14

我有file.pfx文件,也有私钥。如何file.pfx用 Java 读取证书?

我用过这段代码:

import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import javax.crypto.SecretKey;
import javax.security.auth.callback.*;
//These packages I have used.

public String readFile(String fn) { 
  String thisLine, ret = ""; 
  KeyStore ks = KeyStore.getInstance("pkcs12", "SunJSSE"); 
  ks.load(new FileInputStream(fn),"password".toCharArray()); 
  try { 
    Key key = ks.getKey("1", "password".toCharArray());
    Certificate[] cc = ks.getCertificateChain("1");
    X509Certificate certificate1 = (X509Certificate) cc[0];//Here it throws  java.lang.NullPointerException 
    ret += certificate1.getNotAfter(); 
    ret += certificate1.getNotBefore(); 
  } catch(Exception e) { 
    ret = "Cannot load, exception!";
  } 
  return ret; 
}
4

3 回答 3

7

尝试使用此代码读取 .pfx 文件:-

  public void checkExpire() {

        try {
            KeyManagerFactory kmf = javax.net.ssl.KeyManagerFactory.getInstance("SunX509");
            KeyStore keystore = KeyStore.getInstance("PKCS12");
            char[] password= "yourfilepassword".toCharArray();

            keystore.load(new FileInputStream("filepath\filename.pfx"),password);
            //keystore.load(new FileInputStream(certificate), password);
            kmf.init(keystore, psswd);
            Enumeration<String> aliases = keystore.aliases();
            while(aliases.hasMoreElements()){
                String alias = aliases.nextElement();
                if(keystore.getCertificate(alias).getType().equals("X.509")){
                Date expDate = ((X509Certificate) keystore.getCertificate(alias)).getNotAfter();
                Date fromDate= ((X509Certificate) keystore.getCertificate(alias)).getNotBefore();
        System.out.println("Expiray Date:-"+expDate );
        System.out.println("From Date:-"+fromDate);
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }
于 2016-06-03T06:58:44.407 回答
6

由于您的密钥库(即 PKCS #12 文件)不包含具有您提供的别名的证书链,因此您遇到了异常。

Key key = ks.getKey("1", "shalimar1234".toCharArray());
Certificate[] cc = ks.getCertificateChain("1"); // this is returning null

您的key对象也很合理null,但您似乎根本没有使用该对象。

要了解文件中可用的别名,请尝试查看从KeyStore.aliases().

于 2013-02-28T11:03:05.563 回答
5

这是关于使用 Java 代码打开和读取 .PFX 文件的论坛问题的链接。

总结一下链接中的内容,您应该能够像使用普通 JKS 一样打开密钥库,但略有不同的是,将密钥库类型传递为pcks12并将提供程序传递为SunJSSE.

try (FileInputStream stream = new FileInputStream("C:/store.pfx")) {
    KeyStore store = KeyStore.getInstance("pkcs12", "SunJSSE");
    store.load(stream, "password".toCharArray());

    Enumeration<String> aliases = store.aliases();

    while (aliases.hasMoreElements()) {
        System.err.println(aliases.nextElement());
    }

    X509Certificate certificate = (X509Certificate)store.getCertificate("alias");
    System.err.println(certificate.getNotAfter());
    System.err.println(certificate.getNotBefore());
    System.err.println(certificate.toString());
}

另一个有用的说明是,您可能想考虑使用和引用BouncyCastle提供程序,在我看来,它是最完整的实现。

于 2013-02-28T08:18:50.213 回答