1 13 14 package org.ejbca.util; 15 16 import java.io.File ; 17 import java.io.FileInputStream ; 18 import java.io.FileNotFoundException ; 19 import java.io.FileOutputStream ; 20 import java.io.IOException ; 21 import java.io.InputStream ; 22 import java.io.OutputStream ; 23 import java.security.KeyStore ; 24 import java.security.KeyStoreException ; 25 import java.security.NoSuchAlgorithmException ; 26 import java.security.PrivateKey ; 27 import java.security.UnrecoverableKeyException ; 28 import java.security.cert.Certificate ; 29 import java.security.cert.CertificateEncodingException ; 30 import java.security.cert.CertificateException ; 31 import java.security.cert.X509Certificate ; 32 import java.util.Enumeration ; 33 34 35 43 public class JKStoPEM { 44 String exportpath = "./p12/pem/"; 45 String jksFile; 46 String password; 47 String keypass; 48 KeyStore ks = null; 49 50 boolean overwrite = false; 51 byte[] beginCertificate = "-----BEGIN CERTIFICATE-----".getBytes(); 52 byte[] endCertificate = "-----END CERTIFICATE-----".getBytes(); 53 byte[] beginPrivateKey = "-----BEGIN PRIVATE KEY-----".getBytes(); 54 byte[] endPrivateKey = "-----END PRIVATE KEY-----".getBytes(); 55 byte[] NL = "\n".getBytes(); 56 57 62 public static void main(String [] args) { 63 64 CertTools.installBCProvider(); 66 67 JKStoPEM jks = null; 68 69 try { 70 if (args.length > 4) { 71 boolean overwrite = false; 72 73 if (args[4].equalsIgnoreCase("true")) { 74 overwrite = true; 75 } 76 77 jks = new JKStoPEM(args[0], args[1], args[2], args[3], overwrite); 78 } else if (args.length > 3) { 79 jks = new JKStoPEM(args[0], args[1], args[2], args[3]); 80 } else { 81 System.out.println( 82 "Usage: JKStoPEM <jksFile> <jkspassword> <keypassword> <outpath> [overwrite (true/false)(default false)]"); 83 System.exit(0); 84 } 85 86 jks.createPEM(); 87 } catch (Exception e) { 88 e.printStackTrace(); 89 } 90 } 91 92 99 public JKStoPEM(String jksFile, String password, String keypass, String outpath) { 100 this.jksFile = jksFile; 101 this.password = password; 102 this.keypass = keypass; 103 exportpath = outpath; 104 } 105 106 113 public JKStoPEM(KeyStore keystore, String password, String keypass, String outpath, boolean overwrite) { 114 this.password = password; 115 this.ks = keystore; 116 this.keypass = keypass; 117 exportpath = outpath; 118 this.overwrite = overwrite; 119 } 120 121 122 127 public void setExportPath(String path) { 128 exportpath = path; 129 } 130 131 138 public JKStoPEM(String jksFile, String password, String keypass, String outpath, boolean overwrite) { 139 this.jksFile = jksFile; 140 this.password = password; 141 this.overwrite = overwrite; 142 this.keypass = keypass; 143 exportpath = outpath; 144 } 145 146 158 public void createPEM() 159 throws KeyStoreException , FileNotFoundException , IOException , 160 NoSuchAlgorithmException , CertificateEncodingException , CertificateException , 161 UnrecoverableKeyException { 162 163 if(this.ks == null){ 164 ks = KeyStore.getInstance("JKS"); 165 InputStream in = new FileInputStream (jksFile); 166 ks.load(in, password.toCharArray()); 167 in.close(); 168 } 169 Enumeration e = ks.aliases(); 171 Object o = null; 172 PrivateKey serverPrivKey = null; 173 174 while (e.hasMoreElements()) { 175 o = e.nextElement(); 176 177 if (o instanceof String ) { 178 if ((ks.isKeyEntry((String ) o)) && 179 ((serverPrivKey = (PrivateKey ) ks.getKey((String ) o, keypass.toCharArray())) != null)) { 180 break; 181 } 182 } 183 } 184 185 186 byte[] privKeyEncoded = "".getBytes(); 187 188 if (serverPrivKey != null) { 189 privKeyEncoded = serverPrivKey.getEncoded(); 190 } 191 192 Certificate [] chain = KeyTools.getCertChain(ks, (String ) o); 194 195 X509Certificate userX509Certificate = (X509Certificate ) chain[0]; 196 197 byte[] output = userX509Certificate.getEncoded(); 198 String sn = CertTools.getSubjectDN(userX509Certificate); 199 String userFile = CertTools.getPartFromDN(sn, "CN"); 200 String filetype = ".pem"; 201 202 File path = new File (exportpath); 203 path.mkdir(); 204 205 File tmpFile = new File (path, userFile + filetype); 206 207 if (!overwrite) { 208 if (tmpFile.exists()) { 209 System.out.println("File '" + tmpFile + "' already exists, don't overwrite."); 210 211 return; 212 } 213 } 214 215 OutputStream out = new FileOutputStream (tmpFile); 216 out.write(beginCertificate); 217 out.write(NL); 218 219 byte[] userCertB64 = Base64.encode(output); 220 out.write(userCertB64); 221 out.write(NL); 222 out.write(endCertificate); 223 out.close(); 224 225 tmpFile = new File (path, userFile + "-Key" + filetype); 226 227 if (!overwrite) { 228 if (tmpFile.exists()) { 229 System.out.println("File '" + tmpFile + "' already exists, don't overwrite."); 230 231 return; 232 } 233 } 234 235 out = new FileOutputStream (tmpFile); 236 out.write(beginPrivateKey); 237 out.write(NL); 238 239 byte[] privKey = Base64.encode(privKeyEncoded); 240 out.write(privKey); 241 out.write(NL); 242 out.write(endPrivateKey); 243 out.close(); 244 245 tmpFile = new File (path, userFile + "-CA" + filetype); 246 247 if (!overwrite) { 248 if (tmpFile.exists()) { 249 System.out.println("File '" + tmpFile + "' already exists, don't overwrite."); 250 251 return; 252 } 253 } 254 255 if (CertTools.isSelfSigned(userX509Certificate)) { 256 System.out.println( 257 "User certificate is selfsigned, this is a RootCA, no CA certificates written."); 258 } else { 259 out = new FileOutputStream (tmpFile); 260 261 for (int num = 1; num < chain.length; num++) { 262 X509Certificate tmpX509Cert = (X509Certificate ) chain[num]; 263 byte[] tmpOutput = tmpX509Cert.getEncoded(); 264 out.write(beginCertificate); 265 out.write(NL); 266 267 byte[] tmpCACertB64 = Base64.encode(tmpOutput); 268 out.write(tmpCACertB64); 269 out.write(NL); 270 out.write(endCertificate); 271 out.write(NL); 272 } 273 out.close(); 274 } 275 } 277 } | Popular Tags |