Created
December 1, 2022 19:15
-
-
Save Maurice-Betzel/40ae823c72951e8b5e55ff801dc43f9b to your computer and use it in GitHub Desktop.
Programmatic keyfile creation and PEM file import
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Create a KeyStore from standard PEM file | |
* | |
* @param privateKeyPem the private key PEM file | |
* @param certificatePem the certificate(s) PEM file | |
* @param the password to set to protect the private key | |
*/ | |
public static KeyStore createKeyStore(File privateKeyPem, File certificatePem, final String password) | |
throws Exception, KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { | |
final X509Certificate[] cert = createCertificates(certificatePem); | |
final KeyStore keystore = KeyStore.getInstance("JKS"); | |
keystore.load(null); | |
// Import private key | |
final PrivateKey key = createPrivateKey(privateKeyPem); | |
keystore.setKeyEntry(privateKeyPem.getName(), key, password.toCharArray(), cert); | |
return keystore; | |
} | |
public static SSLServerSocketFactory createSSLFactory(File privateKeyPem, File certificatePem, String password) throws Exception { | |
final SSLContext context = SSLContext.getInstance("TLS"); | |
final KeyStore keystore = createKeyStore(privateKeyPem, certificatePem, password); | |
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); | |
kmf.init(keystore, password.toCharArray()); | |
final KeyManager[] km = kmf.getKeyManagers(); | |
context.init(km, null, null); | |
return context.getServerSocketFactory(); | |
} | |
private static PrivateKey createPrivateKey(File privateKeyPem) throws Exception { | |
final BufferedReader r = new BufferedReader(new FileReader(privateKeyPem)); | |
String s = r.readLine(); | |
if (s == null || !s.contains("BEGIN PRIVATE KEY")) { | |
r.close(); | |
throw new IllegalArgumentException("No PRIVATE KEY found"); | |
} | |
final StringBuffer b = new StringBuffer(); | |
s = ""; | |
while (s != null) { | |
if (s.contains("END PRIVATE KEY")) { | |
break; | |
} | |
b.append(s); | |
s = r.readLine(); | |
} | |
r.close(); | |
final String hexString = b.toString(); | |
final byte[] bytes = DatatypeConverter.parseBase64Binary(hexString); | |
return generatePrivateKeyFromDER(bytes); | |
} | |
private static X509Certificate[] createCertificates(File certificatePem) throws Exception { | |
final List<X509Certificate> result = new ArrayList<X509Certificate>(); | |
final BufferedReader r = new BufferedReader(new FileReader(certificatePem)); | |
String s = r.readLine(); | |
if (s == null || !s.contains("BEGIN CERTIFICATE")) { | |
r.close(); | |
throw new IllegalArgumentException("No CERTIFICATE found"); | |
} | |
StringBuffer b = new StringBuffer(); | |
while (s != null) { | |
if (s.contains("END CERTIFICATE")) { | |
String hexString = b.toString(); | |
final byte[] bytes = DatatypeConverter.parseBase64Binary(hexString); | |
X509Certificate cert = generateCertificateFromDER(bytes); | |
result.add(cert); | |
b = new StringBuffer(); | |
} else { | |
if (!s.startsWith("----")) { | |
b.append(s); | |
} | |
} | |
s = r.readLine(); | |
} | |
r.close(); | |
return result.toArray(new X509Certificate[result.size()]); | |
} | |
private static RSAPrivateKey generatePrivateKeyFromDER(byte[] keyBytes) throws InvalidKeySpecException, NoSuchAlgorithmException { | |
final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes); | |
final KeyFactory factory = KeyFactory.getInstance("RSA"); | |
return (RSAPrivateKey) factory.generatePrivate(spec); | |
} | |
private static X509Certificate generateCertificateFromDER(byte[] certBytes) throws CertificateException { | |
final CertificateFactory factory = CertificateFactory.getInstance("X.509"); | |
return (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(certBytes)); | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment