/*
*Create PKCS#12 from PEM private key file and PKCS#7 certifica
*/
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.Iterator;
import java.util.Scanner;
import java.io.File;
import javax.xml.bind.DatatypeConverter;
import java.util.Collection;
import java.security.cert.CertificateFactory;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.KeyStore;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class createPKCS12
{
//Just for test purpose, I used fixed values here.
public static final String PRIVAKE_KEY_FILE = "privateKey.key";
public static final String PKCS7_CERTIFICATE_FILE = "RA-Certificate_20130809.p7b";
public static final String PKCS12_CERTIFICATE_FILE = "myTestPKCS12.cer";
private static Provider provider = new BouncyCastleProvider();
static {
Security.addProvider(provider); //Initializes bouncy castle
}
public static void main(String[] args){
try
{
//Read private key from pem file.
String privKeyPEM = new String();
privKeyPEM = new Scanner(new File(PRIVAKE_KEY_FILE)).useDelimiter("\n").next();
//Base64 decode the data
byte[] encoded = DatatypeConverter.parseBase64Binary(privKeyPEM);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privKey = kf.generatePrivate(keySpec);
//Read PKCS#7 certificate from PEM file
FileInputStream pkcsFile = new FileInputStream("PKCS7_CERTIFICATE_FILE");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> c = cf.generateCertificates(pkcsFile);
Iterator<? extends Certificate> i = c.iterator();
//To be stored in PKCS#12 keystore
Certificate[] chain = new Certificate[2];
while (i.hasNext()) {
Certificate cert = (Certificate)i.next();
if(cert instanceof X509Certificate){
if( ((X509Certificate)cert).getBasicConstraints() < 0)
{
//Check value of BasicConstraints to see if it is an End Entity cert or //CA certificate.
chain[0] = cert;
} else {
//For test purpose only, You may have more than one CA certificate in your //PKCS#7 file.
chain[1] = cert;
}
}
}
//PKCS#12 Key Store
KeyStore pkcs12KeyStore;
pkcs12KeyStore = KeyStore.getInstance("PKCS12","BC");
pkcs12KeyStore.load( null, null );
pkcs12KeyStore.setKeyEntry("userid", privKey, "password".toCharArray(), chain);
//Output to PEM file.
FileOutputStream fos;
File pkcs12File = new File(PKCS12_CERTIFICATE_FILE);
fos = new FileOutputStream( pkcs12File );
pkcs12KeyStore.store( fos, "password".toCharArray() );
fos.flush();
fos.close();
} catch (Exception e) {
System.out.println("Error : " + e.getMessage());
}
}
}