使用Java在Keystore中从导入的证书中获取公钥
我已根据销售人员创建并下载了证书https://docs.jboss.org/author/display/PLINK/Picketlink+as+SP,+Salesforce+as+IDP\"rel =nofollow> PicketLink文档。
I have created and downloaded a certificate from sales force, as per the instructions in PicketLink document.
我下载了证书,其名称为 mysample.crt ,
我将证书导入了一个按键。
I downloaded the certificate and its name is mysample.crt and I imported the certificate into a keysotre.
keytool -import -file mysample.crt -keystore keystore.jks -alias salesforce-idp
要检查,我也导出公钥
keytool -export -alias salesforce-idp -keystore keystore.jks -rfc -file public.cert
我有获取公钥的Java代码,但它不起作用。这是我的代码
I have a Java code to get the Public Key, but it is not working. This is my Code
package com.sample.keystore;
import java.io.File;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.commons.codec.binary.Base64;
public class ExtractPublicKey {
public static void main(String[] args) {
try {
// Load the keystore
File file = new File("/home/user/salesforce-cert/keystore.jks");
FileInputStream is = new FileInputStream(file);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String alias = "salesforce-idp";
String password = "user";
char[] passwd = password.toCharArray();
keystore.load(is, passwd);
KeyPair kp = getKeyPair(keystore, alias, passwd);
Base64 base64 = new Base64();
PublicKey pubKey = kp.getPublic();
String publicKeyString = base64.encodeBase64String(pubKey
.getEncoded());
System.out.println(publicKeyString);
is.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static KeyPair getKeyPair(KeyStore keystore, String alias, char[] password) throws Exception {
// Get private key
Key key = keystore.getKey(alias, password);
if (key instanceof PrivateKey) {
// Get certificate of public key
java.security.cert.Certificate cert = keystore.getCertificate(alias);
// Get public key
PublicKey publicKey = cert.getPublicKey();
// Return a key pair
return new KeyPair(publicKey, (PrivateKey)key);
}
return null;
}
}
但是当我运行代码时我得到以下异常
But when I run the code, I get the following exception
java.lang.NullPointerException
at com.sample.keystore.ExtractPublicKey.main(ExtractPublicKey.java:28)
第28行引用 PublicKey pubKey = kp.getPublic ();
。因为该方法返回 null 而不是密钥对。这是为什么?如何获得公钥?
Line 28 refers to PublicKey pubKey = kp.getPublic();
. Because the method returns null instead of the Key Pair. Why is that? And how to get the Public Key?
更新1
我更新了代码
keystore.load(is, passwd);
PublicKey pubKey = keystore.getCertificate(alias).getPublicKey();
String publicKeyString = Base64.encodeBase64String(pubKey.getEncoded());
System.out.println(publicKeyString);
然后我得到以下信息
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKJTbmfEumDR7nAfBbfAstuUvsgKxizZ1mwGc990dSsmgldIhsrLqpAECdf7vl2q2F8DyXciOopZbJPt/UBmpl6M1TJCQ34UyZaYGI2qid8jSNxFYGApfYPxIBJAk9YOAATqqyAREL+i1mUaFfN8WULFDvz6WsuXOjuxBobqjkg4TUumyyVgZda9ksl3aJmft02AfDMw/GCT8gKPTQb3nZP9BwTo5AQkV5fy0cKZ80G4qD+fiuZJ+8IecgFgXl5agZ0y2Wri8i1OGTGw34SUP2gOO+NUd17YA5AO+ocHlH8yzlXHNH7DPQsLo+Uz8CcXV+eLyzxGTGfuiTw8qsPCCwIDAQAB
坚果实际的关键是不同的。在 public,cert 中,密钥与我通过Java代码获得的密钥不同。
Nut actual key is different. In public,cert, the key is different from what I am getting through Java code.
那么
keystore.load(is, passwd);
PublicKey pubKey = keystore.getCertificate(alias).getPublicKey();
String publicKeyString = Base64.encodeBase64String(pubKey.getEncoded());
修改
在被投票之后,这里有一些更详细的信息:
After being downvoted, here some more detail how I see it:
OP提供了以下链接: https://docs.jboss.org/author/display/PLINK/Picketlink+as+ SP,+ Salesforce +为+ IDP?_sscc = t ,其中包含:
The OP provided this link: https://docs.jboss.org/author/display/PLINK/Picketlink+as+SP,+Salesforce+as+IDP?_sscc=t where it says:
在Salesforce中生成证书后,你可以把它下载到你的电脑。
After certificate will be generated in Salesforce, you can download it to your computer.
和
此证书将用于签署从Salesforce IDP发送的SAMLResponse消息。
This certificate will be used to sign SAMLResponse messages sent from Salesforce IDP.
键入自签名
之后,OP被告知要导入该证书,他现在想从中检索公钥:
after that, OP is told to import that cert, from which he would now like to retrieve the public key:
keytool -import -file salesforce_idp_cert.cer -keystore jbid_test_keystore.jks -alias salesforc e-idp
keytool -import -file salesforce_idp_cert.cer -keystore jbid_test_keystore.jks -alias salesforce-idp
所以很明显
- OP没有该证书的私钥
- 此证书没有链