Java tutorial
/* * Copyright 1999-2010 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy * of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations * under the License. */ package org.nimbustools.auto_common.ezpz_ca; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMReader; import java.security.*; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.io.*; import java.util.Arrays; /** * Creates a Java Keystore from PEM encoded cert and private key */ public class KeystoreFromPEM { public final static String ENTRY_ALIAS = ""; static { Security.addProvider(new BouncyCastleProvider()); } public static KeyStore createJavaKeystore(X509Certificate cert, PrivateKey key, String password) throws Exception { KeyStore store = KeyStore.getInstance("JKS", "SUN"); store.load(null, password.toCharArray()); store.setKeyEntry(ENTRY_ALIAS, key, password.toCharArray(), new Certificate[] { cert }); return store; } public static void createJavaKeystore(File certFile, File keyFile, File keystoreFile, String password) throws Exception { X509Certificate cert = (X509Certificate) readPemObject(certFile); KeyPair keypair = (KeyPair) readPemObject(keyFile); KeyStore store = createJavaKeystore(cert, keypair.getPrivate(), password); OutputStream outStream = new FileOutputStream(keystoreFile); try { store.store(outStream, password.toCharArray()); } finally { outStream.close(); } } public static boolean checkJavaKeystore(File certFile, File keyFile, File keystoreFile, String password) throws Exception { X509Certificate cert = (X509Certificate) readPemObject(certFile); KeyPair keypair = (KeyPair) readPemObject(keyFile); PrivateKey privateKey = keypair.getPrivate(); KeyStore store = KeyStore.getInstance("JKS", "SUN"); final char[] passwordChars = password.toCharArray(); InputStream inStream = new FileInputStream(keystoreFile); try { store.load(inStream, passwordChars); } finally { inStream.close(); } final Certificate curCert = store.getCertificate(ENTRY_ALIAS); if (curCert == null || !Arrays.equals(curCert.getEncoded(), cert.getEncoded())) { return false; } final Key curKey = store.getKey(ENTRY_ALIAS, passwordChars); return curKey != null && Arrays.equals(curKey.getEncoded(), privateKey.getEncoded()); } private static Object readPemObject(File file) throws IOException { FileReader reader = new FileReader(file); try { PEMReader pemReader = new PEMReader(reader, null, BouncyCastleProvider.PROVIDER_NAME); return pemReader.readObject(); } finally { reader.close(); } } public static void main(String[] args) { if (args == null || args.length != 4) { System.err.println("Needs these arguments:\n" + "1 - the certificate file\n" + "2 = the private key file\n" + "3 - the destination file\n" + "4 - the keystore password\n"); System.exit(1); } try { File certFile = new File(args[0]); File keyFile = new File(args[1]); File keystoreFile = new File(args[2]); String password = args[3]; if (keystoreFile.exists()) { if (checkJavaKeystore(certFile, keyFile, keystoreFile, password)) { System.exit(0); } else { System.err.println( "The keystore exists but does not " + "contain the correct key and certificate"); System.exit(2); } } createJavaKeystore(certFile, keyFile, keystoreFile, password); } catch (Throwable t) { System.err.println("Problem: " + t.getMessage()); t.printStackTrace(); System.exit(1); } } }