jks-js is a converter of Java Keystore to PEM certificates in order to securely connect to Java based servers using node js.
npm install jks-js
...
const jks = require('jks-js');
const keystore = jks.toPem(
fs.readFileSync('keystore.jks'),
'password'
);
const { cert, key } = keystore['alias'];
after extraction you may use cert and key in your connection settings:
tls.connect('<port>', '<host>', {
key: key,
cert: cert,
});
const {
/**
* Extracts certificates from java keystore or truststore
* and decrypts private key
*
* @param keystore content of java keystore or truststore file
* @param keystorePassword password for verification and decryption
* @param pemPassword (optional) password that is used for decryption, in case it is different from keystorePassword. If not specified, keystorePassword is used
* @return {
* <alias name>: {
* cert: string // compound certificates chain
* key: string // decrypted private key
* } | {
* ca: string // trusted certificate
* }
* }
*/
toPem,
/**
* The raw function to extract certificates
* @param keystore
* @param password
* @return { <alias name>: KeyEntry | TrustedKeyEntry }
*/
parseJks,
/**
* Decrypts private key from DER to PEM
*
* @param protectedPrivateKey DER encoded private key
* @param password password for PKCS8 decryption
* @return decoded private key
*/
decrypt,
/**
* The function that parses keystore/truststore in PKCS12 format
*
* @param {Buffer} keystore
* @param {String} password
*/
parsePkcs12,
} = require('jks-js');
The implementaion is based on JavaKeystore.java logic, which is internally used for creation of java keystore, including keytool
.
It is supposed the keystore contains X.509
certificates.
But you may use the library to extract any of certificates.
The decryption constrained by alghorithms that implemented in the crypto module of Node.js.
If you find any troubles feel free to create an issue.
Copyright (c) 2020 Volodymyr Liench