论坛首页 综合技术论坛

PKCS12与JKS格式证书库转换工具

浏览 4260 次
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者 正文
   发表时间:2009-09-24   最后修改:2009-09-24

闲话不多说,直接上代码,如果不知CA、PKI、PKCS12等为何物的兄弟姐妹,不妨飘过:

package com.javaeye.sheng.security;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;


/**
 * <p>Title: PKCS12与JKS格式证书库转换工具</p>
 * <p>Description: 该工具可以把JKS和PKCS12格式的证书库相互转换</p>
 * <p>Copyright: Copyright (c) 2009</p>
 * <p>Company: </p>
 *
 * @author BrokenStone(wdmsyf@yahoo.com)
 * @version 1.0
 */

public class KeyStoreConv {
  /**
   * 从PKCS12格式转换为JKS格式
   * @param srcFile String PKCS12格式的证书库
   * @param srcPasswd String PKCS12格式的证书库密码
   * @param destFile String JKS格式的证书库
   * @param destPasswd String  JKS格式的证书库密码
   */
  public void PKCS12ToJKS(String srcFile, String srcPasswd, String destFile, String destPasswd){
    try {
      KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
      FileInputStream fis = new FileInputStream(srcFile);
      char[] srcPwd = null, destPwd = null;

      if ((srcPasswd == null) || srcPasswd.trim().equals("")) {
        srcPwd = null;
      } else {
        srcPwd = srcPasswd.toCharArray();
      }

      if ((destPasswd == null) || destPasswd.trim().equals("")) {
        destPwd = null;
      } else {
        destPwd = destPasswd.toCharArray();
      }

      inputKeyStore.load(fis, srcPwd);
      fis.close();
      
      KeyStore outputKeyStore = KeyStore.getInstance("JKS");
      outputKeyStore.load(null, destPwd);
      Enumeration enums = inputKeyStore.aliases();

      while (enums.hasMoreElements()) { 
        String keyAlias = (String) enums.nextElement();
        System.out.println("alias=[" + keyAlias + "]");
        if (inputKeyStore.isKeyEntry(keyAlias)) {
          Key key = inputKeyStore.getKey(keyAlias, srcPwd);
          Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
          outputKeyStore.setKeyEntry(keyAlias, key, destPwd, certChain);
        }
      }

      FileOutputStream out = new FileOutputStream(destFile);
      outputKeyStore.store(out, destPwd);
      out.close();
    } catch (Exception ex) {
      ex.printStackTrace();
    }
  }

  /**
   * 从JKS格式转换为PKCS12格式
   * @param srcFile String JKS格式证书库
   * @param srcPasswd String JKS格式证书库密码
   * @param destFile String PKCS12格式证书库
   * @param destPasswd String PKCS12格式证书库密码
   */
  public void JSKToPKCS12(String srcFile, String srcPasswd, String destFile, String destPasswd){
    try {
      KeyStore inputKeyStore = KeyStore.getInstance("JKS");
      FileInputStream fis = new FileInputStream(srcFile);
      char[] srcPwd = null, destPwd = null;

      if ((srcPasswd == null) || srcPasswd.trim().equals("")) {
        srcPwd = null;
      } else {
        srcPwd = srcPasswd.toCharArray();
      }
      if ((destPasswd == null) || destPasswd.trim().equals("")) {
        destPwd = null;
      } else {
        destPwd = destPasswd.toCharArray();
      }
      
      inputKeyStore.load(fis, srcPwd);
      fis.close();
      
      KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");

      Enumeration enums = inputKeyStore.aliases();

      while (enums.hasMoreElements()) {
        String keyAlias = (String) enums.nextElement();
        System.out.println("alias=[" + keyAlias + "]");

        outputKeyStore.load(null, destPwd );
        if (inputKeyStore.isKeyEntry(keyAlias)) {
          Key key = inputKeyStore.getKey(keyAlias, srcPwd);
          Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
          outputKeyStore.setKeyEntry(keyAlias, key, destPwd, certChain);
        }

        String fName = destFile.substring(0, destFile.indexOf(".pfx"));
        fName += "_" + keyAlias + ".pfx";
        FileOutputStream out = new FileOutputStream(fName);
        outputKeyStore.store(out, destPwd);
        out.close();
        outputKeyStore.deleteEntry(keyAlias);
      }

    } catch (Exception e) {
      e.printStackTrace();
    }
  }


  public static void main(String[] args) {
    String flag = "P2J";
    if(args.length<5) {
      System.out.println("用法:");
      System.out.println("    KeyStoreConv <转换标志> <源证书库文件名> <源证书库密码> <目标证书库文件名> <目标证书库密码>");
      System.out.println("    转换标志: P2J -- 从PKCS12转换为JKS格式");
      System.out.println("             J2P -- 从JKS转换为PKCS12格式");
      System.out.println("      注意: 1、如果从JKS转换为PKCS12且源JKS中有多个密钥对或证书,则每个密钥对或证书单独保存为一个文件。");
    }else{
      flag = args[0].toUpperCase();
      if (!(flag.equals("P2J") || flag.equals("J2P"))) flag = "P2J";

      KeyStoreConv c = new KeyStoreConv();
      if (flag.equals("P2J")) {
        c.PKCS12ToJKS(args[1], args[2], args[3], args[4]);
      } else {
        c.JSKToPKCS12(args[1], args[2], args[3], args[4]);
      }
    }
  }
}

 

   发表时间:2009-12-02  
那我原来的key是用openssl产生的,现在要用jdk里的keytool来import,这样也是可以的吗
0 请登录后投票
论坛首页 综合技术版

跳转论坛:
Global site tag (gtag.js) - Google Analytics