Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » Java Security  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 怎样由pkcs12的KeyStore格式转成jks格式? [精华]
大雁507



发贴: 0
积分: 0
于 2004-08-08 18:07 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
小弟想把pkcs12格式(.pfx后缀)的keystore转换成jks格式的keystore,但似乎没有现成的转换工具?如果编程应该如何转换?


作者 Re:怎样由pkcs12的KeyStore格式转成jks格式? [Re:大雁507]
floater

Java Jedi

总版主


发贴: 3233
积分: 421
于 2004-08-09 09:21 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
This is my testing, working code. 

package cert;

/**
 * Convert PKCS12 format digital certificate(treated as a PKCS12 keystore)
 * to a JKS format keystore, which could be used in JSSE(Although JSSE has
 * a tool to recognize PKCS12, internally it's using JKS format).
 */
import java.security.KeyStore;
import java.security.Key;
import java.security.cert.Certificate;

import java.io.*;
import java.util.*;

public class ConvertPKCS12ToJKS
{
    //certificate store format
    public static final String PKCS12 = "PKCS12";
    public static final String JKS = "JKS";

    // PKCS12 keystore properties
    public static final String INPUT_KEYSTORE_FILE     = "cert/geotrustadmintest4.pfx"; //"cert/dev_coo1.p12";
    public static final String KEYSTORE_PASSWORD = "changeit"; //"123";
    // JKS output file
    public static final String OUTPUT_KEYSTORE_FILE    = "cert/geotrustadmintest4.jks";

    public static void main(String[] args)
    {
        try
        {
            KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
            FileInputStream fis = new FileInputStream(INPUT_KEYSTORE_FILE);

            // If the keystore password is empty(""), then we have to set
            // to null, otherwise it won't work!!!
            char[] nPassword = null;
            if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals(""))
            {
                nPassword = null;
            }
            else
            {
                nPassword = KEYSTORE_PASSWORD.toCharArray();
            }
            inputKeyStore.load(fis, nPassword);
            fis.close();

            System.out.println("keystore type=" + inputKeyStore.getType());

            //----------------------------------------------------------------------
            // get a JKS keystore and initialize it.
            KeyStore outputKeyStore = KeyStore.getInstance("JKS");
            outputKeyStore.load(null, "changeit".toCharArray());
            // Now we loop all the aliases, we need the alias to get keys.
            // It seems that this value is the "Friendly name" field in the
            // detals tab <-- Certificate window <-- view <-- Certificate
            // Button <-- Content tab <-- Internet Options <-- Tools menu
            // In MS IE 6.
            Enumeration enum = inputKeyStore.aliases();
            while (enum.hasMoreElements()) // we are readin just one certificate.
            {
                String keyAlias = (String)enum.nextElement();
                System.out.println("alias=[" + keyAlias + "]");
                if (inputKeyStore.isKeyEntry(keyAlias))
                {
                    Key key = inputKeyStore.getKey(keyAlias, nPassword);
                    Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
                    outputKeyStore.setKeyEntry("dev", key, "changeit".toCharArray(), certChain);
                }
            }
            FileOutputStream out = new FileOutputStream(OUTPUT_KEYSTORE_FILE);
            outputKeyStore.store(out, nPassword);
            out.close();
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }
}

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
- Martin Fowler, Refactoring - Improving the Design of Existing Code
作者 Re:怎样由pkcs12的KeyStore格式转成jks格式? [Re:大雁507]
大雁507



发贴: 0
积分: 0
于 2004-08-09 11:02 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
谢谢~,我试试。


作者 Re:怎样由pkcs12的KeyStore格式转成jks格式? [Re:大雁507]
javachao





发贴: 3
积分: 0
于 2004-11-10 20:37 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
那请问,如果反过来呢?
也就是由jks格式的keystore转换成 pkcs12格式(.pfx后缀)的keystore


作者 Re:怎样由pkcs12的KeyStore格式转成jks格式? [Re:大雁507]
floater

Java Jedi

总版主


发贴: 3233
积分: 421
于 2004-11-10 23:38 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
Once you have the Certificate Class, you can just save the bytes or base64 encoded ascii. I've done that 2-3 years ago, I don't remember any bumps there. I would go with p12 file format, not .pfx(that's ms format).

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
- Martin Fowler, Refactoring - Improving the Design of Existing Code
作者 Re:怎样由pkcs12的KeyStore格式转成jks格式? [Re:大雁507]
javachao





发贴: 3
积分: 0
于 2004-11-11 21:58 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
floater,你能不能幫我創建一個pkcs12類型的公/私鈅,由於我這邊沒有LINUX,所以沒有辦法裝opensll,謝謝了!



flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923