I am a Java novice, but experienced C programmer (K&R, not C++) I have been given the task of modifying an existing Java application to support a vendor-requirement. I am doing the base development on Windows XP Pro SP2 with
C:\bin>java -version
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03)
Java HotSpot(TM) Client VM (build 1.5.0_09-b03, mixed mode, sharing)
and NetBeans 5 as my IDE.
The application will be a daemon on a SCO OpenServer machine.
The extension makes use of code based on a sample provided by the vendor who requires a secure connection. They have provided a certificate in fhe form of a PKCS12 file.
I suspect that my problem is that I need to convert/load/import/translate? the .P12 file into a jssecacerts.jce file and point to it? Perhaps using keytool?
Code snippet follows, showing where I get my exception. It makes use of a configuration file with this (neutered) content:
cert=C\:/TestEnvironment/TestClientCert.p12
cpass=JABERWOCKEY
ctype=PKCS12
host=test.their_secure_site.com
port=3018
protocol=SSLv3
tpass=JABERWOCKEY
trust=jssecacerts.jce
ttype=jceks
------
kmf = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
String ctype = m_configs.getProperty("ctype");
kks = KeyStore.getInstance(ctype);
String cert = m_configs.getProperty("cert");
kks.load(new FileInputStream(cert), cphrase);
kmf.init(kks, cphrase);
tmf = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
String ttype = m_configs.getProperty("ttype");
tks = KeyStore.getInstance(ttype);
-- throws this error...
java.io.FileNotFoundException: jssecacerts.jce
(The system cannot find the file specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
from here I intend to continue with the following...
String trust = m_configs.getProperty("trust");
tks.load(new FileInputStream(trust), tphrase);
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
} catch (Exception e) {
and so on ...
I asked the vendor for guidance, and got this:
We don't support keystore management, but I can be of some assistance if you opt to use IBM's iKeyman utility.
iKeyman is easy to use from both the GUI and the command-line. Be sure to set up your java environment {setting JAVA_HOME, etc} first:
To import keys from a PKCS12 file:
1. Enter ikeyman on a command line on Unix or start the Key
Management utility in the IBM HTTP Server folder on Windows NT.
2. Select Key Database File from the main menu, then select Open.
3. In the Open dialog box, enter your key database name or click on key.kdb if you are using the default. Click OK.
4. In the Password Prompt dialog box, enter your correct password and click OK.
5. Select Personal Certificates in the Key Database content frame, then click the Export/Import button on the label.
6. In the Export/Import Key window:
* Select Import Key
* Select the PKCS12
* Enter the file name or use the Browse option
* Select the correct location
7. Click OK.
8. In the Password Prompt dialog box, enter the correct password, then click OK.
Importing from the command-line {all one line} works like this,
gsk7cmd -cert -import -file <filename.p12> -pw <file password> -type
pkcs12 -target <db name> -target_pw <db password> -target_type cms
Sun's keytool should be similar, but we don't use it here.
I am reading into this that I'd have to change my environment to IBM's - I'd rather not at this stage.
I've looked at the keytool doc, but the number of permutations on the options is rather intimidating...