JVM證書導入: 通過java代碼導入證書

原創 Boom_Man 2019-10-25 14:33

核心代碼

import java.io.*;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;

import lombok.extern.slf4j.Slf4j;

/**
 * @author wangqimeng
 * @date 2019/10/15 13:36
 */
@Slf4j
public class KeyStoreUtil {

    private KeyStoreUtil() {

    }

    public static void saveCertificate(String cerNameAlias,
                                       InputStream certIn,
                                       String passphrase) throws Exception {
        log.debug("程序進行證書導入工作");
        final char sep = File.separatorChar;
        File dir = new File(System.getProperty("java.home") + sep + "lib" + sep + "security");
        log.debug("導入證書路徑:{}", dir);
        char[] passphraseArray = passphrase.toCharArray();
        OutputStream out = null;
        File targetKeyStore = new File(dir, "cacerts");
        //輸入流和輸出流不可同時在同一文件,否則文件會被置空
        try (InputStream localCertIn = new FileInputStream(targetKeyStore)) {

            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            keystore.load(localCertIn, passphraseArray);
            //判斷是否已經存在在該證書
            if (keystore.containsAlias(cerNameAlias)) {
                log.debug("已經存在該證書:{}", cerNameAlias);
                return;
            }
            BufferedInputStream bis = new BufferedInputStream(certIn);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            while (bis.available() > 0) {
                Certificate cert = cf.generateCertificate(bis);
                keystore.setCertificateEntry(cerNameAlias, cert);
            }
            out = new FileOutputStream(targetKeyStore);
            keystore.store(out, passphraseArray);
        } finally {
            if (out != null) {
                try {
                    out.close();
                } catch (IOException e) {
                    log.error("輸出流關閉失敗");
                }
            }
        }
    }
}

證書實體


import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.validation.annotation.Validated;

/**
 * @author wangqimeng
 * @date 2019/10/15 11:06
 */
@Data
@Validated
@ConfigurationProperties(prefix = "sso")
public class CertificateProperties {

    private String certificatePath;

    private String certificateNameAlias;

    private String passphrase = "changeit";

    private boolean autoImportCertificate;

}

example

sso:
  auto-import-certificate: true
  certificate-name-alias: sso.ga.cer
  certificate-path: public/ssl/sso.ga.cer
  passphrase: changeit
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

讓@EnableConfigurationProperties的值注入到@Value中

需求背景 定義了一個@ConfigurationProperties的配置類,然後在其中定義了一些定時任務的配置,如cron表達式,因爲項目會有默認配置,遂配置中有默認值,大體如下: @Data @Validated @Confi

Boom_Man 2020-06-17 12:58:28

Spring事物管理分析和使用

liubin5620 2020-03-04 18:28:39

頁面跳轉的兩種方式(轉發和重定向)區別及應用場景分析

liubin5620 2020-02-21 13:12:20

通過maven處理proto生成java代碼

Boom_Man 2020-02-20 18:58:41

Spring Boot Environment From file config

Boom_Man 2019-10-25 14:33:29

Springboot 加載application.yml 擴展及小tips

Boom_Man 2019-10-25 14:33:29

源碼分析 - Debug Spring Boot 中的內嵌容器 Tomcat

Boom_Man 2019-06-10 15:01:06

IDEA spring boot 配置不能點擊 不能跳轉

Boom_Man 2019-01-17 20:54:40

因Spring Web 的Cookie sameSite坑 跨域之坑

Boom_Man 2018-12-01 00:06:45

java restTemplate上傳微信臨時素材坑

Boom_Man 2018-11-04 06:43:31

Java Web 深入分析之深入瞭解web請求過程

liubin5620 2018-08-23 11:21:45