import java.io.* ; import java.security.* ; import java.security.cert.* ; import java.security.spec.* ; import java.util.Collection ; import sun.security.pkcs.* ; import sun.security.util.* ; import sun.security.x509.* ; /** * Command line tool to import a DER/PKCS8 key into the user's home * keystore. * *

Create new key

The process *

 * 
 * openssl req -newkey rsa:2048 -new -out somename.csr
 * 
 *

* will create "prikey.pem".

* *

Send CSR

* *

Send your CSR to a CA for signing.

* *

Received Signed

* *

Receive your signed certificate from the CA, for example * "signed.pem".

* *

Convert PEM files to DER files

 * 
 * openssl pkcs8 -topk8 -nocrypt -in prikey.pem -out prikey.der
 * 
 * openssl x509 -in singed.pem -out signed.der
 * 
 *

* *

Import Key and Signed

 * 
 * java ImportKey -prikey prikey.der -signed signed.der -alias prikey -storepass keystorepass
 * 
 *

* * @author John Pritchard * @version 1.0 */ public enum ImportKey { /** * Command line options */ help, alias, prikey, signed, store, storepass, keypass; public final static String HomeKeystore = (System.getProperty("user.home")+ System.getProperty("file.separator")+ ".keystore"); private final static ImportKey For(String arg){ if (null != arg){ while (0 < arg.length() && '-' == arg.charAt(0)) arg = arg.substring(1); try { return ImportKey.valueOf(arg); } catch (Exception any){ } } return ImportKey.help; } private static byte[] ReadBytes(File file) throws IOException { FileInputStream fis = new FileInputStream(file); try { DataInputStream dis = new DataInputStream(fis); byte[] bytes = new byte[(int)file.length()]; dis.readFully(bytes); return bytes; } finally { fis.close(); } } private final static KeyFactory RSA; static { try { RSA = KeyFactory.getInstance("RSA"); } catch (Exception exc){ exc.printStackTrace(); throw new InternalError(); } } private final static CertificateFactory X509; static { try { X509 = CertificateFactory.getInstance("X.509"); } catch (Exception exc){ exc.printStackTrace(); throw new InternalError(); } } private final static X509Certificate[] Reverse(X509Certificate[] certs){ if (null != certs){ final int len = certs.length, trm = (len-1); if (0 != len){ X509Certificate[] re = new X509Certificate[len]; for (int cc = trm; -1 < cc; cc--){ re[trm-cc] = certs[cc]; } return re; } else return certs; } else return null; } private static void usage(){ System.err.println("Usage"); System.err.println(); System.err.println(" java ImportKey -alias alias -prikey file.der -signed cert.der -keypass pas1 -storepass pas2"); System.err.println(" java ImportKey -alias alias -prikey file.der -signed cert.der -keypass pas1 -store file.jks -storepass pas2"); System.err.println(); System.err.println("Description"); System.err.println(); System.err.println(" Store DER key and signed certificate into user's home key store, or into the key"); System.err.println(" store file specified by the STORE parameter."); System.err.println(); System.exit(1); } public static void main (String argv[]){ final int argc = argv.length; try { String alias = null, storepass = null, keypass = null; File prikey = null, signed = null, store = new File(HomeKeystore); /* * Read command line */ for (int argx = 0; argx < argc; argx++){ String arg = argv[argx]; ImportKey op = ImportKey.For(arg); switch(op){ case help: usage(); break; case alias: argx += 1; if (argx < argc){ arg = argv[argx]; alias = arg; } else { System.err.printf("Error, '%s' missing argument.%n",arg); System.exit(1); } break; case keypass: argx += 1; if (argx < argc){ arg = argv[argx]; keypass = arg; } else { System.err.printf("Error, '%s' missing argument.%n",arg); System.exit(1); } break; case prikey: argx += 1; if (argx < argc){ arg = argv[argx]; prikey = new File(arg); if (!prikey.isFile()){ System.err.printf("Error, file not found '%s'.%n",arg); System.exit(1); } } else { System.err.printf("Error, '%s' missing argument.%n",arg); System.exit(1); } break; case signed: argx += 1; if (argx < argc){ arg = argv[argx]; signed = new File(arg); if (!signed.isFile()){ System.err.printf("Error, file not found '%s'.%n",arg); System.exit(1); } } else { System.err.printf("Error, '%s' missing argument.%n",arg); System.exit(1); } break; case store: argx += 1; if (argx < argc){ arg = argv[argx]; store = new File(arg); } else { System.err.printf("Error, '%s' missing argument.%n",arg); System.exit(1); } break; case storepass: argx += 1; if (argx < argc){ arg = argv[argx]; storepass = arg; } else { System.err.printf("Error, '%s' missing argument.%n",arg); System.exit(1); } break; default: throw new IllegalStateException(op.name()); } } /* * Perform import */ if (null != prikey && null != signed && null != store && null != alias){ /* * Read Key */ final PrivateKey key = RSA.generatePrivate(new PKCS8EncodedKeySpec(ReadBytes(prikey))); /* * Open Key Store */ final KeyStore ks = KeyStore.getInstance("JKS", "SUN"); if (store.isFile()){ InputStream din = new FileInputStream(store); try { if (null != storepass) ks.load(din, storepass.toCharArray()); else ks.load(din, null); } finally { din.close(); } } else { if (null != storepass) ks.load(null, storepass.toCharArray()); else ks.load(null, null); } /* * Store Key */ final X509Certificate c = (X509Certificate)X509.generateCertificate(new ByteArrayInputStream(ReadBytes(signed))); final X509Certificate[] certs = new X509Certificate[]{c}; if (null != keypass) ks.setKeyEntry(alias,key,keypass.toCharArray(), certs); else ks.setKeyEntry(alias,key,null, certs); /* * Write Store */ OutputStream dout = new FileOutputStream (store); try { ks.store(dout, storepass.toCharArray()); } finally { dout.flush(); dout.close(); dout = null; } System.out.println("OK"); System.exit(0); } else usage(); } catch (Exception any){ any.printStackTrace(); System.exit(1); } } }