https://blog.csdn.net/ZuoYanYouYan/article/details/77868584
該類具體功能:根據pfx證書得到私鑰、根據私鑰字節數組獲取私鑰對象、根據公鑰字節數組獲取公鑰、根據pfx證書獲取證書對象,根據私鑰、公鑰證書、密碼生成pkcs12,根據私鑰、公鑰證書、密鑰,合成為pfx文件,依賴工具包:commons-io
import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.FileUtils; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; import java.security.KeyFactory; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Enumeration; /** * Created by ssl on 2017/9/5. */ public class PFXUtil { /** * 獲取RSA算法的keyFactory * * @return */ private static KeyFactory getKeyFactory() throws Exception { return getKeyFactory("RSA"); } /** * 獲取指定算法的keyFactory * * @param algorithm * @return */ private static KeyFactory getKeyFactory(String algorithm) throws Exception { KeyFactory keyFactory = KeyFactory.getInstance(algorithm); return keyFactory; } /** * 根據pfx證書獲取keyStore * * @param pfxData * @param password * @return * @throws Exception */ private static KeyStore getKeyStore(byte[] pfxData, String password) throws Exception { KeyStore keystore = KeyStore.getInstance("PKCS12"); keystore.load(new ByteArrayInputStream(pfxData), password.toCharArray()); return keystore; } /** * 根據pfx證書得到私鑰 * * @param pfxData * @param password * @throws Exception */ public static PrivateKey getPrivateKeyByPfx(byte[] pfxData, String password) throws Exception { PrivateKey privateKey = null; KeyStore keystore = getKeyStore(pfxData, password); Enumeration<String> enums = keystore.aliases(); String keyAlias = ""; while (enums.hasMoreElements()) { keyAlias = enums.nextElement(); if (keystore.isKeyEntry(keyAlias)) { privateKey = (PrivateKey) keystore.getKey(keyAlias, password.toCharArray()); } } return privateKey; } /** * 根據pfx證書得到私鑰 * * @param pfxPath * @param password * @return * @throws Exception */ public static PrivateKey getPrivateKeyByPfx(String pfxPath, String password) throws Exception { File pfxFile = new File(pfxPath); return getPrivateKeyByPfx(FileUtils.readFileToByteArray(pfxFile), password); } /** * 根據私鑰字節數組獲取私鑰對象 * * @param privateKeyByte * @return * @throws Exception */ public static PrivateKey getPrivateKey(byte[] privateKeyByte) throws Exception { PrivateKey privateKey = null; PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyByte); KeyFactory keyFactory = getKeyFactory(); privateKey = keyFactory.generatePrivate(keySpec); return privateKey; } /** * 根據私鑰Base64字符串獲取私鑰對象 * * @param privateKeyStr * @return * @throws Exception */ public static PrivateKey getPrivateKey(String privateKeyStr) throws Exception { byte[] privateKeyByte = Base64.decodeBase64(privateKeyStr); return getPrivateKey(privateKeyByte); } /** * 根據公鑰字節數組獲取公鑰 * * @param publicKeyByte 公鑰字節數組 * @return * @throws Exception */ public static PublicKey getPublicKey(byte[] publicKeyByte) throws Exception { PublicKey publicKey = null; X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyByte); KeyFactory keyFactory = getKeyFactory(); publicKey = keyFactory.generatePublic(keySpec); return publicKey; } /** * 根據公鑰base64字符串獲取公鑰 * * @param publicKeyStr Base64編碼后的公鑰字節數組 * @return * @throws Exception */ public static PublicKey getPublicKey(String publicKeyStr) throws Exception { byte[] publicKeyByte = Base64.decodeBase64(publicKeyStr); return getPublicKey(publicKeyByte); } /** * 根據pfx證書獲取證書對象 * * @param pfxData pfx的字節數組 * @param password pfx證書密碼 * @return * @throws Exception */ public static X509Certificate getX509Certificate(byte[] pfxData, String password) throws Exception { X509Certificate x509Certificate = null; KeyStore keystore = getKeyStore(pfxData, password); Enumeration<String> enums = keystore.aliases(); String keyAlias = ""; while (enums.hasMoreElements()) { keyAlias = enums.nextElement(); if (keystore.isKeyEntry(keyAlias)) { x509Certificate = (X509Certificate) keystore.getCertificate(keyAlias); } } return x509Certificate; } /** * 根據pfx證書獲取證書對象 * * @param pfxPath pfx證書路徑 * @param password pfx證書密碼 * @return * @throws Exception */ public static X509Certificate getX509Certificate(String pfxPath, String password) throws Exception { File pfxFile = new File(pfxPath); return getX509Certificate(FileUtils.readFileToByteArray(pfxFile), password); } //生成pkcs12 /** * 根據私鑰、公鑰證書、密碼生成pkcs12 * * @param privateKey 私鑰 * @param x509Certificate 公鑰證書 * @param password 需要設置的密鑰 * @return * @throws Exception */ public static byte[] generatorPkcx12(PrivateKey privateKey, X509Certificate x509Certificate, String password) throws Exception { Certificate[] chain = {x509Certificate}; KeyStore keystore = KeyStore.getInstance("PKCS12"); keystore.load(null, password.toCharArray()); keystore.setKeyEntry(x509Certificate.getSerialNumber().toString(), privateKey, password.toCharArray(), chain); ByteArrayOutputStream bytesos = new ByteArrayOutputStream(); keystore.store(bytesos, password.toCharArray()); byte[] bytes = bytesos.toByteArray(); return bytes; } //合成pfx /** * 根據私鑰、公鑰證書、密鑰,保存為pfx文件 * * @param privateKey 私鑰 * @param x509Certificate 公鑰證書 * @param password 打開pfx的密鑰 * @param saveFile 保存的文件 * @return * @throws Exception */ public static String generatorPFX(PrivateKey privateKey, X509Certificate x509Certificate, String password, File saveFile) throws Exception { //判斷文件是否存在 if (!saveFile.exists()) { //判斷文件的目錄是否存在 if (!saveFile.getParentFile().exists()) { saveFile.getParentFile().mkdirs(); } saveFile.createNewFile(); } byte[] pkcs12Byte = generatorPkcx12(privateKey, x509Certificate, password); FileUtils.writeByteArrayToFile(saveFile, pkcs12Byte); return saveFile.getPath(); } public static void main(String[] args) throws Exception { String pfxPath = "C:\\Users\\49383\\Desktop\\文件\\國新測試證書-1.pfx"; String password = "1"; //私鑰:pfx文件中獲取私鑰對象 PrivateKey privateKey = getPrivateKeyByPfx(pfxPath, password); byte[] privateKeyByte = privateKey.getEncoded(); String privateKeyStr = Base64.encodeBase64String(privateKeyByte); System.out.println("私鑰Base64字符串:" + privateKeyStr); //=====私鑰Base64字符串轉私鑰對象 PrivateKey privateKey2 = getPrivateKey(privateKeyStr); System.out.println("私鑰Base64字符串2:" + Base64.encodeBase64String(privateKey2.getEncoded())); //證書:從pfx文件中獲取證書對象 X509Certificate certificate = getX509Certificate(pfxPath, password); System.out.println("證書主題:" + certificate.getSubjectDN().getName()); String publicKeyStr = Base64.encodeBase64String(certificate.getPublicKey().getEncoded()); System.out.println("公鑰Base64字符串:" + publicKeyStr); //=====根據公鑰Base64字符串獲取公鑰對象 System.out.println("公鑰Base64字符串2:" + Base64.encodeBase64String(getPublicKey(publicKeyStr).getEncoded())); //PFX:合成pfx(需要私鑰、公鑰證書) String savePath = generatorPFX(privateKey, certificate, "1", new File ("C:\\Users\\49383\\Desktop\\文件\\009\\009.pfx")); System.out.println(savePath); } }