import java.io.*; import java.security.*; import java.util.*; public class KeystoreMove { public static void main(String args[]) throws Throwable { java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); if (args.length<6) { System.out.println( "\nKeystoreMove Usage: \njava KeystoreMove where\n" + " and are " + " \n"); System.out.println(" - Requires jsse for PKCS12 keystore support \n" + " - source storetype can be JKS or PKCS12\n" + " - destination storetype must be JKS type (PKCS12 write not supported)\n") ; System.exit(0); } FileInputStream in; // -------- Load source keystore to memory --------- in = new FileInputStream(args[1]); KeyStore ksin = KeyStore.getInstance(args[0]); char[] pwin = args[2].toCharArray(); if (pwin.length==0) { pwin = null; } ksin.load(in,pwin); in.close(); // -------- Load destination keystore initial contents to memory --------- in = new FileInputStream(args[4]); KeyStore ksout = KeyStore.getInstance(args[3]); char[] pwout = args[5].toCharArray(); if (pwout.length==0) { pwout = null; } ksout.load(in,pwout); in.close(); //--------- Main Loop to get keys/certs from source keystore ------------ BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in)); Enumeration en = ksin.aliases(); while (en.hasMoreElements()) { String alias = (String) en.nextElement(); if (ksout.containsAlias(alias)) { System.out.println(args[4] + " already contains " + alias + " Key will not be copied."); continue; } // ------- Ask user if alias of source key/cert should be renamed ----------- System.out.println("Source alias: " + alias + " Rename alias to: [ to keep original alias] .. ") ; String newuseralias = stdin.readLine().trim() ; if (newuseralias.equals("")){ newuseralias=alias; System.out.println("Original alias used") ; } else { System.out.println("New alias: " + newuseralias) ; } if (ksin.isCertificateEntry(alias)) { System.out.println("importing certificate " + alias); ksout.setCertificateEntry(newuseralias, ksin.getCertificate(alias)); } if (ksin.isKeyEntry(alias)) { System.out.println("importing key " + alias); ksout.setKeyEntry(newuseralias, ksin.getKey(alias,pwin), pwout,ksin.getCertificateChain(alias)); } } //--------- End main loop ---------------------- //--------- Overwrite the destination keystore with new keys/certs -------------- FileOutputStream out = new FileOutputStream(args[4]); ksout.store(out,pwout); out.close(); System.out.println("keystore copy successful\n") ; System.exit(0); } }