Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / February 2005

Tip: Looking for answers? Try searching our database.

Initializing a KeyStore

Thread view: 
Enable EMail AlertsStart New Thread
fritz-bayer@web.de - 11 Feb 2005 10:52 GMT
Hello,

I have two private/public key pairs and certificate for a client/server
program. It uses and relies on client side authentification via SSL.

All this information is stored in two java keystores. Unfortunately the
KeyStore class happens to be vendor depended an so are its keystore
files (.keystore).

Because of that I can't read in the keystores when I use another
vendor's JDK, for example, the one under freebsd. They are not
compatible!

However, I have found a workaround to solve the problem, but I need
some help.

I figured out that I could import the certifcates in the X509 vendor
independent format. I could probably also do this with the two private
keys (what format so?).

Then I could initalize the keystore. I have managed to read in the X509
certificates, but when I try to set them in the KeyStore I get the
following Exception:

java.security.KeyStoreException: Uninitialized keystore

I guess this happens, because I did not call the load(InputStream,
string) method to initialize the KeyStore.

But this is not an option, since I it won't work on a different vendors
JDK for the reasons explained above.

So my first question is how do I create an empty KeyStore object, which
I can initialize by hand? I want to set the certificate and the private
key myself.

The second question would be, how do I extract the private key from the
.keystore and save it in a vendor independet way, so that I can read it
in on another vendors Virtual Maschine into memory and use it to
initialize the KeyStore?

Here is the code snippet that raises the exception

KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance("SunX509");
KeyStore keyStore = KeyStore.getInstance("jceks");

// This line does not work with another vendor's JDK - at least not on
freebsd
//keyStore.load(getAsInputStreamFromJar(".clientkeystore"), password);

// Here the solution starts... We read in the first certificate - no
problems here.
CertificateFactory certificateFactory =
CertificateFactory.getInstance("X509");
   X509Certificate xCertificate = (X509Certificate)
certificateFactory.generateCertificate(getAsInputStreamFromJar("clientX509.cert"));

// This line raises the exception. But I can't do a "new KeyStore".
Where do I get a Keystore, which I can initalize?
keyStore.setCertificateEntry("sepclient", xCertificate);
Reply to this Message
Mr. Skeptic - 12 Feb 2005 00:19 GMT
I do not know why the ".clientkeystore" does not load. However, if you
want to test the rest of your code, you can get an empty BUT
initialized keystore by calling the load() method with null for the
InputStream argument.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.