1. Overview
1.概述
In this tutorial, we’ll learn to check certificate names and aliases in a Java keystore file using the Java KeyStore API and the keytool utility.
在本教程中,我们将学习使用 Java KeyStore API 和 keytool 实用程序检查 Java keystore 文件中的证书名称和别名。
2. Setup
2.设置
Before describing the two methods, let’s create a keystore file using the keytool utility:
在介绍这两种方法之前,让我们使用 keytool 实用程序创建一个密钥存储文件:
$ keytool -genkeypair -keyalg rsa -alias baeldung -storepass storepw@1 -keystore my-keystore.jksNote that having the ‘$’ character in the keystore password might cause some unexpected behavior when using the bash CLI since it’s interpreted as an environment variable.
注意,在使用 bash CLI 时,密钥存储密码中的”$’“字符可能会导致一些意想不到的行为,因为它会被解释为环境变量。
Next, let’s provide the additional required information:
接下来,让我们提供所需的其他信息:
What is your first and last name?
[Unknown]: my-cn.localhost
What is the name of your organizational unit?
[Unknown]: Java Devs
What is the name of your organization?
[Unknown]: Baeldung
What is the name of your City or Locality?
[Unknown]: London
What is the name of your State or Province?
[Unknown]: Greater London
What is the two-letter country code for this unit?
[Unknown]: GB
Is CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GB correct?
[no]: yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
for: CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GBFinally, let’s verify if the my-keystore.jks file was generated:
最后,让我们验证 my-keystore.jks 文件是否已生成:
$ ls | grep my-keystore.jks
my-keystore.jksWe’re now ready to proceed to the two methods for checking certificate names and aliases in the generated keystore file.
现在,我们准备使用两种方法检查生成的密钥存储文件中的证书名称和别名。
3. Check Certificate Name and Alias Using Java KeyStore API
3.使用 Java KeyStore API 检查证书名称和别名
This method uses the Java KeyStore API and works for X509 certificates. First, let’s read the keystore file:
此方法使用 Java KeyStore API 并适用于 X509 证书。首先,让我们读取密钥存储文件:
KeyStore readKeyStore() throws Exception {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(getClass().getResourceAsStream(KEYSTORE_FILE), KEYSTORE_PWD.toCharArray());
return keystore;
}Next, let’s verify the scenario when a certificate with a matching alias and name is present in the keystore:
接下来,让我们来验证一下密钥存储中存在具有匹配别名和名称的证书时的情况:
@Test
void whenCheckingAliasAndName_thenMatchIsFound() throws Exception {
KeyStore keystore = readKeyStore();
assertThat(keystore.containsAlias("baeldung")).isTrue();
X509Certificate x509Certificate =
(X509Certificate) keystore.getCertificate("baeldung");
String ownerName = x509Certificate.getSubjectX500Principal().getName();
assertThat(ownerName.contains("my-cn.localhost")).isTrue();
}Finally, let’s validate the scenarios when a certificate with a given alias or name is not present in the keystore:
最后,让我们来验证一下当密钥库中不存在具有指定别名或名称的证书时的情况:
@Test
void whenCheckingAliasAndName_thenNameIsNotFound() throws Exception {
KeyStore keystore = readKeyStore();
assertThat(keystore.containsAlias("baeldung")).isTrue();
X509Certificate x509Certificate =
(X509Certificate) keystore.getCertificate("baeldung");
String ownerName = x509Certificate.getSubjectX500Principal().getName();
assertThat(ownerName.contains("commonName1")).isFalse();
}
@Test
void whenCheckingAliasAndName_thenAliasIsNotFound() throws Exception {
KeyStore keystore = readKeyStore();
assertThat(keystore.containsAlias("alias1")).isFalse();
}4. Check Certificate Name and Alias Using keytool Utility
4.使用 keytool 工具检查证书名称和别名
The second method uses the keytool utility and the alias argument:
第二种方法使用 keytool 实用程序和 alias 参数:
$ keytool -list -v -alias baeldung -keystore my-keystore.jks -storepass storepw@1 | grep my-cn.localhost
Owner: CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GB
Issuer: CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GBNote that we’re also using the grep command to search for the certificate name. The command above returns an empty result when no match for the certificate alias and name is found.
请注意,我们还使用了 grep 命令来搜索证书名称。如果没有找到匹配的证书别名和名称,上述命令将返回空结果。
5. Conclusion
5.结论
In this tutorial, we’ve learned how to check certificate names and aliases in a Java keystore file using two methods. The first method uses the Java KeyStore API, whereas the latter uses the keytool utility. These methods prove useful when multiple keystore files are used, and we need to find the one for a specific alias and name.
在本教程中,我们学习了如何使用两种方法检查 Java 密钥存储文件中的证书名称和别名。第一种方法使用 Java KeyStore API,而后一种方法使用 keytool 实用程序。当使用多个密钥存储文件,而我们需要查找特定别名和名称的密钥存储文件时,这些方法就会非常有用。
As always, the complete code can be found over on GitHub.