Is there any way to check the uploaded certificate is really a pfx certificate? I tried with the following code:
LazyValidatorForm lazyForm = (LazyValidatorForm) actionForm;
FormFile cerFile = (FormFile) lazyForm.get("cerFile");
if (!cerFile.getContentType().equals("application/x-pkcs12")) {
/** return error code **/
}
However, most of the time, the content type is application/octet-stream, which is no use
You could try loading the uploaded file into a KeyStore:
LazyValidatorForm lazyForm = (LazyValidatorForm) actionForm;
FormFile cerFile = (FormFile) lazyForm.get("cerFile");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(cerFile.getInputStream(), null);
Even if the .pfx contains a password protected private key, the .pfx should still be loaded (it's basically useless without the password but it should load).
If you get no exception and the keyStore.size() equals 1 after the load, then it must be a .pfx file.
