问题
So, I am having trouble with LDAP. I have an integration test case that hopefully will work out, but it is currently running into LDAPS security issues with the SSL handshake.
I am able to connect to the LDAPS with Apache Directory Studio, and it has downloaded the keystore into a file "permanent.jks".
That's ok, but I want my integration test, which resides in Eclipse using a JRE, to be able to connect to the LDAP server using this keystore.
How can I take this keystore and import it into the JRE for its own use?
回答1:
Ok, so here was my process:
keytool -list -v -keystore permanent.jks - got me the alias.
keytool -export -alias alias_name -file certificate_name -keystore permanent.jks - got me the certificate to import.
Then I could import it with the keytool:
keytool -import -alias alias_name -file certificate_name -keystore keystore location
As @Christian Bongiorno says the alias can't already exist in your keystore.
回答2:
You can bulk import all aliases from one keystore to another:
keytool -importkeystore -srckeystore source.jks -destkeystore dest.jks
回答3:
to load a KeyStore, you'll need to tell it the type of keystore it is (probably jceks), provide an inputstream, and a password. then, you can load it like so:
KeyStore ks = KeyStore.getInstance(TYPE_OF_KEYSTORE);
ks.load(new FileInputStream(PATH_TO_KEYSTORE), PASSWORD);
this can throw a KeyStoreException, so you can surround in a try block if you like, or re-throw. Keep in mind a keystore can contain multiple keys, so you'll need to look up your key with an alias, here's an example with a symmetric key:
SecretKeyEntry entry = (KeyStore.SecretKeyEntry)ks.getEntry(SOME_ALIAS,new KeyStore.PasswordProtection(SOME_PASSWORD));
SecretKey someKey = entry.getSecretKey();
来源:https://stackoverflow.com/questions/7812444/how-do-i-import-an-existing-java-keystore-jks-file-into-a-java-installation