File Doc Category Size Date Package
KeyTool.java API Doc Glassfish v2 API 11839 Fri May 04 22:35:22 BST 2007 com.sun.enterprise.security

KeyTool

java.lang.Object

public final class KeyTool extends Object

Wraps the J2SE's keytool after adding our provider. Provides the PKCS12 functionality - read a PKCS12 format keystore and replicate it into a "JKS" type keystore.

author: Harish Prabandham
author: Harpreet Singh

Fields Summary
private static Logger
_logger
private static final String
JSSE_PROVIDER
private File
inputFile
private File
outputFile
private char[]
jksKeyStorePass
private char[]
pkcsKeyStorePass
private char[]
jksKeyPass
private char[]
pkcsKeyPass
private String
provider
private KeyStore
pkcs12KeyStore
private KeyStore
jksKeyStore
private static String
PKCS12
private static String
INFILE
private static String
OUTFILE
private static String
PKCSKEYSTOREPASS
private static String
PKCSKEYPASS
private static String
JKSKEYSTOREPASS
private static String
JKSKEYPASS
private static LocalStringManagerImpl
localStrings
Constructors Summary
public KeyTool(String infile, String outfile, String pkcsKeyStorePass, String pkcsKeyPass, String jksKeyStorePass, String jksKeyPass, String provider)
The class is only instantiated for PKCS12 - all other keytool functionality is passed to the sun.security.tools.KeyTool
param
the file name of the PKCS12 file
param
the output file name of the JKS file
param
the provider - In this case SunJSSE
param
password to the PKCS12 keystore
param
password to the key in the PKCS12 keystore
param
password to the JKS keystore
param
password to the key in the JKS keystore currently it has to be the same as the JKS keystore password
exception
Problem in loading the keystores
inputFile = new File (infile); outputFile = new File (outfile); this.pkcsKeyStorePass = pkcsKeyStorePass.toCharArray (); this.pkcsKeyPass = pkcsKeyPass.toCharArray (); this.jksKeyStorePass = jksKeyStorePass.toCharArray (); this.jksKeyPass = jksKeyPass.toCharArray (); this.provider = provider; // if the output file exists delete it and create a new file try{ if (outputFile.exists ()){ throw new IOException ("Output file already exists!"); } // Get the keystores from the engines. pkcs12KeyStore = KeyStore.getInstance ("PKCS12", provider); jksKeyStore = KeyStore.getInstance ("JKS"); } catch (Exception e) { // catch possible security and io exceptions throw new IOException (e.getMessage ()); } readKeyStores ();
Methods Summary
public static java.lang.String getProviderName()
Gets the provider name for JSSE
try{ Provider p = (Provider) Class.forName(JSSE_PROVIDER).newInstance(); return p.getName (); } catch (Exception e) { _logger.log(Level.SEVERE,"java_security.getName_exception",e); } return null;
public static void help(boolean exit)
System.out.println (localStrings.getLocalString ("enterprise.security.keytool", "keytool")); System.out.println (localStrings.getLocalString ("enterprise.security.keytooloptions", "PKCS Options:")); System.out.println (" "+ PKCS12 + " "+ INFILE + " fileName" + " "+ PKCSKEYSTOREPASS + " password" + " "+PKCSKEYPASS +" password" + " "+OUTFILE+ " outputFileName"+ " "+JKSKEYSTOREPASS + " password"); /* uncomment when support for this present in JSSE System.Out.Println (" "+JKSKEYPASS+ " password"); */ if (exit) System.exit (-1);
public void info()
Prints the information in the PKCS12 keystore
_logger.log(Level.FINEST," Keystore Information"); _logger.log(Level.FINEST," Type = " + pkcs12KeyStore.getType ()); _logger.log(Level.FINEST," Provider = "+ pkcs12KeyStore.getProvider ()); _logger.log(Level.FINEST," KeyStore size = "+pkcs12KeyStore.size ()); Enumeration e = pkcs12KeyStore.aliases (); _logger.log(Level.FINEST," Kstore Aliases "); for (; e.hasMoreElements (); ){ String alias = (String)e.nextElement (); _logger.log(Level.FINEST," Alias = "+ alias); if (pkcs12KeyStore.isKeyEntry (alias)){ _logger.log(Level.FINEST,"Alias is a key entry "); Key key = pkcs12KeyStore.getKey (alias, pkcsKeyPass); _logger.log(Level.FINEST," Format = "+key.getFormat ()); } else if (pkcs12KeyStore.isCertificateEntry (alias)){ _logger.log(Level.FINEST," Alias is a certificate entry"); } } _logger.log(Level.FINEST," End of Information");
