说明网站配置https,需要为域名申请证书,例如域名为:www.xxx.com,申请的证书为:从上图可以看出,证书除了公钥/私钥,直接为:Nginx、Apache、IIS、Tomcat做好了准备。Java程序读取读取.pem、.key、.crtpackage com.what21.demo.cert;
import cn.hutool.crypto.PemUtil;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public class CertKeyUtils {
/**
* 读取 .pem 文件
*
* @param file
* @return
* @throws Exception
*/
public static BCRSAPublicKey readPemToPublicKey(String file) throws Exception {
InputStream input = new FileInputStream(file);
BCRSAPublicKey key = (BCRSAPublicKey) PemUtil.readPemKey(input);
return key;
}
/**
* 读取 .key 文件
*
* @param file
* @return
* @throws Exception
*/
public static BCRSAPrivateCrtKey readKeyToPrivateKey(String file) throws Exception {
InputStream input = new FileInputStream(file);
BCRSAPrivateCrtKey key = (BCRSAPrivateCrtKey) PemUtil.readPemPrivateKey(input);
return key;
}
/**
* 读取 .crt 文件
*
* @param file
* @return
* @throws Exception
*/
public static X509Certificate readCrtToPublicKey(String file) throws Exception {
InputStream input = new FileInputStream(file);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
return cert;
}
public static void main(String[] args) throws Exception {
String pemFile = "D:\\wx\\www.xxx.com\\www.xxx.com.pem";
System.out.println(readPemToPublicKey(pemFile));
String keyFile = "D:\\wx\\www.xxx.com\\www.xxx.com.key";
System.out.println(readKeyToPrivateKey(keyFile));
String crtFile = "D:\\wx\\www.xxx.com\\Nginx\\1_www.xxx.com_bundle.crt";
System.out.println(readCrtToPublicKey(crtFile));
}
}
读取JKSpackage com.what21.demo.cert;
import java.io.FileInputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
public class JksUtils {
/**
* @param storePath 秘钥库文件路径
* @param storePasswd 秘钥库密码
* @return
* @throws Exception
*/
public static KeyStore keyStore(String storePath, String storePasswd)
throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(storePath), storePasswd.toCharArray());
return keyStore;
}
/**
* @param keyStore 秘钥库
* @param alias 证书别名
* @param trustPasswd 证书密码
* @return
* @throws Exception
*/
public static KeyPair keyPair(KeyStore keyStore, String alias, String trustPasswd)
throws Exception {
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, trustPasswd.toCharArray());
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
return new KeyPair(publicKey, privateKey);
}
public static void main(String[] args) throws Exception {
String jksFile = "D:\\wx\\www.xxx.com\\Tomcat\\www.xxx.com.jks";
String keystorePass = "y696wyxqvsy3i";
KeyStore keyStore = keyStore(jksFile, keystorePass);
System.out.println(keyStore);
// 别名为域名
String alias = "www.xxx.com";
// 证书秘钥与秘钥库密码一致
String trustPasswd = "y696wyxqvsy3i";
KeyPair keyPair = keyPair(keyStore, alias, trustPasswd);
System.out.println(keyPair.getPublic());
System.out.println(keyPair.getPrivate());
}
}
读取PFXpackage com.what21.demo.cert;
import java.io.FileInputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
public class PfxUtils {
/**
* @param storePath 秘钥库文件路径
* @param storePasswd 秘钥库密码
* @return
* @throws Exception
*/
public static KeyStore keyStore(String storePath, String storePasswd)
throws Exception {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(storePath), storePasswd.toCharArray());
return keyStore;
}
/**
* @param keyStore 秘钥库
* @param alias 证书别名
* @param trustPasswd 证书密码
* @return
* @throws Exception
*/
public static KeyPair keyPair(KeyStore keyStore, String alias, String trustPasswd)
throws Exception {
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, trustPasswd.toCharArray());
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
return new KeyPair(publicKey, privateKey);
}
public static void main(String[] args) throws Exception {
String pfxFile = "D:\\wx\\www.xxx.com\\IIS\\www.xxx.com.pfx";
String keystorePass = "y696wyxqvsy3i";
KeyStore keyStore = keyStore(pfxFile, keystorePass);
System.out.println(keyStore);
// 别名为域名
String alias = "www.xxx.com";
// 证书秘钥与秘钥库密码一致
String trustPasswd = "y696wyxqvsy3i";
KeyPair keyPair = keyPair(keyStore, alias, trustPasswd);
System.out.println(keyPair.getPublic());
System.out.println(keyPair.getPrivate());
}
}