RavuAlHemio · August 29, 2015 14:05
diff --git a/KeysToKeystore.java b/KeysToKeystore.java
 // Released into the public domain.
 // http://creativecommons.org/publicdomain/zero/1.0/

 // converts a PKCS#8 PEM private key (as generated by OpenSSL's "genpkey")
 // and a corresponding certificate chain (X.509 PEM) to a Java keystore.
 // why can't keytool do this natively?

 // warning: requires JRE 8 because it uses java.util.Base64

 import java.io.BufferedInputStream;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.RandomAccessFile;
 import java.nio.charset.Charset;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
 import java.util.Base64;

 public class KeysToKeystore
 {
 	public static void main(String[] args) throws Throwable
 	{
 		ArrayList<Certificate> certs = new ArrayList<Certificate>();

 		if (args.length < 4)
 		{
 			System.err.println("Usage: java KeysToKeystore KEYSTOREFILE KEYSTOREPASS KEYFILE CERTFILE...");
 			System.exit(1);
 		}
 		
 		String keyStoreFilename = args[0];
 		String keyStorePassword = args[1];
 		String keyFilename = args[2];
 		ArrayList<String> certFilenames = new ArrayList<String>();
 		for (int i = 3; i < args.length; ++i)
 		{
 			certFilenames.add(args[i]);
 		}
 		
 		// create a new keystore
 		KeyStore ks = KeyStore.getInstance("JKS");
 		ks.load(null);
 		
 		// read the key
 		RandomAccessFile keyFile = new RandomAccessFile(keyFilename, "r");
 		byte[] keyBytes = new byte[(int)keyFile.length()];
 		keyFile.readFully(keyBytes);
 		keyFile.close();
 		
 		String keyString = new String(keyBytes, Charset.forName("utf-8")).replace("-----BEGIN PRIVATE KEY-----\n", "").replace("-----END PRIVATE KEY-----\n", "").replace("\n", "");
 		byte[] rawKeyBytes = Base64.getDecoder().decode(keyString);
 		
 		// parse the key
 		PrivateKey key = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(rawKeyBytes));

 		// parse the certificates
 		for (String certFilename : certFilenames)
 		{
 			BufferedInputStream certStream = new BufferedInputStream(new FileInputStream(certFilename));
 			CertificateFactory cf = CertificateFactory.getInstance("X.509");
 			while (certStream.available() > 0)
 			{
 				certs.add(cf.generateCertificate(certStream));
 			}
 		}
 		
 		// add the key and certs to the keystore
 		KeyStore.PrivateKeyEntry entry = new KeyStore.PrivateKeyEntry(key, certs.toArray(new Certificate[0]));
 		ks.setEntry("key", entry, new KeyStore.PasswordProtection(keyStorePassword.toCharArray()));
 		
 		// write out the keystore
 		FileOutputStream ksStream = new FileOutputStream(keyStoreFilename);
 		ks.store(ksStream, keyStorePassword.toCharArray());
 		ksStream.close();
 	}
 }
	// Released into the public domain.
	// http://creativecommons.org/publicdomain/zero/1.0/

	// converts a PKCS#8 PEM private key (as generated by OpenSSL's "genpkey")
	// and a corresponding certificate chain (X.509 PEM) to a Java keystore.
	// why can't keytool do this natively?

	// warning: requires JRE 8 because it uses java.util.Base64

	import java.io.BufferedInputStream;
	import java.io.FileInputStream;
	import java.io.FileOutputStream;
	import java.io.RandomAccessFile;
	import java.nio.charset.Charset;
	import java.security.cert.Certificate;
	import java.security.cert.CertificateFactory;
	import java.security.KeyFactory;
	import java.security.KeyStore;
	import java.security.PrivateKey;
	import java.security.spec.PKCS8EncodedKeySpec;
	import java.util.ArrayList;
	import java.util.Base64;

	public class KeysToKeystore
	{
	public static void main(String[] args) throws Throwable
	{
	ArrayList<Certificate> certs = new ArrayList<Certificate>();

	if (args.length < 4)
	{
	System.err.println("Usage: java KeysToKeystore KEYSTOREFILE KEYSTOREPASS KEYFILE CERTFILE...");
	System.exit(1);
	}

	String keyStoreFilename = args[0];
	String keyStorePassword = args[1];
	String keyFilename = args[2];
	ArrayList<String> certFilenames = new ArrayList<String>();
	for (int i = 3; i < args.length; ++i)
	{
	certFilenames.add(args[i]);
	}

	// create a new keystore
	KeyStore ks = KeyStore.getInstance("JKS");
	ks.load(null);

	// read the key
	RandomAccessFile keyFile = new RandomAccessFile(keyFilename, "r");
	byte[] keyBytes = new byte[(int)keyFile.length()];
	keyFile.readFully(keyBytes);
	keyFile.close();

	String keyString = new String(keyBytes, Charset.forName("utf-8")).replace("-----BEGIN PRIVATE KEY-----\n", "").replace("-----END PRIVATE KEY-----\n", "").replace("\n", "");
	byte[] rawKeyBytes = Base64.getDecoder().decode(keyString);

	// parse the key
	PrivateKey key = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(rawKeyBytes));

	// parse the certificates
	for (String certFilename : certFilenames)
	{
	BufferedInputStream certStream = new BufferedInputStream(new FileInputStream(certFilename));
	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	while (certStream.available() > 0)
	{
	certs.add(cf.generateCertificate(certStream));
	}
	}

	// add the key and certs to the keystore
	KeyStore.PrivateKeyEntry entry = new KeyStore.PrivateKeyEntry(key, certs.toArray(new Certificate[0]));
	ks.setEntry("key", entry, new KeyStore.PasswordProtection(keyStorePassword.toCharArray()));

	// write out the keystore
	FileOutputStream ksStream = new FileOutputStream(keyStoreFilename);
	ks.store(ksStream, keyStorePassword.toCharArray());
	ksStream.close();
	}
	}