将 CertStore 转换为 X509Certificate[ ] 数组 JAVA
convert CertStore into X509Certificate[ ] array JAVA
我创建了一个证书库,想在此 class.
中添加来自另一个函数的另一个证书
在 class 1 中使用 caCert 和 intermediateCert 创建链:
List<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(0, interCert);
certList.add(1, caCert);
Store<X509Certificate> certs = new JcaCertStore(certList);
certStore = new JcaCertStoreBuilder().addCertificates(certs).build();
我想在 class 2:
中添加一个新的构建用户证书
certStore = new JcaCertStoreBuilder().addCertificate(certHolder).build();
要将新密钥保存到我的 KeyStore,我需要一组证书 (X509Certificate[])。如何将 certStore 文件转换为数组以使 privatekeyentry 正常工作?
PrivateKeyEntry privKeyEntry = new PrivateKeyEntry(pair.getPrivate(), chain);
store.setEntry(alias, privKeyEntry, new KeyStore.PasswordProtection(storePassword));
我正在使用 BouncyCastle 1.56 和 JDK 1.7.
我认为最简单的方法是从证书存储中获取所有证书并将它们添加到数组中(而不是创建另一个证书存储并进行转换)。
要获取证书库中的所有证书,您可以这样做:
// get all certificates in certStore
Collection<? extends Certificate> allCerts = certStore.getCertificates(null);
一些实现不接受 null 参数。在这种情况下,您必须像这样创建一个选择器(使用 java.security.cert.X509CertSelector class):
Collection<? extends Certificate> allCerts = certStore.getCertificates(new X509CertSelector() {
@Override
public boolean match(Certificate cert) {
// match all certificates (so it'll return all of them)
return true;
}
});
之后,allCerts 将拥有 certStore 中的 2 个证书。
现在创建数组并添加所需的所有证书:
// create array
X509Certificate[] certificatesArray = new X509Certificate[3];
// add certificates in allCerts (the 2 that were in certStore)
int i = 0;
for (Certificate c : allCerts) {
certificatesArray[i] = (X509Certificate) c;
i++;
}
// add the new certificate (newCert being a X509Certificate)
certificatesArray[2] = newCert;
注:
如果您的新证书类型是 org.bouncycastle.cert.X509CertificateHolder,您可以使用 org.bouncycastle.cert.jcajce.JcaX509CertificateConverter class:
将其转换为 java.security.cert.X509Certificate
X509CertificateHolder certHolder = ...;
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
或者您可以使用 java.security.cert.CertificateFactory:
手动完成
X509CertificateHolder certHolder = ...;
CertificateFactory f = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) f.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
我创建了一个证书库,想在此 class.
中添加来自另一个函数的另一个证书在 class 1 中使用 caCert 和 intermediateCert 创建链:
List<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(0, interCert);
certList.add(1, caCert);
Store<X509Certificate> certs = new JcaCertStore(certList);
certStore = new JcaCertStoreBuilder().addCertificates(certs).build();
我想在 class 2:
中添加一个新的构建用户证书certStore = new JcaCertStoreBuilder().addCertificate(certHolder).build();
要将新密钥保存到我的 KeyStore,我需要一组证书 (X509Certificate[])。如何将 certStore 文件转换为数组以使 privatekeyentry 正常工作?
PrivateKeyEntry privKeyEntry = new PrivateKeyEntry(pair.getPrivate(), chain);
store.setEntry(alias, privKeyEntry, new KeyStore.PasswordProtection(storePassword));
我正在使用 BouncyCastle 1.56 和 JDK 1.7.
我认为最简单的方法是从证书存储中获取所有证书并将它们添加到数组中(而不是创建另一个证书存储并进行转换)。
要获取证书库中的所有证书,您可以这样做:
// get all certificates in certStore
Collection<? extends Certificate> allCerts = certStore.getCertificates(null);
一些实现不接受 null 参数。在这种情况下,您必须像这样创建一个选择器(使用 java.security.cert.X509CertSelector class):
Collection<? extends Certificate> allCerts = certStore.getCertificates(new X509CertSelector() {
@Override
public boolean match(Certificate cert) {
// match all certificates (so it'll return all of them)
return true;
}
});
之后,allCerts 将拥有 certStore 中的 2 个证书。
现在创建数组并添加所需的所有证书:
// create array
X509Certificate[] certificatesArray = new X509Certificate[3];
// add certificates in allCerts (the 2 that were in certStore)
int i = 0;
for (Certificate c : allCerts) {
certificatesArray[i] = (X509Certificate) c;
i++;
}
// add the new certificate (newCert being a X509Certificate)
certificatesArray[2] = newCert;
注:
如果您的新证书类型是 org.bouncycastle.cert.X509CertificateHolder,您可以使用 org.bouncycastle.cert.jcajce.JcaX509CertificateConverter class:
java.security.cert.X509Certificate
X509CertificateHolder certHolder = ...;
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
或者您可以使用 java.security.cert.CertificateFactory:
X509CertificateHolder certHolder = ...;
CertificateFactory f = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) f.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));