Skip to content
/ jks-js Public

Extracts PEM certificates from Java Keystore in order to securely connect to Java based servers using node js

License

Notifications You must be signed in to change notification settings

lenchv/jks-js

Repository files navigation

JKS-JS

npm test codecov

Description

jks-js is a converter of Java Keystore to PEM certificates in order to securely connect to Java based servers using node js.

Installation

npm install jks-js

Usage

...
const jks = require('jks-js');

const keystore = jks.toPem(
	fs.readFileSync('keystore.jks'),
	'password'
);

const { cert, key } = keystore['alias'];

after extraction you may use cert and key in your connection settings:

tls.connect('<port>', '<host>', {
	key: key,
	cert: cert,
});

more details

API

const {
	/**
	 * Extracts certificates from java keystore or truststore
	 * and decrypts private key 
	 * 
	 * @param keystore content of java keystore or truststore file
	 * @param keystorePassword password for verification and decryption
	 * @param pemPassword (optional) password that is used for decryption, in case it is different from keystorePassword. If not specified, keystorePassword is used
	 * @return {
	 *     <alias name>: {
	 *         cert: string // compound certificates chain
	 *         key: string // decrypted private key 
	 *     } | {
	 *         ca: string // trusted certificate
	 *     }
	 * }
	 */
	toPem,

	/**
	 * The raw function to extract certificates
	 * @param keystore
	 * @param password
	 * @return { <alias name>: KeyEntry | TrustedKeyEntry }
	 */
	parseJks,

	/**
	 * Decrypts private key from DER to PEM
	 *
	 * @param protectedPrivateKey DER encoded private key
	 * @param password password for PKCS8 decryption
	 * @return decoded private key 
	 */
	decrypt,

	/**
	 * The function that parses keystore/truststore in PKCS12 format
	 * 
	 * @param {Buffer} keystore
	 * @param {String} password
	 */
	parsePkcs12,
} = require('jks-js');

How it works

The implementaion is based on JavaKeystore.java logic, which is internally used for creation of java keystore, including keytool.

It is supposed the keystore contains X.509 certificates.

But you may use the library to extract any of certificates.

The decryption constrained by alghorithms that implemented in the crypto module of Node.js.

Issues

If you find any troubles feel free to create an issue.

License

MIT License

Copyright (c) 2020 Volodymyr Liench