JKS和PKCS12密钥容器相互转换

package com.xgh.keystore.test;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

import junit.framework.TestCase;
/***
 * KeyStore工具
 * @author xgh
 *
 */
public class KeyStoreUtil extends TestCase{

	 /***
	  * 将PKCS12类型的KeyStore转换成JKS类型的KeyStore
	  */
	 public  void testConvertPFX2JKS() throws Exception{  
	    	//KeyStoreType类型
	        String keyStoreType_PKCS12="PKCS12";
	        String keyStoreType_JKS="JKS";
	        try {  

	            KeyStore pfxKeystore = KeyStore.getInstance("PKCS12");  

	            //FileInputStream pfxFile = new FileInputStream("src/xgh.pfx");  
	            FileInputStream pfxFile = new FileInputStream("src/jks2pfx.pfx");  
	            char[] keyStroePwd = "111111".toCharArray();//keyStore密码
	            //加载keystore
	            pfxKeystore.load(pfxFile, keyStroePwd);  

	            pfxFile.close();  

	            KeyStore jksKeystore = KeyStore.getInstance("JKS");  

	            jksKeystore.load(null, keyStroePwd);  

	            Enumeration enums = pfxKeystore.aliases();//获取Keystore中的所有别名

	            while (enums.hasMoreElements()) {

	                String keyAlias = (String) enums.nextElement();  

	                System.out.println("原 pfx文件  alias=[" + keyAlias + "]");  
                     
	                //如果给定别名标识的项是通过调用 setKeyEntry 或者调用使用 PrivateKeyEntry 或 SecretKeyEntry 作为参数的 setEntry 创建的，则返回 true。
	                if (pfxKeystore.isKeyEntry(keyAlias)) {
	                	//根据keyAlias从keystore中获取密钥对
	                    Key key = pfxKeystore.getKey(keyAlias, keyStroePwd);
	                    //根据keyAlias从keystore中获取证书链
	                    Certificate[] certChain = pfxKeystore.getCertificateChain(keyAlias);
	                    //将密钥对和证书链存入jks类型的Keystore中
	                    jksKeystore.setKeyEntry(keyAlias,key,keyStroePwd, certChain);  

	                }else if (pfxKeystore.isCertificateEntry(keyAlias)){//如果给定别名标识的项是通过调用 setCertificateEntry 或者调用使用 TrustedCertificateEntry 作为参数的 setEntry 来创建的，则返回 true。
	                    //只有单张公钥证书             
	                	Certificate cert = pfxKeystore.getCertificate(keyAlias); 
	                	
	                    if (cert instanceof X509Certificate){ 
	                    	X509Certificate[]  certificates = new X509Certificate[] {(X509Certificate) cert}; 
	                    } 
	                    jksKeystore.setCertificateEntry(keyAlias, cert);
	                	
	                }else { 
	                    throw new GeneralSecurityException(keyAlias + " is unknown to this keystore"); 
	                } 


	            }  

	            //FileOutputStream out = new FileOutputStream("src/xgh.jks");  
	            FileOutputStream out = new FileOutputStream("src/new.jks");
	            //将jksKeystore的内容存入jks文件
	            jksKeystore.store(out, keyStroePwd);  

	            out.close();  
	            System.out.println("finished!");

	        } catch (Exception e) {  

	            e.printStackTrace();  

	        }  

	    }  
	 
	 /***
	  * 将JKS类型的KeyStore转换成PKCS12类型的KeyStore
	  */
	 public  void testConvertJKS2PFX() throws Exception{  
	    	//KeyStoreType类型
	        String keyStoreType_PKCS12="PKCS12";
	        String keyStoreType_JKS="JKS";
	        try {  

	            KeyStore pfxKeystore = KeyStore.getInstance("JKS");  

	            FileInputStream pfxFile = new FileInputStream("src/xgh.jks");  

	            char[] keyStroePwd = "111111".toCharArray();//keyStore密码
	            //加载keystore
	            pfxKeystore.load(pfxFile, keyStroePwd);  

	            pfxFile.close();  

	            KeyStore jksKeystore = KeyStore.getInstance("PKCS12");  

	            jksKeystore.load(null, keyStroePwd);  

	            Enumeration enums = pfxKeystore.aliases();//获取Keystore中的所有别名

	            while (enums.hasMoreElements()) {

	                String keyAlias = (String) enums.nextElement();  

	                System.out.println("原 jks文件  alias=[" + keyAlias + "]");  
                     
	                //如果给定别名标识的项是通过调用 setKeyEntry 或者调用使用 PrivateKeyEntry 或 SecretKeyEntry 作为参数的 setEntry 创建的，则返回 true。
	                if (pfxKeystore.isKeyEntry(keyAlias)) {
	                	//根据keyAlias从keystore中获取密钥对
	                    Key key = pfxKeystore.getKey(keyAlias, keyStroePwd);
	                    //根据keyAlias从keystore中获取证书链
	                    Certificate[] certChain = pfxKeystore.getCertificateChain(keyAlias);
	                    //将密钥对和证书链存入jks类型的Keystore中
	                    jksKeystore.setKeyEntry(keyAlias,key,keyStroePwd, certChain);  

	                }else if (pfxKeystore.isCertificateEntry(keyAlias)){//如果给定别名标识的项是通过调用 setCertificateEntry 或者调用使用 TrustedCertificateEntry 作为参数的 setEntry 来创建的，则返回 true。
	                    //只有单张公钥证书             
	                	Certificate cert = pfxKeystore.getCertificate(keyAlias); 
	                	
	                    if (cert instanceof X509Certificate){ 
	                    	X509Certificate[]  certificates = new X509Certificate[] {(X509Certificate) cert}; 
	                    } 
	                    jksKeystore.setCertificateEntry(keyAlias, cert);
	                	
	                }else { 
	                    throw new GeneralSecurityException(keyAlias + " is unknown to this keystore"); 
	                } 


	            }  

	            FileOutputStream out = new FileOutputStream("src/jks2pfx.pfx");  
	            //将jksKeystore的内容存入jks文件
	            jksKeystore.store(out, keyStroePwd);  

	            out.close();  
	            System.out.println("finished!");

	        } catch (Exception e) {  

	            e.printStackTrace();  

	        }  

	    }  
}