我正在使用从供应商处收到的公钥加密某些SAML断言(在IDP发起的工作流程中使用)。
是否可以将该公钥添加到密钥库而不需要创建凭证,如下所示:
CertificateFactory cf = CertificateFactory.getInstance("X.509")
Certificate cert = cf.generateCertificate(certFileStream)
BasicX509Credential credential = new BasicX509Credential()
credential.setUsageType(UsageType.ENCRYPTION)
credential.setEntityCertificate((java.security.cert.X509Certificate) cert)
credential.setPrivateKey(null)
我感兴趣的原因是因为我还必须使用自己的私钥来签署SAML - 我从我的密钥库中解析了凭据。所以将它们放在同一个地方似乎更直接。
答案 0 :(得分:0)
您可以将证书存储在密钥库中,并在生成凭据之前将其解压缩。这段代码应该可行
使用证书创建密钥库
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null);
KeyStore.setCertificateEntry(alias, cert);
FileOutputStream out = new FileOutputStream("keystore.jks");
keyStore.store(out, ksPassword);
out.close();
从密钥库加载证书
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load( new FileInputStream("keystore.jks"),ksPassword);
Certificate cert = keystore.getCertificate(alias);
答案 1 :(得分:0)
看起来你正在使用OpenSAML。要从OpenSAML中的密钥库读取凭据,请使用KeyStoreCredentialResolver。
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream inputStream = new FileInputStream("/path/to/my/JKS");
keystore.load(inputStream, "MyKeystorePassword".toCharArray());
inputStream.close();
Map<String, String> passwordMap = new HashMap<String, String>();
passwordMap.put("MyEntryID"), "MyEntryPassword");
KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap);
Criteria criteria = new EntityIDCriteria("MyEntryID");
CriteriaSet criteriaSet = new CriteriaSet(criteria);
X509Credential credential = (X509Credential)resolver.resolveSingle(criteriaSet);
更多关于在我的博客上使用this post上的OpenSAML中的解析器