问题
I'm trying to use a PKCS#12 certificate to sign some data. I signed the data successfully in the development machine, but after I deployed the application into production machine I run into some problem.
In the development machine I have Oracle jdk 1.6.0 and centos 6.2 and in the production machine there is IBM jdk 1.6.0 with IBM AIX.
The problem is that I can't get the private key with it's alias out of the KeyStore instance which is loaded with the certification file , it seems that there is no entry in the KeyStore, while I have printetd the entries which exist in the certification file with keytool command(so there is no problem with the file), also this code runs in the development machine without any problem.
any help is appreciated
Here is the code:
KeyStore ks = KeyStore.getInstance("PKCS12");
String certFileAbsPath = this.getClass().getClassLoader().getResource("").getPath() + File.separator + "file.p12";
File file = new File(certFileAbsPath);
FileInputStream fis = new FileInputStream(file);
ks.load(fis, null);
Enumeration aliasEnum = ks.aliases();
String aliasName = null;
while(aliasEnum.hasMoreElements()){
aliasName = (String)aliasEnum.nextElement();
logger.debug("alias: " + aliasName);//nothing is logged!
}
回答1:
In my experience Java doesn't like PKCS#12 keystores that don't have a password. Set a password on your PKCS#12 file (it doesn't have to be a strong one, just "password" is fine) and provide that as the second argument to ks.load.
回答2:
I have a ".p12" file which is bundled with the WAR file of the application and WAR file is deployed into the tomcat.
In other words it's a resource. new File() and new FileInputStream can't deal with resources. You should be using Class.getResourceAsStream().
It works in development because the file exists there. It doesn't exist in production. Only the resource exists, inside the WAR file.
来源:https://stackoverflow.com/questions/29768399/error-using-pkcs12-certificate-to-sign-some-data-with-java