我有file.pfx
个文件,并且还有一个私钥。如何在Java中用file.pfx
读取证书?
我使用过这段代码:
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import javax.crypto.SecretKey;
import javax.security.auth.callback.*;
//These packages I have used.
public String readFile(String fn) {
String thisLine, ret = "";
KeyStore ks = KeyStore.getInstance("pkcs12", "SunJSSE");
ks.load(new FileInputStream(fn),"password".toCharArray());
try {
Key key = ks.getKey("1", "password".toCharArray());
Certificate[] cc = ks.getCertificateChain("1");
X509Certificate certificate1 = (X509Certificate) cc[0];//Here it throws java.lang.NullPointerException
ret += certificate1.getNotAfter();
ret += certificate1.getNotBefore();
} catch(Exception e) {
ret = "Cannot load, exception!";
}
return ret;
}
答案 0 :(得分:4)
您将收到异常,因为您的密钥库(即PKCS#12文件)不包含带有您提供的别名的证书链。
Key key = ks.getKey("1", "shalimar1234".toCharArray());
Certificate[] cc = ks.getCertificateChain("1"); // this is returning null
key
对象null
也很合理,但您似乎根本没有使用该对象。
要了解文件中可用的别名,请尝试查看从KeyStore.aliases()
返回的字符串。
答案 1 :(得分:3)
尝试使用此代码阅读.pfx文件: -
public void checkExpire() {
try {
KeyManagerFactory kmf = javax.net.ssl.KeyManagerFactory.getInstance("SunX509");
KeyStore keystore = KeyStore.getInstance("PKCS12");
char[] password= "yourfilepassword".toCharArray();
keystore.load(new FileInputStream("filepath\filename.pfx"),password);
//keystore.load(new FileInputStream(certificate), password);
kmf.init(keystore, psswd);
Enumeration<String> aliases = keystore.aliases();
while(aliases.hasMoreElements()){
String alias = aliases.nextElement();
if(keystore.getCertificate(alias).getType().equals("X.509")){
Date expDate = ((X509Certificate) keystore.getCertificate(alias)).getNotAfter();
Date fromDate= ((X509Certificate) keystore.getCertificate(alias)).getNotBefore();
System.out.println("Expiray Date:-"+expDate );
System.out.println("From Date:-"+fromDate);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
答案 2 :(得分:0)
这是关于使用Java代码打开和读取.PFX文件主题的论坛问题的link。
要总结链接中的内容,您应该能够像使用普通JKS一样打开密钥库,但稍有不同,请将密钥库类型作为pcks12
传递给提供者, SunJSSE
。
try (FileInputStream stream = new FileInputStream("C:/store.pfx")) {
KeyStore store = KeyStore.getInstance("pkcs12", "SunJSSE");
store.load(stream, "password".toCharArray());
Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) {
System.err.println(aliases.nextElement());
}
X509Certificate certificate = (X509Certificate)store.getCertificate("alias");
System.err.println(certificate.getNotAfter());
System.err.println(certificate.getNotBefore());
System.err.println(certificate.toString());
}
另一个有用的注意事项是,你可能想考虑使用和引用BouncyCastle提供商,这是我认为最完整的实现。