java
复制代码
/**
* 前置要求:
* 1. jdk1.8
* 2. 引入依赖:
* <dependency>
* <groupId>org.bouncycastle</groupId>
* <artifactId>bcprov-jdk15on</artifactId>
* <version>1.70</version>
* </dependency>
* 相关资源 :https://www.ssleye.com/ssltool/jks_pkcs12.html
*@author starSky
*@datetime 2026/1/28 18:31
*/
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Enumeration;
public class JksGenerator {
/**
* 将 JKS 转换为 PKCS#12(PFX)格式
* 适用于 Java 8
*/
static {
// 注册 Bouncy Castle 提供者
Security.addProvider(new BouncyCastleProvider());
}
/**
* 从 PEM 证书文件加载证书(推荐方式)
*/
public static Certificate loadCertificateFromPem(String certPem) throws Exception {
String certStr = certPem.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace("\n", "").replace("\r", "").trim();
byte[] certBytes = Base64.getDecoder().decode(certStr);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
return certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
}
/**
* 使用现有证书生成 JKS(推荐方案)
* @param privateKeyPem 私钥
* @param certPem 公钥
* @param alias 别名
* @param jksPath 输出路径
* @param keystorePassword keystore 密码
* @param keyPassword key 密码
*/
public static void generateJksWithCert(String privateKeyPem, String certPem, String alias, String jksPath, String keystorePassword, String keyPassword) throws Exception {
// 解析私钥
String privateKeyStr = privateKeyPem.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace("\n", "").replace("\r", "").trim();
byte[] privateKeyBytes = Base64.getDecoder().decode(privateKeyStr);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
// 加载证书
Certificate cert = loadCertificateFromPem(certPem);
// 创建 KeyStore
KeyStore keyStore = KeyStore.getInstance("JKS");
char[] ksPassword = keystorePassword.toCharArray();
keyStore.load(null, ksPassword);
// 设置密钥条目
char[] keyPass = keyPassword.toCharArray();
keyStore.setKeyEntry(alias, privateKey, keyPass, new Certificate[]{cert});
// 保存到文件
try (FileOutputStream fos = new FileOutputStream(jksPath)) {
keyStore.store(fos, ksPassword);
}
System.out.println("JKS 文件已生成: " + jksPath);
}
public static void convertJksToPfx(String jksPath, String pfxPath, String jksPassword, String pfxPassword) throws Exception {
// 1. 加载 JKS 文件
KeyStore jksKeyStore = KeyStore.getInstance("JKS");
char[] jksPass = jksPassword.toCharArray();
try (FileInputStream fis = new FileInputStream(jksPath)) {
jksKeyStore.load(fis, jksPass);
}
// 2. 创建 PKCS#12 KeyStore
KeyStore pfxKeyStore = KeyStore.getInstance("PKCS12", "BC");
char[] pfxPass = pfxPassword.toCharArray();
pfxKeyStore.load(null, pfxPass);
// 3. 复制所有条目
Enumeration<String> aliases = jksKeyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (jksKeyStore.isKeyEntry(alias)) {
PrivateKey key = (PrivateKey) jksKeyStore.getKey(alias, jksPass);
Certificate[] certChain = jksKeyStore.getCertificateChain(alias);
pfxKeyStore.setKeyEntry(alias, key, pfxPass, certChain);
} else if (jksKeyStore.isCertificateEntry(alias)) {
Certificate cert = jksKeyStore.getCertificate(alias);
pfxKeyStore.setCertificateEntry(alias, cert);
}
}
// 4. 保存 PFX 文件
try (FileOutputStream fos = new FileOutputStream(pfxPath)) {
pfxKeyStore.store(fos, pfxPass);
}
System.out.println("PFX 文件已生成: " + pfxPath);
}
public static void main(String[] args) throws Exception {
String privateKeyPem = "-----BEGIN PRIVATE KEY-----" + "私钥字符串" + "-----END PRIVATE KEY-----";
String certPem = "-----BEGIN CERTIFICATE-----" + "公钥字符串" + "-----END CERTIFICATE-----";
// 生成JKS
generateJksWithCert(privateKeyPem, certPem, "mykey", "keystore.jks", "changeit", "changeit");
// JKS转换为PFX
convertJksToPfx("C:\\Users\\sky\\Desktop\\keystore.jks", "C:\\Users\\sky\\Desktop\\k.pfx", "changeit", "260128");
}
}