All entries for Wednesday 14 December 2005
December 14, 2005
Creating a Java KeyStore (JKS) with an existing key
We are using a lot more SSL than we used to in e-lab because of the new super powerful and secure Single Sign On system. This means we need to programatically access SSL keys and certificates with Java. If you just want to create a new key and use it in Java, you just create a Java KeyStore with the keytool program. However, if you want to use the key and certificate that you already had, things are a little trickier.
I came up with this little unix shell script which should make life easier:
host=$1
storepass=$2
echo Creating keystore for ${host}
certFile=${host}.crt
keyFile=${host}.key
echo "Creating pkcs12 file from $certFile and $keyFile"
openssl pkcs12 -export -in $certFile -inkey $keyFile -out ${host}.pkcs12
-name ${host} -passout pass:$storepass
java -classpath . KeystoreKeyImporter ${host}.pkcs12 $storepass ${host}.keystore $storepass
Basically you run:importscript.sh myhostname.com mypass
It will look for an existing myhostname.com.key and myhostname.com.crt and turn them into myhostname.com.pkcs12 which is then imported into myhostname.com.keystore with the KeystoreKeyImporter java program.
public class KeystoreKeyImporter {
public static void main(String[] args) throws Exception {
if (args.length < 4) {
System.out.println("Usage: KeystoreKeyImporter <inputpkcs12.file> <inputpkcs12.pass>
<outputkeystore.file> <outputkeystore.pass>");
return;
}
String pkcs12Location = args[0];
String pkcs12Password = args[1];
String keystoreLocation = args[2];
String keystorePassword = args[3];
// openssl pkcs12 -export -in test.crt -inkey test.key.nopass
// -out test.pkcs12 -name test
KeyStore kspkcs12 = KeyStore.getInstance("PKCS12");
String alias = null;
FileInputStream fis = new FileInputStream(pkcs12Location);
kspkcs12.load(fis, pkcs12Password.toCharArray());
if (kspkcs12.aliases().hasMoreElements()) {
System.out.println("Has keys!");
Enumeration aliases = kspkcs12.aliases();
while (aliases.hasMoreElements()) {
alias = (String) aliases.nextElement();
System.out.println("Alias:" + alias);
Key key = kspkcs12.getKey(alias,pkcs12Password.toCharArray());
if (key == null) {
System.out.println("No key found for alias: " + alias);
System.exit(0);
}
System.out.println("Key:" + key.getFormat());
Certificate cert = kspkcs12.getCertificate(alias);
if (cert == null) {
System.out.println("No certificate found for alias: " + alias);
System.exit(0);
}
System.out.println("Cert:" + cert.getType());
}
} else {
System.out.println("No keys!");
}
KeyStore ksjks = KeyStore.getInstance("JKS");
ksjks.load(null,keystorePassword.toCharArray());
Certificate c[] = kspkcs12.getCertificateChain(alias);
Key key = kspkcs12.getKey(alias, pkcs12Password.toCharArray());
ksjks.setKeyEntry(alias, key, keystorePassword.toCharArray(), c);
ksjks.store(new FileOutputStream(keystoreLocation), keystorePassword.toCharArray());
System.out.println("Created " + keystoreLocation);
}
}
You now have a nice JKS with your key and certificate in it.
Monkeehub
Writing about web page http://www.monkeehub.com/
Having just watched for the first time the brilliant JCB Song video, I went in search of it's creators.
Monkeehub is a one man band animator/artist who has created the JCB Song video, but I think even more impressive is the Radiohead Creep video he has made…absolutely bloody marvelous!
What makes this even more fun is the fact that the maniac made this stuff with Flash…wonderful.