一 JAVA使用microsoft 的CAPI(CSP)读取CA客户端证书
package com.mchz.pki.capi; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.Enumeration; public class Main { /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { KeyStore ks = KeyStore.getInstance("Windows-MY"); ks.load(null, "12".toCharArray()); Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); System.out.println("alias: " + alias); X509Certificate x509 = (X509Certificate) ks.getCertificate(alias); System.out.println(x509.getSubjectX500Principal().toString()); System.out.println(x509.getSubjectX500Principal().getName("RFC1779")); System.out.println(x509.getPublicKey()); // PrivateKey key = (PrivateKey) ks.getKey("1", "1234".toCharArray()); // System.out.println(key.toString()); } } }
二 JAVA使用PKCS11读取CA客户端证书
package com.mchz.pki.capi; import java.security.KeyStore; import java.security.Provider; import java.security.Security; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Enumeration; public class Main2 { /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { String configName = "F:\\pkcs11.cfg"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); KeyStore ks = KeyStore.getInstance("PKCS11-et199"); // KeyStore ks = KeyStore.getInstance("Windows-MY"); ks.load(null, "1234".toCharArray()); Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); System.out.println("alias: " + alias); } // X509Certificate x509 = (X509Certificate) ks // .getCertificate("alfredxu's MCHZ CLIENT CA ID"); // System.out.println(x509.getSubjectX500Principal().toString()); } }
需要使用一个配置文件
name=et199 library=F:\\et199csp11.dll
还要应用一个针对pkcs11的一个实现的DLL