Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/lenchv/jks-js

Extracts PEM certificates from Java Keystore in order to securely connect to Java based servers using node js
https://github.com/lenchv/jks-js

java javascript jks js keystore nodejs pem ssl tls truststore

Last synced: 5 months ago
JSON representation

Extracts PEM certificates from Java Keystore in order to securely connect to Java based servers using node js

Awesome Lists containing this project

README 

          
# JKS-JS



[![npm](https://img.shields.io/npm/v/jks-js?color=blue&style=flat-square)](https://www.npmjs.com/package/jks-js)

[![test](https://github.com/lenchv/jks-js/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/lenchv/jks-js/actions/workflows/main.yml)

[![codecov](https://codecov.io/gh/lenchv/jks-js/branch/master/graph/badge.svg)](https://codecov.io/gh/lenchv/jks-js)



## Description



**jks-js** is a converter of [Java Keystore](https://en.wikipedia.org/wiki/Java_KeyStore) to PEM certificates in order to securely connect to Java based servers using node js.



## Installation



```javascript

npm install jks-js

```



## Usage



```javascript

...

const jks = require('jks-js');



const keystore = jks.toPem(

	fs.readFileSync('keystore.jks'),

	'password'

);



const { cert, key } = keystore['alias'];



```



after extraction you may use cert and key in your connection settings:



```javascript

tls.connect('', '', {

	key: key,

	cert: cert,

});

```



[more details](https://nodejs.org/api/tls.html#tls_tls_connect_options_callback)



## API



```javascript

const {

	/**

	 * Extracts certificates from java keystore or truststore

	 * and decrypts private key 

	 * 

	 * @param keystore content of java keystore or truststore file

	 * @param keystorePassword password for verification and decryption

	 * @param pemPassword (optional) password that is used for decryption, in case it is different from keystorePassword. If not specified, keystorePassword is used

	 * @return {

	 *     : {

	 *         cert: string // compound certificates chain

	 *         key: string // decrypted private key 

	 *     } | {

	 *         ca: string // trusted certificate

	 *     }

	 * }

	 */

	toPem,



	/**

	 * The raw function to extract certificates

	 * @param keystore

	 * @param password

	 * @return { : KeyEntry | TrustedKeyEntry }

	 */

	parseJks,



	/**

	 * Decrypts private key from DER to PEM

	 *

	 * @param protectedPrivateKey DER encoded private key

	 * @param password password for PKCS8 decryption

	 * @return decoded private key 

	 */

	decrypt,



	/**

	 * The function that parses keystore/truststore in PKCS12 format

	 * 

	 * @param {Buffer} keystore

	 * @param {String} password

	 */

	parsePkcs12,

} = require('jks-js');

```



## How it works



The implementaion is based on [JavaKeystore.java](https://github.com/frohoff/jdk8u-jdk/blob/da0da73ab82ed714dc5be94acd2f0d00fbdfe2e9/src/share/classes/sun/security/provider/JavaKeyStore.java#L605) logic, which is internally used for creation of java keystore, including `keytool`.



It is supposed the keystore contains `X.509` certificates.



But you may use the library to extract any of certificates.



The decryption constrained by alghorithms that implemented in the [crypto](https://nodejs.org/api/crypto.html#crypto_keyobject_asymmetrickeytype) module of Node.js.



## Issues



If you find any troubles feel free to create an issue.



## License



[MIT License](LICENSE)



Copyright (c) 2020 Volodymyr Liench