[转]由pkcs12格式转成jks格式

输入证书: cert/test.pfx 密码假设为123456

输出证书：cert/test.jks

在cmd下运行:

D:\temp\certtest>java  ConvertPKCS12ToJKS

显示
keystore type=PKCS12
alias=[my certificate]

/**
 * Convert PKCS12 format digital certificate(treated as a PKCS12 keystore)
 * to a JKS format keystore, which could be used in JSSE(Although JSSE has
 * a tool to recognize PKCS12, internally it's using JKS format).
 */
import java.security.KeyStore;
import java.security.Key;
import java.security.cert.Certificate;
 
import java.io.*;
import java.util.*;
 
public class ConvertPKCS12ToJKS
{
    //certificate store format
    public static final String PKCS12 = "PKCS12";
    public static final String JKS = "JKS";
 
    // PKCS12 keystore properties
    public static final String INPUT_KEYSTORE_FILE     = "cert/test.pfx"; //"cert/dev_coo1.p12";
    public static final String KEYSTORE_PASSWORD = "123456"; //"123";
    // JKS output file
    public static final String OUTPUT_KEYSTORE_FILE    = "cert/test.jks";
 
    public static void main(String[] args)
    {
        try
        {
            KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
            FileInputStream fis = new FileInputStream(INPUT_KEYSTORE_FILE);
 
            // If the keystore password is empty(""), then we have to set
            // to null, otherwise it won't work!!!
            char[] nPassword = null;
            if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals(""))
            {
                nPassword = null;
            }
            else
            {
                nPassword = KEYSTORE_PASSWORD.toCharArray();
            }
            inputKeyStore.load(fis, nPassword);
            fis.close();
 
            System.out.println("keystore type=" + inputKeyStore.getType());
 
            //----------------------------------------------------------------------
            // get a JKS keystore and initialize it.
            KeyStore outputKeyStore = KeyStore.getInstance("JKS");
            outputKeyStore.load(null, "changeit".toCharArray());
            // Now we loop all the aliases, we need the alias to get keys.
            // It seems that this value is the "Friendly name" field in the
            // detals tab <-- Certificate window <-- view <-- Certificate
            // Button <-- Content tab <-- Internet Options <-- Tools menu
            // In MS IE 6.
            Enumeration enum = inputKeyStore.aliases();
            while (enum.hasMoreElements()) // we are readin just one certificate.
            {
                String keyAlias = (String)enum.nextElement();
                System.out.println("alias=[" + keyAlias + "]");
                if (inputKeyStore.isKeyEntry(keyAlias))
                {
                    Key key = inputKeyStore.getKey(keyAlias, nPassword);
                    Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
                    outputKeyStore.setKeyEntry("dev", key, "changeit".toCharArray(), certChain);
                }
            }
            FileOutputStream out = new FileOutputStream(OUTPUT_KEYSTORE_FILE);
            outputKeyStore.store(out, nPassword);
            out.close();
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }
}

搞iis和tomcat双向认证，要用到这个，记录一下了