Program for converting PKCS#12 keystores into Java keystores
About
KeystoreUtil is a program for converting a PKCS#12 keystore to a Java keystore suitable for signing JAR-files such as Java extensions (plugins/features) for the Notes 8 platform. The program is written in Java and requires Java to run. Below you can find the source code as well as a compiled version. There’s also a BAT-file for easy execution on Windows.
Installation
Installation should be fairly easy and is done like this:
- Make sure you have a working Java environment and the java-executable (java.exe on Windows) is available on the PATH. Test by opening a Command Prompt and typing “java -version” which should print the version of the Java environment you’re using.
- Download KeystoreUtil.class and keystoreutil.bat from below to the same directory
- Test that KeystoreUtil works by simply running the keystoreutil.bat in the directory using a Command Prompt. You should see a line with the syntax being printed to the Command Prompt
Usage
Run keystoreutil.bat with three arguments:
- the path/filename to the PKCS#12 keystore to convert
- the password of the PKCS#12 keystore
- the path/filename to the Java keystore you’ll like to create
Once the execution of the program is done you should have a Java keystore with the specified name and the same password as your PKCS#12 file. The alias of the converted signer key is “signerkey”.
Example 1 (bat-file)
keystoreutil.bat domino_admin.pfx password keystore.jks
Example 2 (Java)
java -cp KeystoreUtil.jar KeystoreUtil domino_admin.pfx password keystore.jks
Files
Source code
import java.security.Principal; import java.security.Key; import java.security.PrivateKey; import java.security.KeyStore; import java.security.KeyStore.PrivateKeyEntry; import java.security.cert.Certificate; import java.io.FileInputStream; import java.io.FileOutputStream; import java.util.Enumeration; public class KeystoreUtil{ public static void main(String[] args) throws Exception { if (args.length != 3) { System.out.println("Syntax: KeystoreUtil <pkcs12 " + "keystore> <pkcs12 keystore password> " + "<jks keystore>"); return; } // declarations String signkeyalias = "signerkey"; // load keystore KeyStore kspkcs12=KeyStore.getInstance("PKCS12"); kspkcs12.load(new FileInputStream(args[0]), args[1].toCharArray()); // loop keys Enumeration<String> aliases = kspkcs12.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); System.out.println("Found alias: " + alias); // is this a key? if (kspkcs12.isKeyEntry(alias)) { System.out.println("Found key with alias: " + alias); // load key KeyStore.Entry e = kspkcs12.getEntry(alias, new KeyStore.PasswordProtection(args[1].toCharArray())); PrivateKeyEntry pke = (PrivateKeyEntry)e; // get private key and certificate chain PrivateKey pk = pke.getPrivateKey(); Certificate[] certchain = pke.getCertificateChain(); // create new empty Java keystore with same password KeyStore ksjks=KeyStore.getInstance("JKS"); ksjks.load(null, args[1].toCharArray()); // add private key (with store password) and cert chain ksjks.setKeyEntry(signkeyalias, pk, args[1].toCharArray(), certchain); ksjks.store(new FileOutputStream(args[2]), args[1].toCharArray()); // output System.out.println("Created new signing " + "key with alias: " + signkeyalias); } } } }
KeystoreUtil by Mikkel Flindt Heisterberg is licensed under a Creative Commons Attribution-Share Alike 2.5 Denmark License.
Based on a work at lekkimworld.com.