-
Notifications
You must be signed in to change notification settings - Fork 0
/
ImportKey.java
165 lines (147 loc) · 6.43 KB
/
ImportKey.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
package test;
import java.security.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.DataInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.security.spec.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Iterator;
/**
* ImportKey.java
*
* <p>This class imports a key and a certificate into a keystore
* (<code>$home/keystore.ImportKey</code>). If the keystore is
* already present, it is simply deleted. Both the key and the
* certificate file must be in <code>DER</code>-format. The key must be
* encoded with <code>PKCS#8</code>-format. The certificate must be
* encoded in <code>X.509</code>-format.</p>
*
* <p>Key format:</p>
* <p><code>openssl pkcs8 -topk8 -nocrypt -in YOUR.KEY -out YOUR.KEY.der
* -outform der</code></p>
* <p>Format of the certificate:</p>
* <p><code>openssl x509 -in YOUR.CERT -out YOUR.CERT.der -outform
* der</code></p>
* <p>Import key and certificate:</p>
* <p><code>java comu.ImportKey YOUR.KEY.der YOUR.CERT.der</code></p><br />
*
* <p><em>Caution:</em> the old <code>keystore.ImportKey</code>-file is
* deleted and replaced with a keystore only containing <code>YOUR.KEY</code>
* and <code>YOUR.CERT</code>. The keystore and the key has no password;
* they can be set by the <code>keytool -keypasswd</code>-command for setting
* the key password, and the <code>keytool -storepasswd</code>-command to set
* the keystore password.
* <p>The key and the certificate is stored under the alias
* <code>importkey</code>; to change this, use <code>keytool -keyclone</code>.
*
* Created: Fri Apr 13 18:15:07 2001
* Updated: Fri Apr 19 11:03:00 2002
*
* @author Joachim Karrer, Jens Carlberg
* @version 1.1
**/
public class ImportKey {
/**
* <p>Creates an InputStream from a file, and fills it with the complete
* file. Thus, available() on the returned InputStream will return the
* full number of bytes the file contains</p>
* @param fname The filename
* @return The filled InputStream
* @exception IOException, if the Streams couldn't be created.
**/
private static InputStream fullStream ( String fname ) throws IOException {
FileInputStream fis = new FileInputStream(fname);
DataInputStream dis = new DataInputStream(fis);
byte[] bytes = new byte[dis.available()];
dis.readFully(bytes);
ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
return bais;
}
/**
* <p>Takes two file names for a key and the certificate for the key,
* and imports those into a keystore. Optionally it takes an alias
* for the key.
* <p>The first argument is the filename for the key. The key should be
* in PKCS8-format.
* <p>The second argument is the filename for the certificate for the key.
* <p>If a third argument is given it is used as the alias. If missing,
* the key is imported with the alias importkey
* <p>The name of the keystore file can be controlled by setting
* the keystore property (java -Dkeystore=mykeystore). If no name
* is given, the file is named <code>keystore.ImportKey</code>
* and placed in your home directory.
* @param args [0] Name of the key file, [1] Name of the certificate file
* [2] Alias for the key.
**/
public static void main ( String args[]) {
// change this if you want another password by default
String keypass = "importkey";
// change this if you want another alias by default
String defaultalias = "importkey";
// change this if you want another keystorefile by default
String keystorename = System.getProperty("keystore");
if (keystorename == null)
keystorename = System.getProperty("user.home")+
System.getProperty("file.separator")+
"keystore.ImportKey"; // especially this ;-)
// parsing command line input
String keyfile = "";
String certfile = "";
if (args.length < 2 || args.length>3) {
System.out.println("Usage: java comu.ImportKey keyfile certfile [alias]");
System.exit(0);
} else {
keyfile = args[0];
certfile = args[1];
if (args.length>2)
defaultalias = args[2];
}
try {
// initializing and clearing keystore
KeyStore ks = KeyStore.getInstance("JKS", "SUN");
ks.load( null , keypass.toCharArray());
System.out.println("Using keystore-file : "+keystorename);
ks.store(new FileOutputStream ( keystorename ),
keypass.toCharArray());
ks.load(new FileInputStream ( keystorename ),
keypass.toCharArray());
// loading Key
InputStream fl = fullStream (keyfile);
byte[] key = new byte[fl.available()];
KeyFactory kf = KeyFactory.getInstance("RSA");
fl.read ( key, 0, fl.available() );
fl.close();
PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
PrivateKey ff = kf.generatePrivate (keysp);
// loading CertificateChain
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certstream = fullStream (certfile);
Collection c = cf.generateCertificates(certstream) ;
Certificate[] certs = new Certificate[c.toArray().length];
if (c.size() == 1) {
certstream = fullStream (certfile);
System.out.println("One certificate, no chain.");
Certificate cert = cf.generateCertificate(certstream) ;
certs[0] = cert;
} else {
System.out.println("Certificate chain length: "+c.size());
certs = (Certificate[])c.toArray();
}
// storing keystore
ks.setKeyEntry(defaultalias, ff,
keypass.toCharArray(),
certs );
System.out.println ("Key and certificate stored.");
System.out.println ("Alias:"+defaultalias+" Password:"+keypass);
ks.store(new FileOutputStream ( keystorename ),
keypass.toCharArray());
} catch (Exception ex) {
ex.printStackTrace();
}
}
}// KeyStore