public static void initProvider()
Initializes the provider to be the JSSE provider
try { Provider p = (Provider) Class.forName(JSSE_PROVIDER).newInstance(); Security.addProvider(p); } catch(Exception e) { _logger.log(Level.SEVERE,"java_security.provider_exception",e); }
public static void main(java.lang.String[] args)
boolean pkcs = false; initProvider(); String provider = null; String inFile = null; String outFile = null; String jksKeyPass = null; String jksKeyStorePass = null; String pkcsKeyPass = null; String pkcsKeyStorePass = null; try{ if (args.length == 0){ help (false); sun.security.tools.KeyTool.main (args); } if (args[0].equalsIgnoreCase (PKCS12)){ pkcs = true; if (args.length != 11) help (true); if (!args[1].equalsIgnoreCase (INFILE)) help (true); inFile = args[2]; if (!args[3].equalsIgnoreCase (PKCSKEYSTOREPASS)) help (true); pkcsKeyStorePass = args[4]; if (!args[5].equalsIgnoreCase (PKCSKEYPASS)) help (true); pkcsKeyPass = args[6]; if (!args[7].equalsIgnoreCase (OUTFILE)) help (true); outFile = args[8]; if (!args[9].equalsIgnoreCase (JKSKEYSTOREPASS)) help (true); jksKeyStorePass = args[10]; jksKeyPass = jksKeyStorePass; /* // Uncomment the following when support // for different keystore and key pass present in JSSE if (!args[11].equalsIgnoreCase (JKSKEYPASS)) help (); jksKeyPass = args[12]; */ } if (!pkcs){ sun.security.tools.KeyTool.main(args); } else{ provider = getProviderName (); KeyTool kt = new KeyTool (inFile, outFile, pkcsKeyStorePass, pkcsKeyPass, jksKeyStorePass, jksKeyPass, provider); kt.replicatePkcs12ToJks (); kt.writeJksKeyStore (); } } catch (Exception e){ _logger.log(Level.SEVERE,"java_security.main_exception",e); }
public void readKeyStores()
Load both the keystore's into memory. The PKCS12 is loaded from the file and the JKS file is created.
FileInputStream pkcsFis = null; FileInputStream jksFis = null; try { pkcsFis = new FileInputStream(inputFile); jksFis = new FileInputStream (outputFile); } catch(Exception e) { } finally { try { pkcs12KeyStore.load(pkcsFis, pkcsKeyStorePass); // Dont need a password as creating a new // keystore. jksKeyStore.load (jksFis, null); } catch(Exception ce) { // Can't do much... too bad. _logger.log(Level.SEVERE, "java_security.KeyStore_load_exception",ce); } if(pkcsFis != null) pkcsFis.close(); if (jksFis != null) jksFis.close (); }
public void replicatePkcs12ToJks()
Copies the keys and certificates in the PKCS12 file to the in-memory JKS keystore
exception
If the keystore has not been instantiated or the password to the key is'nt proper
Enumeration e = pkcs12KeyStore.aliases (); for (; e.hasMoreElements (); ){ String alias = (String)e.nextElement (); if (pkcs12KeyStore.isKeyEntry (alias)){ /* Get the key and associated certificate chain * from PKCS12 keystore and put in JKS keystore */ Key key = pkcs12KeyStore.getKey (alias, pkcsKeyPass); Certificate[] certs = pkcs12KeyStore.getCertificateChain (alias); jksKeyStore.setKeyEntry (alias, key, jksKeyPass, certs); } else if (pkcs12KeyStore.isCertificateEntry (alias)){ jksKeyStore.setCertificateEntry (alias, pkcs12KeyStore.getCertificate (alias)); } }
public void writeJksKeyStore()
Write the JKS keystore that is populated with values from the PKCS12 keystore to the outputfile.
FileOutputStream fos = null; try { fos = new FileOutputStream(outputFile); } catch(Exception e) { // No problem we'll create one.... // e.printStackTrace(); } finally { try { jksKeyStore.store (fos, jksKeyStorePass); } catch(Exception ce) { // Can't do much... too bad. _logger.log(Level.SEVERE, "java_security.KeyStore_store_exception",ce); } if(fos != null) fos.close(); }