Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

windows security dialog for selecting a certificate in java

I need to select one certificate from Windows store from my java desktop program. Code :

KeyStore ks = KeyStore.getInstance("Windows-MY");
...

Does java have something 'ready to use' like this Win Dialog? Select cert

I have worked with C# and there is :

X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.SingleSelection);

Is there java equivalent for that or I have to create my own dialog from keystore certArray?

like image 312
Nikola Loncar Avatar asked Nov 11 '22 09:11

Nikola Loncar


1 Answers

This is an already very old question, however, I found it when googling for the exact same question (as I was looking for such a possibility, too). I haven't found one work example, like you I assume, so I took this answer as a very rare base and created an example project, that exactly do, what I need, and I hope that it also fits your use case. If not, it should at least give you a starting point from where you can work to get your use case working to.

I've uploaded the project into my github account, it should be straightforward (however, I commented some things, too) and hope, that it may help anyone, who will come to this question, like me :)

It basically uses the Java Native Access library to run functions of the Crypt32 API, which should be Windows only, and the CryptUI library. The CryptUI library is used to prompt the user with the certificate prompt you've uploaded as a screenshot in your question. The Crypt32 library is used to retrieve certificates and certificate stores (it defaults to the Windows-MY certificate store, but it can be easily changed). I also put some effort into filtering the list of certificates and put them into an intermediate in-memory/cached certificate store (as this was part of my use case), to filter for specific key usages and exteneded key usages.

My example project also converts the certificate selected by the user from a CERT_CONTEXT structure (which is a native C structure) to a java java.security.cert.X509Certificate object, which then can be used to be put into a keystore or whatever you want.

If there're suggestion on how this can be improved or if there're points I totally missed, I would love to get a comment/issue/feedback in any way :)

like image 141
Florian Avatar answered Nov 14 '22 23:11

Florian