注意,这个代码只能提取标准 jks 文件中的公钥和私钥,如果是使用 jdk17
中的 keytool 生成的 jks
文件,本文的代码是不生效的,而且,在其他的情况都正确的情况下,会出现以下的错误,
| Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption jks file
|
我们用 jdk17 版本的 keytool 生成的密钥库类型为 PKCS12,而 PKCS12 只有
storepass 属性,没有 keypass,因此我们单独指定密钥条目的密码,即填入的
keypass 将不会生效,签名的时候也会无法正常按照我们创建时填写的 keypass
来读取我们的密钥。
我这里使用的 jks 文件是使用 jdk8 中的 keytool 生成的。
代码写出来很简单,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
| import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.FileInputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Security; import java.security.cert.Certificate; import java.util.Base64;
public class KeyStoreExtract { public static void main(String[] args) { String jksFile = "C:\\EDisk\\JavaCodes\\certificate\\jks_demo\\fanyfull.jks"; String alias = "fanyfull"; String storepass = "ffsp123456"; String keypass = "ffkp123456";
try { FileInputStream fis = new FileInputStream(jksFile); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(fis, storepass.toCharArray()); fis.close();
Security.addProvider(new BouncyCastleProvider());
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, keypass.toCharArray()); Certificate cert = keyStore.getCertificate(alias); PublicKey publicKey = cert.getPublicKey();
String base64PrivateKey = Base64.getEncoder().encodeToString(privateKey.getEncoded()); String base64Cert = Base64.getEncoder().encodeToString(cert.getEncoded()); String base64PublicKey = Base64.getEncoder().encodeToString(publicKey.getEncoded());
System.out.println("-----BEGIN PUBLIC KEY-----"); System.out.println(base64PublicKey); System.out.println("-----END PUBLIC KEY-----");
System.out.println("-----BEGIN PRIVATE KEY-----"); System.out.println(base64PrivateKey); System.out.println("-----END PRIVATE KEY-----");
System.out.println("-----BEGIN CERTIFICATE-----"); System.out.println(base64Cert); System.out.println("-----END CERTIFICATE-----"); } catch (Exception e) { e.printStackTrace(); } } }
|
需要注意一点,这里还需要在 pom 文件里面添加一个库,
| <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk18on</artifactId> <version>1.76</version> </dependency>
|
完整的 pom 文件如下,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion>
<groupId>com.fan</groupId> <artifactId>extract_jks</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging>
<name>extract_jks</name> <url>https://maven.apache.org</url>
<properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <java.version>17</java.version> <maven.compiler.source>17</maven.compiler.source> <maven.compiler.target>17</maven.compiler.target> </properties>
<dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency>
<dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk18on</artifactId> <version>1.76</version> </dependency> </dependencies> </project>
|
参考:
1、https://www.cnblogs.com/simon-xie/p/17004614.html