In the process of developing or using SSL, many software require us to provide Java KeyStore, especially some java-based middleware products. Our usual practice is to do the JDK's own tool command (Keytool), for example, the following example
Keytool-import-v-alias entrust2048-file D:\certs\EnTrust2048.cer-keystore D:\certs\test.jks
Keytool-import-v-alias Entrustcertificationauthorityl1c-file D:\certs\EntrustCertificationAuthorityL1C.cer- KeyStore D:\certs\test.jks
Keytool-import-v-alias test.com-file D:\certs\Service-now.com.cer-keystore D:\certs\test.jks
But this is a cumbersome approach, assuming that we have 100 SSL certificates under a folder, then we need to enter 100 commands similar to the above. If it is a folder inside folders
There is also a certificate, it is more trouble. Then there is no good way. I would like to share with you how to use Java program code to achieve.
Import Java.io.File;
Import Java.io.FileInputStream;
Import Java.io.FileOutputStream;
Import Java.security.KeyStore;
Import Java.security.cert.CertificateFactory;
Import Java.security.cert.X509Certificate;
Import java.util.List;
Import Javax.naming.ldap.LdapName;
Import Javax.naming.ldap.Rdn;
Import Javax.security.auth.x500.X500Principal; public class Keystorehelper {public static void Createtrustjkskeystore (final string originaltrustfolder, final string
Jkstruststorelocation, final String password {file Keystorefile = new file (jkstruststorelocation);
if (!keystorefile.exists ()) {try {KeyStore KeyStore = keystore.getinstance (Keystore.getdefaulttype ());
Keystore.load (NULL, Password.tochararray ());
File Trustedfolder = new file (Originaltrustfolder);
file[] certs = Trustedfolder.listfiles (); if (certs!= null) {for (File cert:certs) {Certificatefactory factory = certificatefactory.getinstance ("X.509"
); try {x509certificate certificate = (x509certificate) factory.generatecertificate (New FileInputStream (cert));
X500principal principal = Certificate.getsubjectx500principal ();
LDAPName LDAPDN = new LDAPName (Principal.getname ());
list<rdn> RDNs = Ldapdn.getrdns ();
for (Rdn rdn:rdns) {String type = Rdn.gettype ();
if (Type.equals ("CN")) {Keystore.setcertificateentry ((String) rdn.getvalue (), certificate);
Break
A catch (Exception ex) {continue;
}} FileOutputStream fos = new FileOutputStream (jkstruststorelocation);
Keystore.store (FOS, Password.tochararray ());
Fos.close (); ' Catch (Exception exp) {}}}/** * @param args/public static void main (string[] args) {Keystorehel
Per.createtrustjkskeystore ("D:\\cacerts", "D:\\cacerts\\test.jks", "test123");
}
}
The above Java class can help us do this thing. At the same time we can also develop a visual program to help, so it is more convenient, the following figure is the author's own development of an eclipse plugin Plug-ins
Interface design.