I. Android SSL BKS certificate generation process
1. Generate the server JKS certificate:
Keytool-genkey-alias Peer-keystore Peer.jks
2. Export the CERT certificate:
Keytool-exportcert-alias peer-file Peer.cert-keystore Peer.jks
3. Build the Android client BKS certificate
Need to use Bcprov-ext-jdk15on-151.jar, official website: http://www.bouncycastle.org/latest_releases.html
Put the jar package into the%java_home%\jre\lib\security
Keytool-importcert-keystore peer.bks-file Peer.cert-storetype Bks-provider Org.bouncycastle.jce.provider.BouncyCastleProvider
Two. pfx and JKS certificate conversion
Tool class:
Import Java.io.FileInputStream;
Import Java.io.FileOutputStream;
Import Java.security.Key;
Import Java.security.KeyStore;
Import Java.security.cert.Certificate;
Import java.util.Enumeration;
public class Certificateconvertutil {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
/**
* PKCS12 Turn JKs
* @param input_keystore_file PKCS12 Certificate Path
* @param keystore_password PKCS12 certificate keystore password
* @param ouput_keystore_file JKS Certificate Path
*/
public static void Pkcs12tojks (String input_keystore_file,
String Keystore_password, String ouput_keystore_file) {
try {
KeyStore Inputkeystore = keystore.getinstance (PKCS12);
FileInputStream fis = new FileInputStream (input_keystore_file);
char[] Npassword = null;
if ((Keystore_password = = null)
|| Keystore_password.trim (). Equals ("")) {
Npassword = null;
} else {
Npassword = Keystore_password.tochararray ();
}
Inputkeystore.load (FIS, Npassword);
Fis.close ();
System.out.println ("KeyStore type=" + inputkeystore.gettype ());
KeyStore Outputkeystore = keystore.getinstance (JKS);
Outputkeystore.load (null, Npassword);
Enumeration enums = Inputkeystore.aliases ();
while (Enums.hasmoreelements ()) {
String Keyalias = (string) enums.nextelement ();
System.out.println ("alias=[" + Keyalias + "]");
if (Inputkeystore.iskeyentry (Keyalias)) {
Key key = Inputkeystore.getkey (Keyalias, Npassword);
certificate[] Certchain = Inputkeystore
. Getcertificatechain (Keyalias);
Outputkeystore.setkeyentry (Keyalias, Key, Npassword,
Certchain);
}
FileOutputStream out = new FileOutputStream (ouput_keystore_file);
Outputkeystore.store (out, Npassword);
Out.close ();
Outputkeystore.deleteentry (Keyalias);
System.out.println ("Convert is finished!");
}
} catch (Exception e) {
E.printstacktrace ();
}
}
/**
* JKs Turn PKCS12
* @param input_keystore_file JKS Certificate Path
* @param keystore_password JKS certificate keystore password
* @param ouput_keystore_file PKCS12 Certificate Path
*/
public static void JKSToPKCS12 (String input_keystore_file,
String Keystore_password, String ouput_keystore_file) {
try {
KeyStore Inputkeystore = keystore.getinstance (JKS);
FileInputStream fis = new FileInputStream (input_keystore_file);
char[] Npassword = null;
if ((Keystore_password = = null)
|| Keystore_password.trim (). Equals ("")) {
Npassword = null;
} else {
Npassword = Keystore_password.tochararray ();
}
Inputkeystore.load (FIS, Npassword);
Fis.close ();
System.out.println ("KeyStore type=" + inputkeystore.gettype ());
KeyStore Outputkeystore = keystore.getinstance (PKCS12);
Outputkeystore.load (null, Npassword);
Enumeration enums = Inputkeystore.aliases ();
while (Enums.hasmoreelements ()) {
String Keyalias = (string) enums.nextelement ();
System.out.println ("alias=[" + Keyalias + "]");
if (Inputkeystore.iskeyentry (Keyalias)) {
Key key = Inputkeystore.getkey (Keyalias, Npassword);
certificate[] Certchain = Inputkeystore
. Getcertificatechain (Keyalias);
Outputkeystore.setkeyentry (Keyalias, Key, Npassword,
Certchain);
}
FileOutputStream out = new FileOutputStream (ouput_keystore_file);
Outputkeystore.store (out, Npassword);
Out.close ();
Outputkeystore.deleteentry (Keyalias);
System.out.println ("Convert is finished!");
}
} catch (Exception e) {
E.printstacktrace ();
}
}
}
When you use the tool class to convert, the certificate alias is output to the console.
Test code:
Public Static void Main (string[] args) { Certificateconvertutil.pkcs12tojks ("d:/peer.pfx", "123456", "D:/peer.jks"); }
Android SSL BKS Certificate generation, and the conversion of PFX to JKS certificate