ImportKey.java Source code

Java tutorial

Introduction

Here is the source code for ImportKey.java

Source

//package org.xmldap.util;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;

/**
 * ImportKey.java
 * 
 * <p>
 * This class imports a key and a certificate into a keystore (
 * <code>$home/keystore.ImportKey</code>). If the keystore is already present,
 * it is simply deleted. Both the key and the certificate file must be in
 * <code>DER</code>-format. The key must be encoded with <code>PKCS#8</code>
 * -format. The certificate must be encoded in <code>X.509</code>-format.
 * </p>
 * 
 * <p>
 * Key format:
 * </p>
 * <p>
 * <code>openssl pkcs8 -topk8 -nocrypt -in YOUR.KEY -out YOUR.KEY.der
 * -outform der</code>
 * </p>
 * <p>
 * Format of the certificate:
 * </p>
 * <p>
 * <code>openssl x509 -in YOUR.CERT -out YOUR.CERT.der -outform
 * der</code>
 * </p>
 * <p>
 * Import key and certificate:
 * </p>
 * <p>
 * <code>java comu.ImportKey YOUR.KEY.der YOUR.CERT.der</code>
 * </p>
 * <br />
 * 
 * <p>
 * <em>Caution:</em> the old <code>keystore.ImportKey</code>-file is deleted and
 * replaced with a keystore only containing <code>YOUR.KEY</code> and
 * <code>YOUR.CERT</code>. The keystore and the key has no password; they can be
 * set by the <code>keytool -keypasswd</code>-command for setting the key
 * password, and the <code>keytool -storepasswd</code>-command to set the
 * keystore password.
 * <p>
 * The key and the certificate is stored under the alias <code>importkey</code>;
 * to change this, use <code>keytool -keyclone</code>.
 * 
 * Created: Fri Apr 13 18:15:07 2001 Updated: Fri Apr 19 11:03:00 2002
 * 
 * @author Joachim Karrer, Jens Carlberg
 * @version 1.1
 **/
public class ImportKey {

    /**
     * <p>
     * Creates an InputStream from a file, and fills it with the complete file.
     * Thus, available() on the returned InputStream will return the full number
     * of bytes the file contains
     * </p>
     * 
     * @param fname
     *            The filename
     * @return The filled InputStream
     * @exception IOException
     *                , if the Streams couldn't be created.
     **/
    private static InputStream fullStream(String fname) throws IOException {
        FileInputStream fis = new FileInputStream(fname);
        DataInputStream dis = new DataInputStream(fis);
        byte[] bytes = new byte[dis.available()];
        dis.readFully(bytes);
        ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
        return bais;
    }

    /**
     * <p>
     * Takes two file names for a key and the certificate for the key, and
     * imports those into a keystore. Optionally it takes an alias for the key.
     * <p>
     * The first argument is the filename for the key. The key should be in
     * PKCS8-format.
     * <p>
     * The second argument is the filename for the certificate for the key.
     * <p>
     * If a third argument is given it is used as the alias. If missing, the key
     * is imported with the alias importkey
     * <p>
     * The name of the keystore file can be controlled by setting the keystore
     * property (java -Dkeystore=mykeystore). If no name is given, the file is
     * named <code>keystore.ImportKey</code> and placed in your home directory.
     * 
     * @param args
     *            [0] Name of the key file, [1] Name of the certificate file [2]
     *            Alias for the key.
     **/
    public static void main(String args[]) {

        // change this if you want another password by default
        String keypass = "password";

        // change this if you want another alias by default
        String defaultalias = "tomcat";

        // change this if you want another keystorefile by default
        String keystorename = null;

        // parsing command line input
        String keyfile = "";
        String certfile = "";
        if (args.length < 3 || args.length > 4) {
            System.out.println("Usage: java comu.ImportKey keystore keyfile certfile [alias]");
            System.exit(0);
        } else {
            keystorename = args[0];
            keyfile = args[1];
            certfile = args[2];
            if (args.length > 3)
                defaultalias = args[3];
        }

        try {
            // initializing and clearing keystore
            KeyStore ks = KeyStore.getInstance("JKS", "SUN");
            ks.load(null, keypass.toCharArray());
            System.out.println("Using keystore-file : " + keystorename);
            ks.store(new FileOutputStream(keystorename), keypass.toCharArray());
            ks.load(new FileInputStream(keystorename), keypass.toCharArray());

            // loading Key
            InputStream fl = fullStream(keyfile);
            byte[] key = new byte[fl.available()];
            KeyFactory kf = KeyFactory.getInstance("RSA");
            fl.read(key, 0, fl.available());
            fl.close();
            PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(key);
            PrivateKey ff = kf.generatePrivate(keysp);

            // loading CertificateChain
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream certstream = fullStream(certfile);

            Collection c = cf.generateCertificates(certstream);
            Certificate[] certs = new Certificate[c.toArray().length];

            if (c.size() == 1) {
                certstream = fullStream(certfile);
                System.out.println("One certificate, no chain.");
                Certificate cert = cf.generateCertificate(certstream);
                certs[0] = cert;
            } else {
                System.out.println("Certificate chain length: " + c.size());
                certs = (Certificate[]) c.toArray(new Certificate[c.size()]);
            }

            // storing keystore
            ks.setKeyEntry(defaultalias, ff, keypass.toCharArray(), certs);
            System.out.println("Key and certificate stored.");
            System.out.println("Alias:" + defaultalias + "  Password:" + keypass);
            ks.store(new FileOutputStream(keystorename), keypass.toCharArray());
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

}// KeyStore