2017-01-25 260 views
0

我使用從供應商處接收的公鑰(用於IDP啓動的工作流中使用的公鑰)對一些SAML斷言進行加密。公鑰加密的密鑰庫

是否有可能是公共密鑰添加到密鑰庫,而不是需要創建一個證書,像這樣:

CertificateFactory cf = CertificateFactory.getInstance("X.509") 
Certificate cert = cf.generateCertificate(certFileStream) 

BasicX509Credential credential = new BasicX509Credential() 
credential.setUsageType(UsageType.ENCRYPTION) 
credential.setEntityCertificate((java.security.cert.X509Certificate) cert) 
credential.setPrivateKey(null) 

的原因,我感興趣的是,因爲我也有簽署SAML,使用我自己的私鑰 - 我從我的密鑰庫中解析證書。所以將它們全部放在同一個地方似乎更加直接。

+0

您可以將證書存儲在密鑰庫中,並生成你會如何做憑據 – pedrofb

+0

任何想法之前提取呢? – user2719546

回答

0

您可以將證書存儲在密鑰庫中並在生成證書之前將其提取出來。此代碼應工作

與證書

KeyStore keyStore = KeyStore.getInstance("JKS"); 
keyStore.load(null); 
KeyStore.setCertificateEntry(alias, cert); 
FileOutputStream out = new FileOutputStream("keystore.jks"); 
keyStore.store(out, ksPassword); 
out.close(); 

加載證書密鑰庫從

KeyStore keyStore = KeyStore.getInstance("JKS"); 
keyStore.load( new FileInputStream("keystore.jks"),ksPassword); 
Certificate cert = keystore.getCertificate(alias); 
0

它看起來像您使用OpenSAML創建密鑰庫。要從OpenSAML中的Keystore讀取證書,您可以像這樣使用KeyStoreCredentialResolver。

keystore = KeyStore.getInstance(KeyStore.getDefaultType()); 
FileInputStream inputStream = new FileInputStream("/path/to/my/JKS"); 
keystore.load(inputStream, "MyKeystorePassword".toCharArray()); 
inputStream.close(); 

Map<String, String> passwordMap = new HashMap<String, String>(); 
passwordMap.put("MyEntryID"), "MyEntryPassword"); 
KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap); 

Criteria criteria = new EntityIDCriteria("MyEntryID"); 
CriteriaSet criteriaSet = new CriteriaSet(criteria); 

X509Credential credential = (X509Credential)resolver.resolveSingle(criteriaSet); 

更多關於使用上this post在OpenSAML解析器在我的我的博客