我编写了一个.net程序来生成.jks文件并在.jks文件中导入root.crt,我使用.net和bouncy castle库来执行此操作。下面是我的代码:
`public voidGenerateTrustStore(字符串rootCertificateFilePath,字符串trustStoreFilePath,字符串trustStorePassword,字符串别名) { 尝试 {
X509Certificate2 rootCertificateX509Certificate2 = new X509Certificate2(rootCertificateFilePath, trustStorePassword);
Org.BouncyCastle.X509.X509Certificate rootBouncyCastleCertificateX509 = DotNetUtilities.FromX509Certificate(rootCertificateX509Certificate2);
Pkcs12Store trustStore = new Pkcs12StoreBuilder().Build(); ;
trustStore.SetCertificateEntry(alias, new X509CertificateEntry(rootBouncyCastleCertificateX509));
using (FileStream trustStoreStream = File.Create(trustStoreFilePath))
{
trustStore.Save(trustStoreStream, trustStorePassword.ToCharArray(), new SecureRandom());
}
Console.WriteLine($"Root certificate imported successfully with alias '{alias}' into the truststore.");
}
catch (Exception ex)
{
Console.WriteLine($"Error occurred while importing the root certificate: {ex.Message}");
}
}
`
但是,在运行 keytool 命令时:keytool -list -keystore truststore.jks -storepass abcdefghij,它说它有 0 个证书条目:
但是当我使用 .net 程序读取 truststore.jks 文件时,它确实显示 .jks 文件中存在别名:“caroot”:
我编写的用于读取 .jks 文件并打印其内容的程序:
`public void ReadTrustStore(字符串 trustStoreFilePath,字符串 trustStorePassword) { 尝试 { 使用 (var trustStoreStream = File.OpenRead(trustStoreFilePath)) { Pkcs12Store trustStore = new Pkcs12Store(trustStoreStream, trustStorePassword.ToCharArray());
foreach (string alias in trustStore.Aliases)
{
if (trustStore.IsCertificateEntry(alias))
{
X509CertificateEntry certEntry = trustStore.GetCertificate(alias);
X509Certificate2 certificate = new X509Certificate2(certEntry.Certificate.GetEncoded());
Console.WriteLine($"Alias: {alias}");
Console.WriteLine($"Subject: {certificate.Subject}");
Console.WriteLine($"Issuer: {certificate.Issuer}");
Console.WriteLine($"Serial Number: {certificate.SerialNumber}");
Console.WriteLine($"Thumbprint: {certificate.Thumbprint}");
Console.WriteLine();
}
}
}
}
catch (Exception ex)
{
Console.WriteLine($"Error occurred while reading trust store: {ex.Message}");
}
}`
我需要帮助来了解我做错了什么以及如何解决它。
注意:我的 root.crt 和 root.key 文件也是通过程序生成的,如果我执行 keytool 和 openssl 命令,我可以使用它们生成正确的自签名证书和 .jks 文件。但我想使用 C# 和库(例如:充气城堡)准备 .jks 和自签名证书。
我尝试编写程序来生成 .jks 文件并在其中导入根证书。我的程序能够创建 .jks 文件,但在运行 keytool 命令来验证证书条目时,它说它有 0 个条目。