All entries for Wednesday 14 December 2005

December 14, 2005

Creating a Java KeyStore (JKS) with an existing key

We are using a lot more SSL than we used to in e-lab because of the new super powerful and secure Single Sign On system. This means we need to programatically access SSL keys and certificates with Java. If you just want to create a new key and use it in Java, you just create a Java KeyStore with the keytool program. However, if you want to use the key and certificate that you already had, things are a little trickier.

I came up with this little unix shell script which should make life easier:

host=$1
storepass=$2
echo Creating keystore for ${host}
certFile=${host}.crt
keyFile=${host}.key
echo "Creating pkcs12 file from $certFile and $keyFile"
openssl pkcs12 -export -in $certFile -inkey $keyFile -out ${host}.pkcs12
-name ${host} -passout pass:$storepass
java -classpath . KeystoreKeyImporter ${host}.pkcs12 $storepass ${host}.keystore $storepass
Basically you run:
importscript.sh myhostname.com mypass

It will look for an existing myhostname.com.key and myhostname.com.crt and turn them into myhostname.com.pkcs12 which is then imported into myhostname.com.keystore with the KeystoreKeyImporter java program.

public class KeystoreKeyImporter {

public static void main(String[] args) throws Exception {

if (args.length < 4) {
System.out.println("Usage: KeystoreKeyImporter <inputpkcs12.file> <inputpkcs12.pass>
 <outputkeystore.file> <outputkeystore.pass>");
return;
}

String pkcs12Location = args[0];
String pkcs12Password = args[1];

String keystoreLocation = args[2];
String keystorePassword = args[3];


// openssl pkcs12 -export -in test.crt -inkey test.key.nopass 
                //    -out test.pkcs12 -name test

KeyStore kspkcs12 = KeyStore.getInstance("PKCS12");

String alias = null;

FileInputStream fis = new FileInputStream(pkcs12Location);
kspkcs12.load(fis, pkcs12Password.toCharArray());
if (kspkcs12.aliases().hasMoreElements()) {
System.out.println("Has keys!");
Enumeration aliases = kspkcs12.aliases();
while (aliases.hasMoreElements()) {
alias = (String) aliases.nextElement();
System.out.println("Alias:" + alias);
Key key = kspkcs12.getKey(alias,pkcs12Password.toCharArray());
if (key == null) {
System.out.println("No key found for alias: " + alias);
System.exit(0);
}

System.out.println("Key:" + key.getFormat());
Certificate cert = kspkcs12.getCertificate(alias);
if (cert == null) {
System.out.println("No certificate found for alias: " + alias);
System.exit(0);
}
System.out.println("Cert:" + cert.getType());
}
} else {
System.out.println("No keys!");
}


KeyStore ksjks = KeyStore.getInstance("JKS");
ksjks.load(null,keystorePassword.toCharArray());
Certificate c[] = kspkcs12.getCertificateChain(alias);
Key key = kspkcs12.getKey(alias, pkcs12Password.toCharArray());

ksjks.setKeyEntry(alias, key, keystorePassword.toCharArray(), c);
ksjks.store(new FileOutputStream(keystoreLocation), keystorePassword.toCharArray());

System.out.println("Created " + keystoreLocation);

}

}

You now have a nice JKS with your key and certificate in it.


Monkeehub

Writing about web page http://www.monkeehub.com/

Having just watched for the first time the brilliant JCB Song video, I went in search of it's creators.

Monkeehub is a one man band animator/artist who has created the JCB Song video, but I think even more impressive is the Radiohead Creep video he has made…absolutely bloody marvelous!

What makes this even more fun is the fact that the maniac made this stuff with Flash…wonderful.


December 2005

Mo Tu We Th Fr Sa Su
Nov |  Today  | Jan
         1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31   

Tags

Search this blog

Most recent comments

  • One thing that was glossed over is that if you use Spring, there is a filter you can put in your XML… by Mathew Mannion on this entry
  • You are my hero. by Mathew Mannion on this entry
  • And may all your chickens come home to roost – in a nice fluffy organic, non–supermarket farmed kind… by Julie Moreton on this entry
  • Good luck I hope that you enjoy the new job! by on this entry
  • Good luck Kieran. :) by on this entry

Galleries

Not signed in
Sign in

Powered by BlogBuilder
© MMXIX