java/certs/ImportKey.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

//
// Java's keytool program does not provide any way to import a private key,
// so this simple utility imports a private key and certificate chain from a
// PKCS12 file into a Java keystore.
//
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

public class ImportKey
{
    public static void
    main(String[] args)
    {
        if(args.length != 5)
        {
            //
            // Arguments:
            //
            // pkcs12-file      A file in PKCS12 format that contains the
            //                  private key and certificate chain.
            //
            // alias            The key's friendly name in pkcs12-file and the
            //                  alias for the key in the new keystore.
            //
            // cert-file        The CA certificate file in DER format.
            //
            // keystore-file    The name of the keystore file to update or
            //                  create.
            //
            // password         The password to use for the key and keystore.
            //
            System.err.println("Usage: ImportKey pkcs12-file alias cert-file " +
                               "keystore-file password");
            System.exit(1);
        }

        final String pkcs12File = args[0];
        final String alias = args[1];
        final String certFile = args[2];
        final String keystoreFile = args[3];
        final char[] password = args[4].toCharArray();

        try
        {
            KeyStore src = KeyStore.getInstance("PKCS12");
            src.load(new java.io.FileInputStream(pkcs12File), password);

            KeyStore dest = KeyStore.getInstance("JKS");
            java.io.File f = new java.io.File(keystoreFile);
            if(f.exists())
            {
                dest.load(new java.io.FileInputStream(f), password);
            }
            else
            {
                dest.load(null, null);
            }
            Certificate[] chain = src.getCertificateChain(alias);
            Key key = src.getKey(alias, password);

            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate)
                cf.generateCertificate(new java.io.FileInputStream(certFile));

            dest.setKeyEntry(alias, key, password, chain);
            dest.setCertificateEntry("cacert", cert);

            dest.store(new java.io.FileOutputStream(keystoreFile), password);
        }
        catch(Exception ex)
        {
            ex.printStackTrace();
            System.exit(1);
        }

        System.exit(0);
    }
}