Java程序实现密钥库的维护
1 Java程序列出密钥库所有条目
import java.util.*;
import java.io.*;
import java.security.*;
public class ShowAlias{
public static void main(String args[ ]) throws Exception{
String pass="080302";
String name=".keystore";
FileInputStream in=new FileInputStream(name);
KeyStore ks=KeyStore.getInstance("JKS");
ks.load(in,pass.toCharArray());
Enumeratione=ks.aliases( );
while( e.hasMoreElements()) {
System.out.println(e.nextElement());
}
}
}
2 Java程序修改密钥库口令
import java.io.*;
import java.security.*;
public class SetStorePass{
public static void main(String args[ ]) throws Exception{
char[ ] oldpass="080302".toCharArray();
char[ ] newpass="123456".toCharArray();
String name=".keystore";
FileInputStream in=new FileInputStream(name);
KeyStore ks=KeyStore.getInstance("JKS");
ks.load(in,oldpass);
in.close();
FileOutputStream output=new FileOutputStream(name);
ks.store(output,newpass);
output.close();
}
}
3 Java程序修改密钥库条目的口令及添加条目
package test;
import java.io.*;
import java.security.*;
import java.security.cert.Certificate;
public class SetKeyPass{
public static void main(String args[ ]) throws Exception{
//读取相关参数
String name=".keystore";
String alias="mykey";
char[ ] storepass="123456".toCharArray();
char[ ] oldkeypass="080302".toCharArray();
char[ ] newkeypass="123456".toCharArray();
//获取密钥库.keystore的KeyStore对象,并加载密钥库
FileInputStream in=new FileInputStream(name);
KeyStore ks=KeyStore.getInstance("JKS");
ks.load(in,storepass);
//获取别名对应的条目的证书链
Certificate[ ] cchain=ks.getCertificateChain(alias);
//读取别名对应的条目的私钥
PrivateKey pk=(PrivateKey)ks.getKey(alias,oldkeypass);
//向密钥库中添加新的条目
ks.setKeyEntry(alias,pk,newkeypass,cchain);
in.close();
//将KeyStore对象内容写入新文件
FileOutputStream output=new FileOutputStream("333");
ks.store(output,storepass);
output.close();
}
}
4 Java程序检验别名及删除条目
package test;
import java.io.*;
import java.security.*;
public class DeleteAlias{
public static void main(String args[ ]) throws Exception{
String pass = "123456";
String name = ".keystore";
String alias = "mykey";
FileInputStream in=new FileInputStream(name);
KeyStore ks=KeyStore.getInstance("JKS");
ks.load(in,pass.toCharArray());
if (ks.containsAlias(alias)){
ks.deleteEntry(alias);
FileOutputStream output=new FileOutputStream(name);
ks.store(output,pass.toCharArray());
System.out.println("Alias "+alias+" deleted");
}else{
System.out.println("Alias not exist");
}
}
}
5 使用Java程序将已签名的数字证书导入密钥库
首先读取CA的证书mytest.cer和用户收到的签名后的证书lf_signed.cer(由CA私钥签发),使用这两个证书组成证书链,然后从用户的密钥库读取私钥,最后执行KeyStore对象的setKeyEntry( )方法将私钥和证书一起写入密钥库,并使用store( )方法保存为文件即可。
import java.io.*;
import java.security.*;
import java.security.cert.*;
/*
* CA证书,已经签名的用户数字证书,用户密钥库名和密码以及相应证书的私钥名称,新生成的证书名称和密钥库名以及密码
*/
public class ImportCert{
public static void main(String args[ ]) throws Exception{
//参数
String cacert="new.cer";
String lfcert="hqy.cer";
String lfstore="mykeystore";
char[] lfstorepass="080302".toCharArray( );
char[] lfkeypass="080302".toCharArray( );
//CA的证书
CertificateFactory cf=CertificateFactory.getInstance("X.509");
FileInputStream in1=new FileInputStream(cacert);
java.security.cert.Certificate cac=cf.generateCertificate(in1);
in1.close();
//用户的签名证书
FileInputStream in2=new FileInputStream(lfcert);
java.security.cert.Certificate lfc=cf.generateCertificate(in2);
in2.close();
//证书链
java.security.cert.Certificate[] cchain={lfc,cac};
//用户的密钥库
FileInputStream in3=new FileInputStream(lfstore);
KeyStore ks=KeyStore.getInstance("JKS");
ks.load(in3,lfstorepass);
PrivateKey prk=(PrivateKey)ks.getKey("new",lfkeypass);
//导入证书
ks.setKeyEntry("new_signed",prk,lfstorepass,cchain);
//保存密钥库
FileOutputStream out4=new FileOutputStream("nostore");
ks.store(out4,"080302".toCharArray());
out4.close();
}
}