: SHA1withRSA
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

我需要在 XML 上签名,因为我在下面编写了代码,

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document inputDocument = dbf.newDocumentBuilder().parse(new InputSource(new StringReader(xmlDoc)));
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("../cer/aaa.jks"), "xxxxxxx".toCharArray());
KeyStore.PrivateKeyEntry keyEntry =(KeyStore.PrivateKeyEntry) ks.getEntry("abcd", new KeyStore.PasswordProtection("xxxxxxx".toCharArray()));
X509Certificate x509Cert = (X509Certificate) keyEntry.getCertificate();
X509Certificate x509Cert = (X509Certificate) keyEntry.getCertificate();
XMLSignatureFactory fac = XMLSignatureFactory.getInstance(MEC_TYPE);
Reference ref = fac.newReference(WHOLE_DOC_URI, fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null)), null, null);
SignedInfo sInfo = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),Collections.singletonList(ref));
KeyInfo kInfo = getKeyInfo(x509Cert, fac);
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),inputDocument.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(sInfo,kInfo);
signature.sign(dsc);
Node node = dsc.getParent();
Document signedDocument = node.getOwnerDocument();  
StringWriter stringWriter = new StringWriter();
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(signedDocument), new StreamResult(stringWriter));
return stringWriter.getBuffer().toString();

但是我在第 6 行遇到异常。

堆栈跟踪:

java.lang.UnsupportedOperationException: trusted certificate entries are not password-protected
    at java.security.KeyStoreSpi.engineGetEntry(Unknown Source)
    at java.security.KeyStore.getEntry(Unknown Source)

请帮忙解决这个问题,谢谢。

最佳答案

.cer 文件仅包含公钥以及来自 CA 的一些签名信息,因此您的 keystore 中没有可供检索的私钥。您导入 .cer 文件的操作是将其添加到 JVM 将信任的证书集中。

要完成这项工作,您需要的是用于生成该证书的证书签名请求的私钥文件。如果它不是使用 keytool 在 java-keystore 中创建的,您可能需要执行一些额外的步骤,因为您无法直接将私钥和证书导入 .jks 文件,但例如必须创建一个中间 PKCS12 keystore 。使用 openssl 它可能会像这样工作:

# Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name myservercert -in certificate.cer -inkey server.key -out keystore.p12
# Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias abcd

关于java - 从 keystore 获取私钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28447854/

29 4 0
文章推荐: java - 如何使用selenium关闭弹出窗口?
文章推荐: regex - 如何使用正则表达式来验证 iSCSI 目标名称?
文章推荐: sql - 空 BLOBS - SQL Server
文章推荐: java - NVDA + JAB + Swing 对 swing 组件上的悬停事件没有响应
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com