公钥加密的密钥库

Question

我使用从供应商处接收的公钥（用于IDP启动的工作流中使用的公钥）对一些SAML断言进行加密。

是否有可能是公共密钥添加到密钥库，而不是需要创建一个证书，像这样：

CertificateFactory cf = CertificateFactory.getInstance("X.509") 
Certificate cert = cf.generateCertificate(certFileStream) 

BasicX509Credential credential = new BasicX509Credential() 
credential.setUsageType(UsageType.ENCRYPTION) 
credential.setEntityCertificate((java.security.cert.X509Certificate) cert) 
credential.setPrivateKey(null) 

的原因，我感兴趣的是，因为我也有签署SAML，使用我自己的私钥 - 我从我的密钥库中解析证书。所以将它们全部放在同一个地方似乎更加直接。

Answer 1

您可以将证书存储在密钥库中并在生成证书之前将其提取出来。此代码应工作

与证书

KeyStore keyStore = KeyStore.getInstance("JKS"); 
keyStore.load(null); 
KeyStore.setCertificateEntry(alias, cert); 
FileOutputStream out = new FileOutputStream("keystore.jks"); 
keyStore.store(out, ksPassword); 
out.close(); 

加载证书密钥库从

KeyStore keyStore = KeyStore.getInstance("JKS"); 
keyStore.load( new FileInputStream("keystore.jks"),ksPassword); 
Certificate cert = keystore.getCertificate(alias); 

Answer 2

它看起来像您使用OpenSAML创建密钥库。要从OpenSAML中的Keystore读取证书，您可以像这样使用KeyStoreCredentialResolver。

keystore = KeyStore.getInstance(KeyStore.getDefaultType()); 
FileInputStream inputStream = new FileInputStream("/path/to/my/JKS"); 
keystore.load(inputStream, "MyKeystorePassword".toCharArray()); 
inputStream.close(); 

Map<String, String> passwordMap = new HashMap<String, String>(); 
passwordMap.put("MyEntryID"), "MyEntryPassword"); 
KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap); 

Criteria criteria = new EntityIDCriteria("MyEntryID"); 
CriteriaSet criteriaSet = new CriteriaSet(criteria); 

X509Credential credential = (X509Credential)resolver.resolveSingle(criteriaSet); 

更多关于使用上this post在OpenSAML解析器在我的我的博客