import java.io.*;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
      
       
public class ReplaceCertInKeystore {
    public static void main(String[] args) throws Exception {
	//args[] error checking logic omitted
	//file containing signed cert reply from CA
	String csrReplyFromCA = args[0];     
	//Path to GlassFish keystore.jks
	String keystoreLocation = args[1];   
	//Password for GlassFish keystore.jks
	String keystorePassword = args[2];   
	//The keyalias to be replaced
	String selfSignedKeyEntry = args[3]; 
             
	//create the signed Cert
	Certificate cert = null;
	FileInputStream fis = 
	    new FileInputStream(csrReplyFromCA);
	CertificateFactory cf = 
	    CertificateFactory.getInstance("X.509");
	cert = cf.generateCertificate(fis);
             
	//now replace the original entry
	char[] passwordChars = 
	    keystorePassword.toCharArray();
	KeyStore keystore = KeyStore.getInstance("JKS");
	keystore.load(new FileInputStream(keystoreLocation), 
		      passwordChars);
	Key key = keystore.getKey(selfSignedKeyEntry,
				  passwordChars);
	keystore.setKeyEntry(selfSignedKeyEntry, key, 
			     passwordChars, (new Certificate[]{cert}));
	keystore.store(new FileOutputStream(keystoreLocation), passwordChars);
    }
}