Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Initalizing KeyStore, without .keystore file

843811Feb 11 2005 — edited Feb 11 2005
Hello,

I have two private/public key pairs and certificate for a client/server program. It uses and relies on client side authentification via SSL.

All this information is stored in two java keystores. Unfortunately the KeyStore class happens to be vendor depended an so are its keystore files (.keystore).

Because of that I can't read in the keystores when I use another vendor's JDK, for example, the one under freebsd. They are not compatible!

However, I have found a workaround to solve the problem, but I need some help.

I figured out that I could import the certifcates in the X509 vendor independent format. I could probably also do this with the two private keys (what format so?).

Then I could initalize the keystore. I have managed to read in the X509 certificates, but when I try to set them in the KeyStore I get the following Exception:

java.security.KeyStoreException: Uninitialized keystore

I guess this happens, because I did not call the load(InputStream, string) method to initialize the KeyStore.

But this is not an option, since I it won't work on a different vendors JDK for the reasons explained above.

So my first question is how do I create an empty KeyStore object, which I can initialize by hand? I want to set the certificate and the private key myself.

The second question would be, how do I extract the private key from the .keystore and save it in a vendor independet way, so that I can read it in on another vendors Virtual Maschine into memory and use it to initialize the KeyStore?

Here is the code snippet that raises the exception

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
KeyStore keyStore = KeyStore.getInstance("jceks");

// This line does not work with another vendor's JDK - at least not on freebsd
//keyStore.load(getAsInputStreamFromJar(".clientkeystore"), password);

// Here the solution starts... We read in the first certificate - no problems here.
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
X509Certificate xCertificate = (X509Certificate) certificateFactory.generateCertificate(getAsInputStreamFromJar("clientX509.cert"));

// This line raises the exception. But I can't do a "new KeyStore". Where do I get a Keystore, which I can initalize?
keyStore.setCertificateEntry("sepclient", xCertificate);
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 11 2005
Added on Feb 11 2005
#other-security-apis-tools-and-issues
1 comment
2,863 views