Android SSL BKS证书生成, 以及PFX与JKS证书的转换

一.Android SSL BKS 证书生成过程

  1.生成服务器jks证书:

keytool -genkey -alias peer -keystore peer.jks
  2.导出cert证书:

keytool -exportcert -alias peer -file peer.cert -keystore peer.jks
  3.生成Android客户端bks密钥库

  需要用到 bcprov-ext-jdk15on-160b03.jar,
官网:http://www.bouncycastle.org/latest_releases.html
https://downloads.bouncycastle.org/betas/

  将jar包放到 Java\jdk1.8.0_20\jre\lib\ext目录下

  生成私钥库

keytool -importcert -keystore keyStore.bks -file peer.cert -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
  生成公钥库

keytool -importcert -trustcacerts -keystore trustStore.bks -file peer.cert -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

  4.查看密钥库详情

keytool -list -v -keystore keyStore.bks -storepass 123456 -storetype BKS

5.把Android系统的bks格式证书证书复制到Android项目的asset目录中,参考上篇文章即可实现单向的SSL加密TCP通信。

二.PFX与JKS证书的转换

  工具类:

复制代码
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;

public class CertificateConvertUtil {

public static final String PKCS12 = "PKCS12";public static final String JKS = "JKS";/** * pkcs12 转 jks * @param input_keystore_file     pkcs12证书路径 * @param keystore_password        pkcs12证书密钥库口令 * @param ouput_keystore_file     jks证书路径 */public static void PKCS12ToJKS(String input_keystore_file,        String keystore_password, String ouput_keystore_file) {    try {        KeyStore inputKeyStore = KeyStore.getInstance(PKCS12);        FileInputStream fis = new FileInputStream(input_keystore_file);        char[] nPassword = null;        if ((keystore_password == null)                || keystore_password.trim().equals("")) {            nPassword = null;        } else {            nPassword = keystore_password.toCharArray();        }        inputKeyStore.load(fis, nPassword);        fis.close();        System.out.println("keystore type=" + inputKeyStore.getType());        KeyStore outputKeyStore = KeyStore.getInstance(JKS);        outputKeyStore.load(null, nPassword);        Enumeration enums = inputKeyStore.aliases();        while (enums.hasMoreElements()) {            String keyAlias = (String) enums.nextElement();            System.out.println("alias=[" + keyAlias + "]");            if (inputKeyStore.isKeyEntry(keyAlias)) {                Key key = inputKeyStore.getKey(keyAlias, nPassword);                Certificate[] certChain = inputKeyStore                        .getCertificateChain(keyAlias);                outputKeyStore.setKeyEntry(keyAlias, key, nPassword,                        certChain);            }            FileOutputStream out = new FileOutputStream(ouput_keystore_file);            outputKeyStore.store(out, nPassword);            out.close();            outputKeyStore.deleteEntry(keyAlias);            System.out.println("convert is finished!");        }    } catch (Exception e) {        e.printStackTrace();    }}/** * jks 转 pkcs12 * @param input_keystore_file    jks证书路径 * @param keystore_password        jks证书密钥库口令 * @param ouput_keystore_file    pkcs12证书路径 */public static void JKSToPKCS12(String input_keystore_file,        String keystore_password, String ouput_keystore_file) {    try {        KeyStore inputKeyStore = KeyStore.getInstance(JKS);        FileInputStream fis = new FileInputStream(input_keystore_file);        char[] nPassword = null;        if ((keystore_password == null)                || keystore_password.trim().equals("")) {            nPassword = null;        } else {            nPassword = keystore_password.toCharArray();        }        inputKeyStore.load(fis, nPassword);        fis.close();        System.out.println("keystore type=" + inputKeyStore.getType());        KeyStore outputKeyStore = KeyStore.getInstance(PKCS12);        outputKeyStore.load(null, nPassword);        Enumeration enums = inputKeyStore.aliases();        while (enums.hasMoreElements()) {            String keyAlias = (String) enums.nextElement();            System.out.println("alias=[" + keyAlias + "]");            if (inputKeyStore.isKeyEntry(keyAlias)) {                Key key = inputKeyStore.getKey(keyAlias, nPassword);                Certificate[] certChain = inputKeyStore                        .getCertificateChain(keyAlias);                outputKeyStore.setKeyEntry(keyAlias, key, nPassword,                        certChain);            }            FileOutputStream out = new FileOutputStream(ouput_keystore_file);            outputKeyStore.store(out, nPassword);            out.close();            outputKeyStore.deleteEntry(keyAlias);            System.out.println("convert is finished!");        }    } catch (Exception e) {        e.printStackTrace();    }}

}
复制代码
  使用工具类进行转换时, 会将 证书Alias 输出到控制台.

  测试代码:

public static void main(String[] args) {
CertificateConvertUtil.PKCS12ToJKS(“D:/peer.pfx”, “123456”, “D:/peer.jks”);
}

参考:
https://www.jianshu.com/p/9b400e863ce3
https://www.cnblogs.com/darkdog/p/4281555.html
http://www.bouncycastle.org/latest_releases.html
https://downloads.bouncycastle.org/betas/
https://kb.cnblogs.com/page/197396/

更多相关文章

  1. Pycharm安装PyQt5的详细教程
  2. Android(安卓)人脸识别
  3. Android(安卓)建立文件夹、生成文件并写入文本文件内容
  4. Android定义的路径全局变量
  5. android ndk-stack调试
  6. android 获取路径目录方法
  7. android sd卡状态、路径、可用空间,内存
  8. Android(安卓)Studio + NDK 之 Hello Word
  9. android内核编译过程

随机推荐

  1. mysql:1. 实例演示数据库的CURD操作 2.
  2. 数组函数实例演示
  3. 文件上传学习小结
  4. 文件包含和类与对象实例演示
  5. 盒模型、媒体查询及em和rem的用法
  6. 完成新用户注册的过程 ,并详细会话的完整
  7. 实例演示数据库的CURD操作及PDO的本质与
  8. 新用户注册的过程(会话流程)
  9. 分支与循环混编
  10. Android(安卓)iOS测试区别