【发布时间】:2012-07-23 13:18:06
【问题描述】:
当我在 Mozilla 中添加/删除任何证书时,Mozilla 的密钥库在手动重新启动之前无法刷新。我创建了一个新的密钥库,用于从 Mozilla 获取私钥,但它不起作用。它使用了较旧的密钥库,因此即使证书已从 Mozilla 中删除,我也可以获得私钥。我该如何解决?代码如下:
public String Decrypt(String text, String pubkey) throws Exception
{
System.out.println("------INSIDE IEPublicDecrypt METHOD------ ");
X509Certificate cerificate = null;
PrivateKey privatekey = null;
KeyStore keyStorenew = null;
String aliasnew = null;
//new code for security
if (browserName.equalsIgnoreCase("Netscape")) {
System.out.println("Initializing Firefox");
createPolicyFile();
makeCfgFile();
String strCfg = System.getProperty("user.home") + File.separator
+ "jdk6-nss-mozilla.cfg";
System.out.println("String Configuration File " + strCfg);
try {
Provider p1 = new sun.security.pkcs11.SunPKCS11(strCfg);
Security.addProvider(p1);
System.out.println("Provider Added");
keyStorenew = KeyStore.getInstance("PKCS11");
System.out.println("Key Store instance created");
keyStorenew.load(null, "password".toCharArray());
System.out.println("Key Store loaded");
} catch (Exception e) {
System.out.println("Certificate Not found in browser");
}
}
if (keyStorenew != null) {
//initBrowserCertifcates();
Enumeration<String> enumeration = keyStorenew.aliases();
while (enumeration.hasMoreElements()) {
aliasnew = enumeration.nextElement();
try {
cerificate = (X509Certificate) keyStorenew.getCertificate(aliasnew);
System.out.println("Certificate found in browser========"+cerificate);
}
catch (Exception e) {
// TODO: handle exception
}
}
System.out.println("Browser Certificate Initialized.");
} else {
System.out.println("========= Keystore is NULL ==========");
}
if(keyPairMap != null)
{
System.out.println("keyPairMap is not NuLL.");
privatekey=keyPairMap.get(pubkey.toString());
}
else
{
System.out.println("keyPairMap is NuLL.");
}
System.out.println("------GOT PRIVATEKEY------ " + privatekey);
BASE64Decoder base64Decoder = new BASE64Decoder();
byte[] encryptText = base64Decoder.decodeBuffer(text);
System.out.println("------GOT ENCRYTEDTEXT------ "
+ encryptText.toString());
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
System.out.println("------GOT CIPHER------ " + cipher);
cipher.init(Cipher.DECRYPT_MODE, privatekey);
System.out.println("------CIPHET INITIALISED------ ");
String decryptedString = new String(cipher.doFinal(encryptText));
System.out.println("------GOT DECRYPTEDTEXT------ " + decryptedString);
return decryptedString;
}
【问题讨论】:
-
虽然我不再使用证书。为问题 +1
-
当你说“它使用了旧的密钥库”时,你是说即使你删除并创建了一个新的私钥,旧的私钥也被检索到了?
-
是的,我使用此代码删除了一个密钥库,但没有重新启动浏览器。它显示我在重新启动浏览器后更改对密钥库的反映。
标签: java certificate x509certificate keystore keytool