如何在Java中读取.pfx文件的内容?

时间:2013-02-28 08:12:43

标签: java pkcs#12

我有file.pfx个文件,并且还有一个私钥。如何在Java中用file.pfx读取证书?

我使用过这段代码:

import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import javax.crypto.SecretKey;
import javax.security.auth.callback.*;
//These packages I have used.

public String readFile(String fn) { 
  String thisLine, ret = ""; 
  KeyStore ks = KeyStore.getInstance("pkcs12", "SunJSSE"); 
  ks.load(new FileInputStream(fn),"password".toCharArray()); 
  try { 
    Key key = ks.getKey("1", "password".toCharArray());
    Certificate[] cc = ks.getCertificateChain("1");
    X509Certificate certificate1 = (X509Certificate) cc[0];//Here it throws  java.lang.NullPointerException 
    ret += certificate1.getNotAfter(); 
    ret += certificate1.getNotBefore(); 
  } catch(Exception e) { 
    ret = "Cannot load, exception!";
  } 
  return ret; 
}

3 个答案:

答案 0 :(得分:4)

您将收到异常,因为您的密钥库(即PKCS#12文件)不包含带有您提供的别名的证书链。

Key key = ks.getKey("1", "shalimar1234".toCharArray());
Certificate[] cc = ks.getCertificateChain("1"); // this is returning null

key对象null也很合理,但您似乎根本没有使用该对象。

要了解文件中可用的别名,请尝试查看从KeyStore.aliases()返回的字符串。

答案 1 :(得分:3)

尝试使用此代码阅读.pfx文件: -

  public void checkExpire() {

        try {
            KeyManagerFactory kmf = javax.net.ssl.KeyManagerFactory.getInstance("SunX509");
            KeyStore keystore = KeyStore.getInstance("PKCS12");
            char[] password= "yourfilepassword".toCharArray();

            keystore.load(new FileInputStream("filepath\filename.pfx"),password);
            //keystore.load(new FileInputStream(certificate), password);
            kmf.init(keystore, psswd);
            Enumeration<String> aliases = keystore.aliases();
            while(aliases.hasMoreElements()){
                String alias = aliases.nextElement();
                if(keystore.getCertificate(alias).getType().equals("X.509")){
                Date expDate = ((X509Certificate) keystore.getCertificate(alias)).getNotAfter();
                Date fromDate= ((X509Certificate) keystore.getCertificate(alias)).getNotBefore();
        System.out.println("Expiray Date:-"+expDate );
        System.out.println("From Date:-"+fromDate);
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

答案 2 :(得分:0)

这是关于使用Java代码打开和读取.PFX文件主题的论坛问题的link

要总结链接中的内容,您应该能够像使用普通JKS一样打开密钥库,但稍有不同,请将密钥库类型作为pcks12传递给提供者, SunJSSE

try (FileInputStream stream = new FileInputStream("C:/store.pfx")) {
    KeyStore store = KeyStore.getInstance("pkcs12", "SunJSSE");
    store.load(stream, "password".toCharArray());

    Enumeration<String> aliases = store.aliases();

    while (aliases.hasMoreElements()) {
        System.err.println(aliases.nextElement());
    }

    X509Certificate certificate = (X509Certificate)store.getCertificate("alias");
    System.err.println(certificate.getNotAfter());
    System.err.println(certificate.getNotBefore());
    System.err.println(certificate.toString());
}

另一个有用的注意事项是,你可能想考虑使用和引用BouncyCastle提供商,这是我认为最完整的实现。