Java Key Pair Create generateKeyStoreFromPEM(File certFile, File keyFile)

Here you can find the source of generateKeyStoreFromPEM(File certFile, File keyFile)

  1. HOME
  2. Java
  3. K
  4. Key Pair Create
  5. generateKeyStoreFromPEM(File certFile, File keyFile)

Description

Creates a KeyManagerFactory from PEM files (something java should just do...).

License

Open Source License

Parameter

Parameter Description
certFile the PEM encoded certificate file to use.
keyFile the PEM encoded key to use.

Exception

Parameter Description
KeyStoreException Thrown if there is any kind of error opening or parsing the PEM files.

Return

a using the provided cert and file.

Declaration 

public static KeyManagerFactory generateKeyStoreFromPEM(File certFile, File keyFile) throws KeyStoreException

Method Source Code


//package com.java2s;
//License from project: Open Source License 

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.security.KeyFactory;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.UUID;
import javax.net.ssl.KeyManagerFactory;

public class Main {
    public static final int MAX_PEM_FILE_SIZE = 1024 * 1024;
    public static final String PEM_CERT_START = "-----BEGIN CERTIFICATE-----";
    public static final String PEM_CERT_END = "-----END CERTIFICATE-----";
    public static final String PEM_KEY_START = "-----BEGIN PRIVATE KEY-----";
    public static final String PEM_KEY_END = "-----END PRIVATE KEY-----";

    /**/*  w w w. jav  a  2  s  . co  m*/
     * Creates a {@link KeyManagerFactory} from PEM files (something java should just do...).  There 
     * are some minor restrictions.  The key must be in PKCS8 (not PKCS1).
     * 
     * @param certFile the PEM encoded certificate file to use. 
     * @param keyFile the PEM encoded key to use.
     * @return a {@link KeyManagerFactory} using the provided cert and file.
     * @throws KeyStoreException Thrown if there is any kind of error opening or parsing the PEM files.
     */
    public static KeyManagerFactory generateKeyStoreFromPEM(File certFile, File keyFile) throws KeyStoreException {
        char[] password = UUID.randomUUID().toString().toCharArray();
        try {
            List<X509Certificate> certs = getPEMFileCerts(certFile);
            RSAPrivateKey key = getPEMFileKey(keyFile);

            KeyStore keystore = KeyStore.getInstance("JKS");
            keystore.load(null);
            for (int i = 0; i < certs.size(); i++) {
                keystore.setCertificateEntry("cert-" + i, certs.get(i));
            }

            keystore.setKeyEntry("mykey", key, password, certs.toArray(new X509Certificate[certs.size()]));
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(keystore, password);
            return kmf;
        } catch (Exception e) {
            throw new KeyStoreException(e);
        }
    }

    public static List<X509Certificate> getPEMFileCerts(File certFile) throws CertificateException, IOException {
        String certString = fileToString(certFile, MAX_PEM_FILE_SIZE);
        List<X509Certificate> certs = new ArrayList<X509Certificate>();
        int certPos = certString.indexOf(PEM_CERT_START);
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
        while (certPos > -1) {
            String data = certString
                    .substring(certPos + PEM_CERT_START.length(), certString.indexOf(PEM_CERT_END, certPos))
                    .replace("\n", "").replace("\r", "");
            X509Certificate x5c = (X509Certificate) factory
                    .generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(data)));
            certs.add(x5c);
            certPos = certString.indexOf(PEM_CERT_START, certPos + PEM_CERT_START.length());
        }
        return certs;
    }

    public static RSAPrivateKey getPEMFileKey(File keyFile)
            throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        String keyString = fileToString(keyFile, MAX_PEM_FILE_SIZE);
        int keyPos = keyString.indexOf(PEM_KEY_START) + PEM_KEY_START.length();
        int keyEnd = keyString.indexOf(PEM_KEY_END);
        if (keyPos == -1 || keyEnd == -1) {
            throw new InvalidKeySpecException("could not find key!");
        }

        PKCS8EncodedKeySpec keyspec = new PKCS8EncodedKeySpec(Base64.getDecoder()
                .decode(keyString.substring(keyPos, keyEnd).trim().replace("\n", "").replace("\r", "")));
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(keyspec);
    }

    public static String fileToString(File file, int max) throws IOException {
        if (!file.exists() && file.canRead()) {
            throw new IllegalStateException("File " + file.getName() + " either does not exist or can not be read");
        }
        RandomAccessFile raf = new RandomAccessFile(file, "r");
        if (raf.length() > max) {
            raf.close();
            throw new IllegalStateException("File " + file.getName() + " is to large (>" + max);
        }
        byte[] ba = new byte[(int) raf.length()];
        raf.read(ba);
        raf.close();
        return new String(ba);
    }
}

Related

  1. generateKeyPair(String algorithm, int keysize)
  2. generateKeyPair(String algorithm, int size)
  3. generateKeyPair(String keyAlgorithm, int keySize)
  4. generateKeyPair(String type, int size)
  5. generateKeys(int size)
  6. generateKeyZ(ECPrivateKey privateKey, ECPublicKey publicKey)