 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / April 2004Uber keystore can't be open after transfering from P12
Hi all, I got this weird problem when trying to transfer my keys from a p12 keystore to a uber keystore (BC provider). I wrote a small chunk of code to do this and test out. In the code, after transfering the keys and certificates over to an uber keystore, I can re-open it in another keystore object and list the contents just fine. This is done in the same piece of program. But then, I can't open the new keystore anywhere else, even using the same code that I mentioned above. Attached here is a p12 keystore created with the command: keytool -genkey -keystore test.p12 -storepass changeit \ -storetype pkcs12 -alias test01 -keypass test01 -keyalg rsa \ -provider org.bouncycastle.jce.provider.BouncyCastleProvider And the following is the code that does the key transfer: ================ public class ConvertP12ToUber { private static void print(String str) { System.out.println(str); } public static void printUsage() { print(""); print("Usage: "); print("java com.idsignet.internal.tools.ConvertP12ToUber p12file p12storepass uberfile uberstorepass"); print("where "); print(" p12file original PKCS12 keystore file"); print(" p12storepass original PKCS12 keystore password"); print(" uberfie destination UBER keystore file"); print(" userstorepass destination UBER keystore password"); print(""); print("Note:"); print(" All keys in the new UBER keystore will have the same passwords as"); print(" the keystore password."); print(""); } public static void main(String[] args) { if (args.length < 4) { printUsage(); System.exit(0); } String p12file = args[0]; String p12storepass = args[1]; String uberfile = args[2]; String uberstorepass = args[2]; KeyStore p12keystore = null; KeyStore uberkeystore = null; /* * Try to load the original PKCS12 keystore */ print("Loading PKCS12 file " + p12file); InputStream instream = null; try { instream = new FileInputStream(p12file); p12keystore = KeyStore.getInstance("PKCS12", "BC"); p12keystore.load(instream, p12storepass.toCharArray()); instream.close(); } catch (Exception e) { print("Unable to open file " + p12file); e.printStackTrace(); System.exit(1); } print("Creating UBER keystore ..."); try { uberkeystore = KeyStore.getInstance("UBER", "BC"); uberkeystore.load(null, uberstorepass.toCharArray()); } catch (Exception e) { print("Unable to create UBER keystore"); e.printStackTrace(); System.exit(1); } print("Start transfering keys and certificates ..."); Enumeration aliases = null; try { aliases = p12keystore.aliases(); while (aliases.hasMoreElements()) { String name = (String) aliases.nextElement(); if (p12keystore.isKeyEntry(name)) { print("Transfering key " + name); transferKeyEntry(p12keystore, uberkeystore, name, uberstorepass); } else { print("Transfering certificate " + name); transferCertEntry(p12keystore, uberkeystore, name); } } } catch (Exception e) { print("Error transferring keys/certificates from old keystore to new keystore"); e.printStackTrace(); System.exit(1); } print("Saving UBER keystore to file " + uberfile); try { FileOutputStream outstream = new FileOutputStream(uberfile); uberkeystore.store(outstream, uberstorepass.toCharArray()); outstream.flush(); outstream.close(); } catch (Exception e) { print("Error saving UBER keystore file " + uberfile); e.printStackTrace(); System.exit(1); } print("Try to list the keys/certificates in the UBER keystore ..."); try { aliases = uberkeystore.aliases(); while (aliases.hasMoreElements()) { String name = (String) aliases.nextElement(); if (uberkeystore.isKeyEntry(name)) { print("Found key : " + name); } else { print("Found certificate : " + name); } } } catch (Exception e) { print("Unable to list the contents of the UBER keystore..."); e.printStackTrace(); } print("Re-open the new file and list the contents:"); list(uberfile, uberstorepass); } private static void transferKeyEntry(KeyStore p12ks, KeyStore uberks, String alias, String pass) { try { RSAPrivateCrtKey key = (RSAPrivateCrtKey) p12ks.getKey(alias, pass.toCharArray()); print(" key type = " + key.getClass().getName()); Certificate[] chain = p12ks.getCertificateChain(alias); print(" chain = " + chain.length); uberks.setKeyEntry(alias, key, pass.toCharArray(), chain); } catch (Exception e) { print("Error transfering key '" + alias + "'"); e.printStackTrace(); } } private static void transferCertEntry(KeyStore p12ks, KeyStore uberks, String alias) { try { Certificate cert = p12ks.getCertificate(alias); uberks.setCertificateEntry(alias, cert); } catch (Exception e) { print("Error transfering certificate '" + alias + "'"); e.printStackTrace(); } } private static void list(String file, String pass) { try { print("============================================="); FileInputStream instream = new FileInputStream(file); KeyStore ks = KeyStore.getInstance("UBER", "BC"); ks.load(instream, pass.toCharArray()); Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String name = (String) aliases.nextElement(); if (ks.isKeyEntry(name)) { print("Found key : " + name); Key key = ks.getKey(name, pass.toCharArray()); Certificate[] chain = ks.getCertificateChain(name); } else { print("Found certificate : " + name); Certificate cert = ks.getCertificate(name); } } } catch(Exception e) { print("Error listing keystore file " + file); e.printStackTrace(); } } } ======================== Now, here's another piece of code that tries to open the uber keystore (not that it's exactly the same as the code in the list() method above). But this can't never open the file again. public class Test { public static void print(String s) { System.out.println(s); } public static void main(String[] args) { String file = "/home/csp/.idsignet/client01.uber"; String pass = "changeit"; try { KeyStore ks = KeyStore.getInstance("UBER" , "BC"); FileInputStream ins = new FileInputStream(file); ks.load(ins, pass.toCharArray()); Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String name = (String) aliases.nextElement(); if (ks.isKeyEntry(name)) { print("Found key : " + name); Key key = ks.getKey(name, pass.toCharArray()); Certificate[] chain = ks.getCertificateChain(name); } else { print("Found certificate : " + name); Certificate cert = ks.getCertificate(name); } } } catch(Exception e) { e.printStackTrace(); } } } =========================== When I tried to open the uber keystore, I get an EOFException. Tracing to the code, it's having problem doing readUTF() of the key alias. If I create a new uber with keytool or just write my code, then I can re-open it without any problem. Can someone tell me what's wrong with this code? TIA. >keytool -genkey -keystore test.p12 -storepass changeit \ > -storetype pkcs12 -alias test01 -keypass test01 -keyalg rsa \ > -provider org.bouncycastle.jce.provider.BouncyCastleProvider Is the problem to do with -storetype? You have pkcs12 here, but Java normally uses jks which is similar, but no cigar. I am just tossing this out. I did not look at your code. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.