CODEWITHSUNDEEP
javasslssl-certificatepkcs#12
Vinod Kumar
Vinod Kumar

Reputation: 49

How to create PKCS#12 format file with client public certificate and private key using java program

I have client public certificate and private key file in the form of .pem format files.

Can anyone of you help me how to create PKCS#12 format file with those files using java program.

Here i have added my code 

Path path = Paths.get(new File("User_privkey.pem").getAbsolutePath());
        Path certPath = Paths.get(new File("User.pem").getAbsolutePath());
        try {
            // Used to read User_privkey.pem file to get private key
            PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Files.readAllBytes(path));
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            PrivateKey privateKey = keyFactory.generatePrivate(spec);

            //  Used to read user certificate 
            CertificateFactory factory = CertificateFactory.getInstance("X.509");
            Certificate cert = factory.generateCertificate(Files.newInputStream(certPath, null));

            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            // add it to the keystore
            ks.setKeyEntry("MyPKCSEntry", privateKey, "Temp".toCharArray(), new Certificate[] { cert });

            File file = new File("CERTIFICATE_CUSTOMPATH");
            OutputStream out = new FileOutputStream(file);
            ks.store(out, "Temp".toCharArray());
            out.close();

        } catch (Exception e) {
            System.out.println("Exception got caught" + e.getMessage());
        }

Upvotes: 3

Views: 2325

Answers (2)

pedrofb
pedrofb

Reputation: 39241

Some fixes are needed on your code. Please try this fully functional code. It does not need additional dependencies. I assumed your key is PKCS#8 (starts with -----BEGIN PRIVATE KEY-----. If not, you will not convert it. 

 public static void selfSignedCertificateToP12(String privateKeyFile, String certificateFile,String p12File, String alias, char[] password) 
        throws Exception{
    byte privateKeyData[] = Files.readAllBytes(Paths.get(privateKeyFile));
    byte certificateData[] = Files.readAllBytes(Paths.get(certificateFile));

    //Remove PEM header, footer and \n
    String privateKeyPEM = new String (privateKeyData, StandardCharsets.UTF_8);
    privateKeyPEM = privateKeyPEM.replace(
            "-----BEGIN PRIVATE KEY-----\n", "")
                .replace("-----END PRIVATE KEY-----", "")
                .replaceAll("\n", "");
    byte privateKeyDER[] = Base64.getDecoder().decode(privateKeyPEM);

     // Used to read User_privkey.pem file to get private key
    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyDER);
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    PrivateKey privateKey = keyFactory.generatePrivate(spec);

    //  Used to read user certificate 
    CertificateFactory factory = CertificateFactory.getInstance("X.509");
    Certificate cert = factory.generateCertificate(new ByteArrayInputStream(certificateData));

    //Create keystore, add entry with the provided alias and save
    KeyStore ks = KeyStore.getInstance("PKCS12");
    ks.load(null);
    ks.setKeyEntry(alias, privateKey, password, new Certificate[] { cert });
    OutputStream out = new FileOutputStream(p12File);
    ks.store(out, password);
    out.close();
}

Upvotes: 0

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Reputation: 936

you can use this code, I also recommend this link

    public static byte[] pemToPKCS12(final String keyFile, final String cerFile, final String password) throws Exception {
// Get the private key
FileReader reader = new FileReader(keyFile);

PEMReader pem = new PEMReader(reader, new PasswordFinder() {
    @Override public char[] getPassword() {
        return password.toCharArray();
    }
});

PrivateKey key = ((KeyPair)pem.readObject()).getPrivate();

pem.close();
reader.close();

// Get the certificate      
reader = new FileReader(cerFile);
pem = new PEMReader(reader);

X509Certificate cert = (X509Certificate)pem.readObject();
java.security.cert.Certificate X509Certificate =
        new JcaX509CertificateConverter().setProvider("SC")
            .getCertificate(cert);
pem.close();
reader.close();

// Put them into a PKCS12 keystore and write it to a byte[]
ByteArrayOutputStream bos = new ByteArrayOutputStream();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null);
ks.setKeyEntry("alias", (Key)key, password.toCharArray(), new java.security.cert.Certificate[]{cert});
ks.store(bos, password.toCharArray());
bos.close();
return bos.toByteArray();}

Upvotes: 1

Related Questions