如何以编程方式从包含证书和私钥的PEM文件中获取KeyStore?我试图通过HTTPS连接向服务器提供客户端证书.我已经确认,如果我使用openssl和keytool获取jks文件,我会动态加载客户端证书.我甚至可以通过动态读取p12(PKCS12)文件来使其工作.
我正在研究使用BouncyCastle的PEMReader类,但我无法解决一些错误.我正在运行带有-Djavax.net.debug = all选项的Java客户端和带有调试LogLevel的Apache Web服务器.我不知道该找什么.Apache错误日志表明:
...
OpenSSL: Write: SSLv3 read client certificate B
OpenSSL: Exit: error in SSLv3 read client certificate B
Re-negotiation handshake failed: Not accepted by client!?
Java客户端程序指示:
...
main, WRITE: TLSv1 Handshake, length = 48
main, waiting for close_notify or alert: state 3
main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
%% Invalidated: [Session-3, TLS_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = …我得到了一个自签名的客户端证书工具包,该工具包将用于通过HTTPS访问服务器。该套件包含以下PEM文件:
解决任务的一种方法是生成Java密钥库:
...然后使用类似以下的代码来构建SSLSocketFactory实例:
InputStream stream = new ByteArrayInputStream(pksData);
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(stream, password);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = kmf.getKeyManagers();
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init(keyStore);
TrustManager[] trustManagers = tmfactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
sslSocketFactory = sslContext.getSocketFactory();
...以后用于初始化http库。
因此,我们获得了一个KeyStore,然后在其帮助下初始化KeyManagers和TrustManagers,最后我们用它们构建SSLSocketFactory实例。
问题是:是否有一种方法可以避免创建密钥库文件,并以某种方式从PublicKey和Certificate实例开始构建SSLSocketFactory(例如,可以使用bouncycastle的PemReader从PEM文件中获取)?