Android SSL BKS Certificate generation, and the conversion of PFX to JKS certificate

Source: Internet
Author: User
Tags aliases pkcs12

I. Android SSL BKS certificate generation process

  1. Generate the server JKS certificate:

Keytool-genkey-alias Peer-keystore Peer.jks

  2. Export the CERT certificate:

Keytool-exportcert-alias peer-file Peer.cert-keystore Peer.jks

  3. Build the Android client BKS certificate

Need to use Bcprov-ext-jdk15on-151.jar, official website: http://www.bouncycastle.org/latest_releases.html

Put the jar package into the%java_home%\jre\lib\security

Keytool-importcert-keystore peer.bks-file Peer.cert-storetype Bks-provider Org.bouncycastle.jce.provider.BouncyCastleProvider

Two. pfx and JKS certificate conversion

  Tool class:

Import Java.io.FileInputStream;
Import Java.io.FileOutputStream;
Import Java.security.Key;
Import Java.security.KeyStore;
Import Java.security.cert.Certificate;
Import java.util.Enumeration;

public class Certificateconvertutil {

public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";

/**
* PKCS12 Turn JKs
* @param input_keystore_file PKCS12 Certificate Path
* @param keystore_password PKCS12 certificate keystore password
* @param ouput_keystore_file JKS Certificate Path
*/
public static void Pkcs12tojks (String input_keystore_file,
String Keystore_password, String ouput_keystore_file) {
try {
KeyStore Inputkeystore = keystore.getinstance (PKCS12);
FileInputStream fis = new FileInputStream (input_keystore_file);

char[] Npassword = null;
if ((Keystore_password = = null)
|| Keystore_password.trim (). Equals ("")) {
Npassword = null;
} else {
Npassword = Keystore_password.tochararray ();
}

Inputkeystore.load (FIS, Npassword);
Fis.close ();

System.out.println ("KeyStore type=" + inputkeystore.gettype ());

KeyStore Outputkeystore = keystore.getinstance (JKS);

Outputkeystore.load (null, Npassword);

Enumeration enums = Inputkeystore.aliases ();
while (Enums.hasmoreelements ()) {

String Keyalias = (string) enums.nextelement ();
System.out.println ("alias=[" + Keyalias + "]");

if (Inputkeystore.iskeyentry (Keyalias)) {
Key key = Inputkeystore.getkey (Keyalias, Npassword);
certificate[] Certchain = Inputkeystore
. Getcertificatechain (Keyalias);
Outputkeystore.setkeyentry (Keyalias, Key, Npassword,
Certchain);
}
FileOutputStream out = new FileOutputStream (ouput_keystore_file);
Outputkeystore.store (out, Npassword);
Out.close ();
Outputkeystore.deleteentry (Keyalias);

System.out.println ("Convert is finished!");
}
} catch (Exception e) {
E.printstacktrace ();
}
}

/**
* JKs Turn PKCS12
* @param input_keystore_file JKS Certificate Path
* @param keystore_password JKS certificate keystore password
* @param ouput_keystore_file PKCS12 Certificate Path
*/
public static void JKSToPKCS12 (String input_keystore_file,
String Keystore_password, String ouput_keystore_file) {
try {
KeyStore Inputkeystore = keystore.getinstance (JKS);
FileInputStream fis = new FileInputStream (input_keystore_file);

char[] Npassword = null;
if ((Keystore_password = = null)
|| Keystore_password.trim (). Equals ("")) {
Npassword = null;
} else {
Npassword = Keystore_password.tochararray ();
}

Inputkeystore.load (FIS, Npassword);
Fis.close ();

System.out.println ("KeyStore type=" + inputkeystore.gettype ());

KeyStore Outputkeystore = keystore.getinstance (PKCS12);

Outputkeystore.load (null, Npassword);

Enumeration enums = Inputkeystore.aliases ();
while (Enums.hasmoreelements ()) {

String Keyalias = (string) enums.nextelement ();
System.out.println ("alias=[" + Keyalias + "]");

if (Inputkeystore.iskeyentry (Keyalias)) {
Key key = Inputkeystore.getkey (Keyalias, Npassword);
certificate[] Certchain = Inputkeystore
. Getcertificatechain (Keyalias);
Outputkeystore.setkeyentry (Keyalias, Key, Npassword,
Certchain);
}
FileOutputStream out = new FileOutputStream (ouput_keystore_file);
Outputkeystore.store (out, Npassword);
Out.close ();
Outputkeystore.deleteentry (Keyalias);

System.out.println ("Convert is finished!");
}
} catch (Exception e) {
E.printstacktrace ();
}
}

}

  When you use the tool class to convert, the certificate alias is output to the console.

Test code:

 Public Static void Main (string[] args) {        Certificateconvertutil.pkcs12tojks ("d:/peer.pfx", "123456", "D:/peer.jks");    } 

Android SSL BKS Certificate generation, and the conversion of PFX to JKS certificate

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.