PKCS12转JKS和PKCS12转BKS

(一)目录结构

(二)PKCS12转JKS

package com.sslserver;


import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;


public class ConvertPKCS12ToJKS {
   //certificate store format
   public static final String PKCS12 = "PKCS12";
   public static final String JKS = "KEYSTORE";
 
   // PKCS12 keystore propert
   public static final String INPUT_KEYSTORE_FILE     = "src/com/data/client.p12"; //"cert/dev_coo1.p12";
   public static final String KEYSTORE_PASSWORD = "12345678"; //vc端的密码
   // JKS output file
   public static final String OUTPUT_KEYSTORE_FILE    = "src/com/data/client.keystore";
 
   public static void main(String[] args)
   {
       try
       {
           KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
           FileInputStream fis = new FileInputStream(INPUT_KEYSTORE_FILE);
 
           // If the keystore password is empty(""), then we have to set
           // to null, otherwise it won't work!!!
           char[] nPassword = null;
           if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals(""))
           {
               nPassword = null;
           }
           else
           {
               nPassword = KEYSTORE_PASSWORD.toCharArray();
           }
           inputKeyStore.load(fis, nPassword);
           fis.close();
 
           System.out.println("keystore type=" + inputKeyStore.getType());
 
           //----------------------------------------------------------------------
           // get a JKS keystore and initialize it.
           KeyStore outputKeyStore = KeyStore.getInstance("JKS");
           outputKeyStore.load(null, "changeit".toCharArray());
           // Now we loop all the aliases, we need the alias to get keys.
           // It seems that this value is the "Friendly name" field in the
           // detals tab <-- Certificate window <-- view <-- Certificate
           // Button <-- Content tab <-- Internet Options <-- Tools menu
           // In MS IE 6.
           Enumeration<String> enumer = inputKeyStore.aliases();
           while (enumer.hasMoreElements()) // we are readin just one certificate.
           {
               String keyAlias = (String)enumer.nextElement();
               System.out.println("alias=[" + keyAlias + "]");
               if (inputKeyStore.isKeyEntry(keyAlias))
               {
                   Key key = inputKeyStore.getKey(keyAlias, nPassword);
                   Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
                   outputKeyStore.setKeyEntry("dev", key, "changeit".toCharArray(), certChain);
               }
           }
           FileOutputStream out = new FileOutputStream(OUTPUT_KEYSTORE_FILE);
           outputKeyStore.store(out, nPassword);
           out.close();
       }
       catch (Exception e)
       {
           e.printStackTrace();
       } 
   }
}

(三)PKCS12转BKS

package com.sslserver;


import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.Security;
import java.util.Enumeration;


public class covertPFXToBKS {
public static final String PKCS12 = "PKCS12";
    public static final String BKS = "BKS";
 
    // PKCS12 keystore propert
    public static final String INPUT_KEYSTORE_FILE     = "src/com/data/client.p12"; //"cert/dev_coo1.p12";
    public static final String pfxPasswd = "12345678"; //vc端的密码
    // JKS output file
    public static final String OUTPUT_KEYSTORE_FILE    = "src/com/data/client.bks";
    public static final String jksPasswd = "12345678"; //vc端的密码
public static void main(String[] args) throws Throwable {
 FileInputStream fis = null;
 try
 {
  KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
  fis = new FileInputStream(INPUT_KEYSTORE_FILE);
  char[] srcPwd = jksPasswd == null ? null : jksPasswd.toCharArray();
  char[] destPwd = pfxPasswd == null ? null : pfxPasswd.toCharArray();
  inputKeyStore.load(fis, srcPwd);


  KeyStore outputKeyStore = KeyStore.getInstance("BKS",
  new org.bouncycastle.jce.provider.BouncyCastleProvider());
  Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
  Enumeration<String> enums = inputKeyStore.aliases();
  while (enums.hasMoreElements())
  {
   String keyAlias = (String) enums.nextElement();
   System.out.println("alias=[" + keyAlias + "]");
   outputKeyStore.load(null, destPwd);
   if (inputKeyStore.isKeyEntry(keyAlias))
   {
    Key key = inputKeyStore.getKey(keyAlias, srcPwd);
    java.security.cert.Certificate[] certChain = inputKeyStore
      .getCertificateChain(keyAlias);
    outputKeyStore.setKeyEntry(keyAlias, key, destPwd,
      certChain);
   }
   //String fName = OUTPUT_KEYSTORE_FILE + "_" + keyAlias + ".bks";
   String fName = OUTPUT_KEYSTORE_FILE;
   FileOutputStream out = new FileOutputStream(fName);
   outputKeyStore.store(out, destPwd);
   out.close();
   outputKeyStore.deleteEntry(keyAlias);
  }
 } finally
 {
  try
  {
   if (fis != null)
   {
    fis.close();
   }
  } catch (Exception e)
  {
   e.printStackTrace();
  }
 }
}
}