■ 注意
* X509Certificate は、2種類ある (1) javax.security.cert.X509Certificate (2) java.security.cert.X509Certificate
■ サンプル
(1) javax.security.cert.X509Certificate編
import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileWriter; import java.io.IOException; import java.util.Base64; import java.util.Base64.Encoder; import javax.security.cert.CertificateEncodingException; import javax.security.cert.CertificateException; import javax.security.cert.X509Certificate; public class Main { private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n"; private static final String END_CERT = "\n-----END CERTIFICATE-----"; public static void main(String[] args) { try { X509Certificate certificate = loadCertificate("./etc/cacert.crt"); String contentInPem = toPem(certificate); outputFile("./etc/cacertOutput.pem", contentInPem); System.out.println("See ./etc/cacertOutput.pem"); System.out.println("Done..."); } catch (Exception ex) { ex.printStackTrace(); } } // 証明書ファイル→X509Certificate を変換 private static X509Certificate loadCertificate(String certificatePath) throws FileNotFoundException, IOException, CertificateException { try (FileInputStream inputStream = new FileInputStream(new File(certificatePath))) { X509Certificate returnValue = X509Certificate.getInstance(inputStream); returnValue.checkValidity(); return returnValue; } } // X509Certificate→ 証明書ファイル(公開鍵) を変換 private static String toPem(X509Certificate certificate) throws CertificateEncodingException { Encoder encoder = Base64.getEncoder(); byte[] derCertificate = certificate.getEncoded(); return BEGIN_CERT + new String(encoder.encode(derCertificate)) + END_CERT; } // ファイル出力 private static void outputFile(String outputFilePath, String fileContent) throws IOException { try (FileWriter fileWriter = new FileWriter(outputFilePath)) { fileWriter.write(fileContent); } } }
(2) java.security.cert.X509Certificate編
以下の関連記事のサンプルで使用している。https://blogs.yahoo.co.jp/dk521123/37097725.html
一部抜粋
private static final String CERTIFICATE_TYPE = "X.509";
// X509Certificate→ 証明書ファイル を変換
// エクスポート機能
public void exportCertificate(String alias, String exportFilePath)
throws CertificateEncodingException, IOException, KeyStoreException {
try (FileOutputStream outputStream = new FileOutputStream(new File(exportFilePath))) {
X509Certificate x509Certificate = this.getCertificatesByAlias(alias);
outputStream.write(x509Certificate.getEncoded());
}
}
// 証明書ファイル→X509Certificate を変換
private static X509Certificate getX509Certificate(String certificateFilePath)
throws IOException, CertificateException {
try (InputStream inputStream = new FileInputStream(new File(certificateFilePath))) {
CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
return (X509Certificate) certificateFactory.generateCertificate(inputStream);
}
}
// 証明書(byte[])→X509Certificate を変換
private static X509Certificate getX509Certificate(byte[] certificates)
throws IOException, CertificateException {
try (InputStream inputStream = new ByteArrayInputStream(certificates)) {
CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
return (X509Certificate) certificateFactory.generateCertificate(inputStream);
}
}
参考文献
https://stackoverflow.com/questions/3313020/write-x509-certificate-into-pem-formatted-string-in-java関連記事
Javaで、キーストアファイルをロードし、一覧表示する
https://blogs.yahoo.co.jp/dk521123/37020660.html【Java】SSL証明書の拇印/フィンガープリントを生成するには...
https://blogs.yahoo.co.jp/dk521123/37002407.htmlSSL / TLS ~用語・拡張子編~
https://blogs.yahoo.co.jp/dk521123/33100623.htmlJava で暗号化/複合化する ~Java1.8 標準を使用した場合~
Base64の変換https://blogs.yahoo.co.jp/dk521123/34330480.html
