I'm having trouble loading a .p12 certificate to my Android project. Here is a chunk of source code:
char[] password = "<my pass>".toCharArray();
FileInputStream fIn = new FileInputStream("<name of cert>");
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(fIn, password);
On line 2 an error occurred opening cert file.
How can I properly add the cert file to my Android program?
...
In Android, I see people programmatically install keystore in the
following way (The code is from Android developer blog):
byte[] keystore = . . (read from a PKCS#12 keystore)
Intent installIntent = KeyChain.createInstallIntent();
installIntent.putExtra(KeyChain.EXTRA_PKCS12, keystore);
startActivityForResult(installIntent, INSTALL_KEYSTORE_CODE);
I also see people programmatically install only the certificate
wrapped inside keystore:
Intent intent = KeyChain.createInstallIntent();
intent.putExtra(KeyChain.EXTRA_CERTIFICATE, cert);
startActivity(intent);
...which leads --#Leem.fin
question
may find that the following link a better place to start:
https://developer.android.com/studio/publish/app-signing.html#signing-manually
Try this
File cert = new File("mnt/sdcard/" + filename + ".p12");
InputStream inputStreamFromDownload = null;
keyStore = KeyStore.getInstance("PKCS12");
inputStreamFromDownload = new BufferedInputStream(new FileInputStream(cert));
Log.i("Certificate", inputStreamFromDownload.available() + "");
Related
For C# I am getting directly code, but for java I'm not able to find such code or API. Please help me regarding this.
I tried with KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");,
but it returns server side installed certificate.
I want to read certificate from USB attached by client on his local machine.
As per the KeyStore JavaDocs:
Before a keystore can be accessed, it must be loaded.
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
// get user password and file input stream
char[] password = getPassword();
try (FileInputStream fis = new FileInputStream("keyStoreName")) {
ks.load(fis, password);
}
I am currently working on an application that will process certain fields of a X509 Certificate, and I cannot seem to figure out how to extract certain parts of the certificate for debugging purposes. So far I have only been able to figure out how to read a certificate from a file based on the Javadoc for java.security.cert.Certificate, using this code:
FileInputStream fis = new FileInputStream(filename);
BufferedInputStream bis = new BufferedInputStream(fis);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
while (bis.available() > 0) {
Certificate cert = cf.generateCertificate(bis);
System.out.println(cert.toString());
}
Assuming that no exceptions are thrown, and that cert is a valid certificate, how would I do this?
Sidenote I am using Bouncy Castle in this project
Cast it to an X509Certificate:
X509Certificate cert = (X509Certificate) cf.generateCertificate(bis);
System.out.println(cert.getSubjectDN());
I'm trying to load the system trust store in Java. The problem is that my code will be shipping in a library will be used by applications for Android, Windows, linux, and OSX, and the location of the cacerts file is different on each system.
Here is my code:
// Load the JDK's cacerts keystore file.
String filename = System.getProperty("javax.net.ssl.trustStore");
if (filename == null)
filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
FileInputStream is = new FileInputStream(filename);
// Load the root certificate authorities. Despite the name, KeyStore can also hold certificates.
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
// Yes this is really the password.
String password = "changeit";
keystore.load(is, password.toCharArray());
// Retrieves the most-trusted CAs from keystore.
PKIXParameters params = new PKIXParameters(keystore);
This works fine when testing on linux, but I don't think this will work on Android for example.
Is there an easy way to programatically find the location of the system trust store, or am I condemned to explicitly enumerate every possibility and hard-code the trust store path for each?
a call to :
KeyStore keystore = KeyStoreUtil.getCacertsKeyStore();
will return all the System CA trusted certificates, which is a platform independent way to read the file your code.
Remark: your code will work if you use a null password:
String password = null;//"changeit";
I have an X.509 certificate created using bouncycastle library. How can I store it into a java Keystore?
I tried this code
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
// get user password and file input stream
char[] password = getPassword();
java.io.FileInputStream fis =
new java.io.FileInputStream("keyStoreName");
ks.load(fis, password);
fis.close();
I found this code here, but the key store created using this way does not work with keytool, it tells me the keystore is corrupted.
Use KeyStore.setCertificateEntry(alias, cert) and give it an alias name of your choice. Then, use KeyStore.store(...) to save the keystore (typically using a FileOutputStream).
I am implementing a server that uses self-signed certificates. What is the best way to distribute the certificates to the clients? I could import the certificate into the java keystore and setup the client. But is there any way to avoid every client from importing the certificate manually. Can this be done automatically by the java client? I went through the JSSE reference but could not figure out how to do this. Would appreciate any help.
Regards,
Sampath.
Check out the KeyStore class. It allows you to manipulate Java keystores.
Code example:
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null); // Creates a new keystore
BufferedInputStream bis = new BufferedInputStream(new FileInputStream("cert.cer")); // Or read from URL
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = null;
if (bis.available() > 0) {
cert = cf.generateCertificate( bis );
ks.setCertificateEntry( "SGCert", cert );
}
ks.setCertificateEntry("SGCert", cert);
ks.store(new FileOutputStream("out.keystore"), "secret".toCharArray() );