如何使用java程序创建带客户端公共证书和私钥的PKCS＃12格式文件

Question

我有.pem格式文件形式的客户端公用证书和私钥文件。

你们中的任何人都可以帮助我如何使用java程序创建带有这些文件的PKCS＃12格式文件。

在这里，我已经加了我的代码

Path path = Paths.get(new File("User_privkey.pem").getAbsolutePath()); 
     Path certPath = Paths.get(new File("User.pem").getAbsolutePath()); 
     try { 
      // Used to read User_privkey.pem file to get private key 
      PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Files.readAllBytes(path)); 
      KeyFactory keyFactory = KeyFactory.getInstance("RSA"); 
      PrivateKey privateKey = keyFactory.generatePrivate(spec); 

      // Used to read user certificate 
      CertificateFactory factory = CertificateFactory.getInstance("X.509"); 
      Certificate cert = factory.generateCertificate(Files.newInputStream(certPath, null)); 

      KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 
      // add it to the keystore 
      ks.setKeyEntry("MyPKCSEntry", privateKey, "Temp".toCharArray(), new Certificate[] { cert }); 

      File file = new File("CERTIFICATE_CUSTOMPATH"); 
      OutputStream out = new FileOutputStream(file); 
      ks.store(out, "Temp".toCharArray()); 
      out.close(); 

     } catch (Exception e) { 
      System.out.println("Exception got caught" + e.getMessage()); 
     } 

Answer 1

您可以使用此代码，我也推荐这link

public static byte[] pemToPKCS12(final String keyFile, final String cerFile, final String password) throws Exception { 
// Get the private key 
FileReader reader = new FileReader(keyFile); 

PEMReader pem = new PEMReader(reader, new PasswordFinder() { 
    @Override public char[] getPassword() { 
     return password.toCharArray(); 
    } 
}); 

PrivateKey key = ((KeyPair)pem.readObject()).getPrivate(); 

pem.close(); 
reader.close(); 

// Get the certificate  
reader = new FileReader(cerFile); 
pem = new PEMReader(reader); 

X509Certificate cert = (X509Certificate)pem.readObject(); 
java.security.cert.Certificate X509Certificate = 
     new JcaX509CertificateConverter().setProvider("SC") 
      .getCertificate(cert); 
pem.close(); 
reader.close(); 

// Put them into a PKCS12 keystore and write it to a byte[] 
ByteArrayOutputStream bos = new ByteArrayOutputStream(); 
KeyStore ks = KeyStore.getInstance("PKCS12"); 
ks.load(null); 
ks.setKeyEntry("alias", (Key)key, password.toCharArray(), new java.security.cert.Certificate[]{cert}); 
ks.store(bos, password.toCharArray()); 
bos.close(); 
return bos.toByteArray();} 

Answer 2

因此需要对你的代码做的一些修正。请尝试这个全功能的代码。它不需要额外的依赖关系。我假定你的关键是PKCS＃8（与-----BEGIN PRIVATE KEY-----开始。如果不是这样，你就不会进行转换。

public static void selfSignedCertificateToP12(String privateKeyFile, String certificateFile,String p12File, String alias, char[] password) 
     throws Exception{ 
    byte privateKeyData[] = Files.readAllBytes(Paths.get(privateKeyFile)); 
    byte certificateData[] = Files.readAllBytes(Paths.get(certificateFile)); 

    //Remove PEM header, footer and \n 
    String privateKeyPEM = new String (privateKeyData, StandardCharsets.UTF_8); 
    privateKeyPEM = privateKeyPEM.replace(
      "-----BEGIN PRIVATE KEY-----\n", "") 
       .replace("-----END PRIVATE KEY-----", "") 
       .replaceAll("\n", ""); 
    byte privateKeyDER[] = Base64.getDecoder().decode(privateKeyPEM); 

    // Used to read User_privkey.pem file to get private key 
    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyDER); 
    KeyFactory keyFactory = KeyFactory.getInstance("RSA"); 
    PrivateKey privateKey = keyFactory.generatePrivate(spec); 

    // Used to read user certificate 
    CertificateFactory factory = CertificateFactory.getInstance("X.509"); 
    Certificate cert = factory.generateCertificate(new ByteArrayInputStream(certificateData)); 

    //Create keystore, add entry with the provided alias and save 
    KeyStore ks = KeyStore.getInstance("PKCS12"); 
    ks.load(null); 
    ks.setKeyEntry(alias, privateKey, password, new Certificate[] { cert }); 
    OutputStream out = new FileOutputStream(p12File); 
    ks.store(out, password); 
    out.close(); 
}