Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Programmatically Import CA trust cert into existing keystore file without using keytool

Tags:

java

keytool

I would like to create a JAVA program that import the .cer CA into the existing keystore file. So that end-user can insert the CA cert more convenience(without using CMD and key in the command).

Is that anywhere that JAVA code can do this?

i try some way, but still fail in getting the cert into java

CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream certstream = fullStream (certfile); Certificate certs = cf.generateCertificates(certstream); 

the error is incompatible types, is there any other suggestion?

Thanks Lot

like image 328
user2767117 Avatar asked Sep 19 '13 07:09

user2767117


People also ask

Can we import a CSR in a keystore?

You can't import a CSR into a keystore as far as I know, and the operation makes no sense even if you could. What really happened is that you received a PFX file, which is already a keystore, and already contains keypair, signed certificate, and CA chain.


2 Answers

The following code inserts the CA cert file yourcert.cer into your keystore without using keytool:

import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.Key; import java.security.KeyStore; import java.security.cert.Certificate; import java.io.IOException; import java.io.InputStream; import java.io.DataInputStream; import java.io.ByteArrayInputStream; import java.security.spec.*; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.Collection;  public class ImportCA {      public static void main(String[] argv) throws Exception {         String certfile = "yourcert.cer"; /*your cert path*/         FileInputStream is = new FileInputStream("yourKeyStore.keystore");          KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());         keystore.load(is, "yourKeyStorePass".toCharArray());          String alias = "youralias";         char[] password = "yourKeyStorePass".toCharArray();          //////          CertificateFactory cf = CertificateFactory.getInstance("X.509");         InputStream certstream = fullStream (certfile);         Certificate certs =  cf.generateCertificate(certstream);          ///         File keystoreFile = new File("yourKeyStorePass.keystore");         // Load the keystore contents         FileInputStream in = new FileInputStream(keystoreFile);         keystore.load(in, password);         in.close();          // Add the certificate         keystore.setCertificateEntry(alias, certs);          // Save the new keystore contents         FileOutputStream out = new FileOutputStream(keystoreFile);         keystore.store(out, password);         out.close();     }      private static InputStream fullStream ( String fname ) throws IOException {         FileInputStream fis = new FileInputStream(fname);         DataInputStream dis = new DataInputStream(fis);         byte[] bytes = new byte[dis.available()];         dis.readFully(bytes);         ByteArrayInputStream bais = new ByteArrayInputStream(bytes);         return bais;     } } 
like image 87
user2767117 Avatar answered Sep 19 '22 20:09

user2767117


Download certs from links and store into specific path.. then load that file into trustStore during runtime using below code.. i hope this exaple will help you..

KeyStore keyStore = KeyStore.getInstance("JKS"); String fileName = "D:\\certs_path\\cacerts"; // cerrtification file path System.setProperty("javax.net.ssl.trustStore", fileName); 
like image 42
Karthikeyan Sukkoor Avatar answered Sep 21 '22 20:09

Karthikeyan Sukkoor