Program for converting PKCS#12 keystores into Java keystores
About
KeystoreUtil is a program for converting a PKCS#12 keystore to a Java keystore suitable for signing JAR-files such as Java extensions (plugins/features) for the Notes 8 platform. The program is written in Java and requires Java to run. Below you can find the source code as well as a compiled version. There’s also a BAT-file for easy execution on Windows.
Installation
Installation should be fairly easy and is done like this:
- Make sure you have a working Java environment and the java-executable (java.exe on Windows) is available on the PATH. Test by opening a Command Prompt and typing “java -version” which should print the version of the Java environment you’re using.
- Download KeystoreUtil.class and keystoreutil.bat from below to the same directory
- Test that KeystoreUtil works by simply running the keystoreutil.bat in the directory using a Command Prompt. You should see a line with the syntax being printed to the Command Prompt
Usage
Run keystoreutil.bat with three arguments:
- the path/filename to the PKCS#12 keystore to convert
- the password of the PKCS#12 keystore
- the path/filename to the Java keystore you’ll like to create
Once the execution of the program is done you should have a Java keystore with the specified name and the same password as your PKCS#12 file. The alias of the converted signer key is “signerkey”.
Example 1 (bat-file)
keystoreutil.bat domino_admin.pfx password keystore.jks
Example 2 (Java)
java -cp KeystoreUtil.jar KeystoreUtil domino_admin.pfx password keystore.jks
Files
Source code
import java.security.Principal;
import java.security.Key;
import java.security.PrivateKey;
import java.security.KeyStore;
import java.security.KeyStore.PrivateKeyEntry;
import java.security.cert.Certificate;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.Enumeration;
public class KeystoreUtil{
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Syntax: KeystoreUtil <pkcs12 " +
"keystore> <pkcs12 keystore password> " +
"<jks keystore>");
return;
}
// declarations
String signkeyalias = "signerkey";
// load keystore
KeyStore kspkcs12=KeyStore.getInstance("PKCS12");
kspkcs12.load(new FileInputStream(args[0]),
args[1].toCharArray());
// loop keys
Enumeration<String> aliases = kspkcs12.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
System.out.println("Found alias: " + alias);
// is this a key?
if (kspkcs12.isKeyEntry(alias)) {
System.out.println("Found key with alias: " + alias);
// load key
KeyStore.Entry e = kspkcs12.getEntry(alias, new
KeyStore.PasswordProtection(args[1].toCharArray()));
PrivateKeyEntry pke = (PrivateKeyEntry)e;
// get private key and certificate chain
PrivateKey pk = pke.getPrivateKey();
Certificate[] certchain = pke.getCertificateChain();
// create new empty Java keystore with same password
KeyStore ksjks=KeyStore.getInstance("JKS");
ksjks.load(null, args[1].toCharArray());
// add private key (with store password) and cert chain
ksjks.setKeyEntry(signkeyalias,
pk, args[1].toCharArray(), certchain);
ksjks.store(new FileOutputStream(args[2]),
args[1].toCharArray());
// output
System.out.println("Created new signing " +
"key with alias: " + signkeyalias);
}
}
}
}
KeystoreUtil by Mikkel Flindt Heisterberg is licensed under a Creative Commons Attribution-Share Alike 2.5 Denmark License.
Based on a work at lekkimworld.com.