使用的是CFCA簽發的用於銀行間交換數據的證書,下載后直接添加到瀏覽器中
1、導出
從瀏覽器導出p12文件(包含私鑰)
2、驗證
兩種方式:
openssl
代碼(請注意alias別名是如何獲取的):
package com.shengpay.mas.demo.cert;
import org.apache.commons.codec.binary.Base64;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.util.Enumeration;
/**
* Description: 讀取P12格式的個人交換庫
* <p>
* User: lishaohua
* Date: 2017/12/27 12:51
*/
public class P12Demo {
public static void main(String[] args) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
String keyStorePath = "D:/123456.pfx";
String password = "123456";
// 實例化密鑰庫,默認JKS類型
KeyStore ks = KeyStore.getInstance("PKCS12");
// 獲得密鑰庫文件流
FileInputStream is = new FileInputStream(keyStorePath);
// 加載密鑰庫
ks.load(is, password.toCharArray());
// 關閉密鑰庫文件流
is.close();
//私鑰
Enumeration aliases = ks.aliases();
String keyAlias = null;
if (aliases.hasMoreElements()){
keyAlias = (String)aliases.nextElement();
System.out.println("p12's alias----->"+keyAlias);
}
PrivateKey privateKey = (PrivateKey) ks.getKey(keyAlias, password.toCharArray());
String privateKeyStr = Base64.encodeBase64String(privateKey.getEncoded());
System.out.println("私鑰------------->" + privateKeyStr);
//公鑰
Certificate certificate = ks.getCertificate(keyAlias);
String publicKeyStr = Base64.encodeBase64String(certificate.getPublicKey().getEncoded());
System.out.println("公鑰------------->"+publicKeyStr);
}
}
3、使用
發布公鑰或者雙向認證等。
具體代碼略...