//
// Copyright (c) 1999 Jason Gilbert
// $Id: PKCS12Import.java,v 1.3 2004/05/09 20:32:49 gregwilkins Exp $
//
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
/**
* This class can be used to import a key/certificate pair from a pkcs12 file
* into a regular JKS format keystore for use with jetty and other java based
* SSL applications, etc.
*
* usage: java PKCS12Import {pkcs12file} [newjksfile]
*
*
* If you don't supply newjksfile, newstore.jks will be used. This can be an
* existing JKS keystore.
*
* Upon execution, you will be prompted for the password for the pkcs12 keystore
* as well as the password for the jdk file. After execution you should have a
* JKS keystore file that contains the private key and certificate that were in
* the pkcs12
*
* You can generate a pkcs12 file from PEM encoded certificate and key files
* using the following openssl command:
*
* openssl pkcs12 -export -out keystore.pkcs12 -in www.crt -inkey www.key
*
* then run:
*
* java PKCS12Import keystore.pkcs12 keytore.jks
*
*
* @author Jason Gilbert <jason@doozer.com>
*/
public class PKCS12Import
{
public static void main(String[] args) throws Exception
{
if (args.length < 1) {
System.err.println(
"usage: java PKCS12Import {pkcs12file} [newjksfile]");
System.exit(1);
}
File fileIn = new File(args[0]);
File fileOut;
if (args.length > 1) {
fileOut = new File(args[1]);
} else {
fileOut = new File("newstore.jks");
}
if (!fileIn.canRead()) {
System.err.println(
"Unable to access input keystore: " + fileIn.getPath());
System.exit(2);
}
if (fileOut.exists() && !fileOut.canWrite()) {
System.err.println(
"Output file is not writable: " + fileOut.getPath());
System.exit(2);
}
KeyStore kspkcs12 = KeyStore.getInstance("pkcs12");
KeyStore ksjks = KeyStore.getInstance("jks");
System.out.print("Enter input keystore passphrase: ");
char[] inphrase = readPassphrase();
System.out.print("Enter output keystore passphrase: ");
char[] outphrase = readPassphrase();
kspkcs12.load(new FileInputStream(fileIn), inphrase);
ksjks.load(
(fileOut.exists())
? new FileInputStream(fileOut) : null, outphrase);
Enumeration eAliases = kspkcs12.aliases();
int n = 0;
while (eAliases.hasMoreElements()) {
String strAlias = (String)eAliases.nextElement();
System.err.println("Alias " + n++ + ": " + strAlias);
if (kspkcs12.isKeyEntry(strAlias)) {
System.err.println("Adding key for alias " + strAlias);
Key key = kspkcs12.getKey(strAlias, inphrase);
Certificate[] chain = kspkcs12.getCertificateChain(strAlias);
ksjks.setKeyEntry(strAlias, key, outphrase, chain);
}
}
OutputStream out = new FileOutputStream(fileOut);
ksjks.store(out, outphrase);
out.close();
}
static void dumpChain(Certificate[] chain)
{
for (int i = 0; i < chain.length; i++) {
Certificate cert = chain[i];
if (cert instanceof X509Certificate) {
X509Certificate x509 = (X509Certificate)chain[i];
System.err.println("subject: " + x509.getSubjectDN());
System.err.println("issuer: " + x509.getIssuerDN());
}
}
}
static char[] readPassphrase() throws IOException
{
InputStreamReader in = new InputStreamReader(System.in);
char[] cbuf = new char[256];
int i = 0;
readchars:
while (i < cbuf.length) {
char c = (char)in.read();
switch (c) {
case '\r':
break readchars;
case '\n':
break readchars;
default:
cbuf[i++] = c;
}
}
char[] phrase = new char[i];
System.arraycopy(cbuf, 0, phrase, 0, i);
return phrase;
}
}