 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / February 2006Have I hit something awkward ?
Hi there, First of all: I'm 'sorta' "cross posting" between this newsgroup and the Sun java webforum, I hope this won't disturb anyone. I'm just completely baffled with what I'm currently encountering and as such I couldn't refuse. The situation: I'm writing an application which converts a jks keystore to a keystore in pkcs12 format, this makes it easier to export keys. I got the part done which converts (exports) the keys, now I'm focussing on the certificates. Here's a snipplet of my code: try { // define the two keystore formats KeyStore ks = KeyStore.getInstance("jks"); KeyStore nks = KeyStore.getInstance("pkcs12"); // Load the jks keystore and open the pkcs12 store ks.load(new FileInputStream(sourcefile), password.toCharArray()); nks.load(null, "changeit".toCharArray()); // Convert all elements of the keystore for (Enumeration e = ks.aliases() ; e.hasMoreElements();) { ksentry = (String) e.nextElement(); // code for certificate conversion if (ks.isCertificateEntry(ksentry) == true) { Certificate ce = ks.getCertificate(ksentry); nks.setCertificateEntry(ksentry, ce); // here we get a problem }; }; // Store the new keystore FileOutputStream fos = new FileOutputStream(destfile); nks.store(fos, "changeit".toCharArray() ); fos.close(); } catch (java.security.KeyStoreException kse) { System.out.println(kse); showMessage("System doesn't support the keystore format(s).", 1); throw new Error(); } catch (java.io.FileNotFoundException fnfe) { System.out.println(fnfe); showMessage("Couldn't load the keystore (file not found)", 1); txt_source.requestFocus(); txt_source.selectAll(); throw new Error(); } catch (java.io.IOException ioe) { System.out.println(ioe); showMessage("Couldn't load the keystore (wrong password?)", 1); throw new Error(); } catch (Exception e) { System.out.println(e); throw new Error(); } This routine fails at the commented line and I'm fully at a loss. From what I can tell from the JDK documentation the KeyStore.setCertificateEntry method takes a java.lang.String and java.security.cert.Certificate as input. See http://java.sun.com/j2se/1.5.0/docs/api/java/security/KeyStore.html. Well, ksentry is a String, ce is a certificate ("import java.security.cert.Certificate). However the command produces an Exception error: "java.security.KeyStoreException: TrustedCertEntry not supported". Needless to say that I'm at a loss here, I can't grasp whats going wrong. The error is pretty clear, but doesn't make sense in contrast to the docs. While knowing better I tried utilizing the 'KeyStore.TrustedCertificateEntry' class but that naturally fails. Can anyone shed some light on this ?  SignatureGroetjes, Peter .\\ PGP/GPG key: http://www.catslair.org/pubkey.asc [ Cut: Story about how I'm trying to move objects from jks to pkcs12 ] > Here's a snipplet of my code: > > try { > // define the two keystore formats > KeyStore ks = KeyStore.getInstance("jks"); > KeyStore nks = KeyStore.getInstance("pkcs12"); The main problem with my routine was that pkcs12 does not allow you to store certificates which aren't "linked" (associated) with a private key, hence the exception error when I try to store a single certificate. So I solved this problem (altough I'm not satisfied yet) by using an array to store the certificate objects and then dumping them to a PrintStream. Its not perfect, but it works and for me that is enough for now (this is one of those projects which I intend to keep around to work on at a later time). Another reason I'm ending it here is that the keytool itself is also capable to exporting single certificates. Anyway, just to complete my question here's an option I'm currently using: String sourcefile = txt_source.getText(); String destfile = txt_dest.getText(); String password = askKeystorePass(); String ksentry; int certindex = 0; Certificate[] certbag = new Certificate[250]; try { // define the keystores KeyStore ks = KeyStore.getInstance("jks"); ks.load(new FileInputStream(sourcefile), password.toCharArray()); KeyStore nks = KeyStore.getInstance("pkcs12"); nks.load(null, "changeit".toCharArray()); // Convert all elements of the keystore for (Enumeration e = ks.aliases() ; e.hasMoreElements();) { ksentry = (String) e.nextElement(); // code for certificate conversion if (ks.isCertificateEntry(ksentry) == true) { certbag[certindex] = ks.getCertificate(ksentry); certindex++; }; // code for keyconversion if (ks.isKeyEntry(ksentry) == true) { KeyStore.PrivateKeyEntry pkEntry = \ (KeyStore.PrivateKeyEntry) ks.getEntry(ksentry, \ new KeyStore.PasswordProtection(password.toCharArray())); \ nks.setEntry(ksentry, pkEntry, \ new KeyStore.PasswordProtection("changeit".toCharArray())); }; }; // Write pkcs12 keystore to disk if it has any elements if (nks.size() > 0) { FileOutputStream fos = new FileOutputStream(destfile); nks.store(fos, "changeit".toCharArray()); fos.close(); } // Write any certificate elements to disk if (certindex > 0) { String certfile; if (destfile.contains(".")) { certfile = destfile.replaceAll("\\..*$", ".crt"); } else { certfile = destfile + ".crt"; } PrintStream cof = new PrintStream(certfile); for(int i = 0; i < certindex; i++) { cof.println(certbag[i]); } cof.close(); } } catch (Exception e) { System.out.println(e); throw new Error(); } Have fun. SignatureGroetjes, Peter .\\ PGP/GPG key: http://www.catslair.org/pubkey.asc Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.