Can anybody tell me whether we have to create my.keystore file or it will be created. And when I created this file in the same directory(webapp directory) where my jsp file is and I am using this code in my jsp file.
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("my.keystore"));
try {
trustStore.load(instream, "nopassword".toCharArray());
} finally {
instream.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", socketFactory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
And I got the error
java.io.FileNotFoundException: my.keystore (The system cannot find the file spec
ified)
So where should I put this file. this is the path for both of the file, that jsp file and my.keystore
C:\workspace\search-ui\search-ui\src\main\webapp
I would recommend adding the keystore to the classpath and then load it via
InputStream instream = Thread.currentThread().getContextClassLoader().getResourceAsStream("my.keystore");
Putting the keystore under webapp but not under WEB-INF is insecure since anyone could just download it. Also, loading a file via new File() looks in the working directory for the Java process when a relative file path is used (see the JavaDoc). This is most likely somewhere under the directory hierarchy of the Servlet container you are using.
You don't need a keystore at all unless your server requires client authentication. Does it?
Related
We are using a NewRelic java agent to monitor java application. The application uses a custom trust store with .jks extension. However the agent by default or by explicitly specifying the path to the trust store does not identify the trust store and throws an error.
How can we use this trust store without changing the extension as we need to use as it is.
INFO: Using ca_bundle_path:
D:\Java\jdk1.8.0_311\jre\lib\security\cacerts
2022-01-24T16:55:40,590+0530 [7048 1] com.newrelic ERROR: Unable to
generate ca_bundle_path certificate. Verify the certificate format.
Will not process further certs.
java.security.cert.CertificateException: Could not parse certificate:
java.io.IOException: Empty input
The Java agent relies on the default X.509 CertificateFactory that only accepts .pem files.
Relevant lines:
try (InputStream is = new BufferedInputStream(new FileInputStream(caBundlePath))) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// ...
caCerts.add((X509Certificate) cf.generateCertificate(is));
// ...
}
https://github.com/newrelic/newrelic-java-agent/blob/f18215d145bd6992c0fe74a8c503459799e108ca/newrelic-agent/src/main/java/com/newrelic/agent/transport/apache/ApacheSSLManager.java#L54-L58
If you can override the SPI for the X.509 CertificateFactory for one that accepts .pks files you might be able to use your file.
Am trying to read the installed certificates by using code
KeyStore ks = KeyStore.getInstance("Windows-MY")
ks.load(null, null)
Enumeration<String> enumeration = ks.aliases()
while (enumeration.hasMoreElements()) {
String string = (String) enumeration.nextElement()
System.out.println(string)
}
this code list out the installed certificates on windows but on linux doesn't? tried by changing the keystore providers also.
I'm not sure what you mean with "read browsers certificates".
Are you trying to read certificates from the default Java keystore? What's your goal?
KeyStore.getInstance(..) instantiates a keystore with a specific type (JKS, for example). When you want to read from a specific keystore, you need to specify the path to the keystore and make the KeyStore instance load that file.
See http://www.java2s.com/Code/Java/Security/RetrievingaKeyPairfromaKeyStore.htm for an example and https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html for more details.
Edited: updated answer after clarified question.
You can find more info on reading browser keystores in Linux on:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/keystores.html
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/JSS
applet with SunMSCapi not working in linux
http://forums.mozillazine.org/viewtopic.php?p=12037571
Try with libsoftokn3.so of NSS.
See my answer here, "Approach 1".
The key is to find where libsoftokn3.so is, and use it as the libfile to construct a config file, and then a KeyStore.
You can get the Default Type.
Try the below code
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
I'm using the below code to attempt to load a keystore file and I'm getting an java.io.IOException: Invalid keystore format Exception. Any ideas on how to troubleshoot this or what is causing the issue?
Load Keystore File:
final FileInputStream keyFile = new FileInputStream(filePath
+ "key.p7b");
final KeyStore keyStore = KeyStore.getInstance("JKS");
String storepass = "pwd";
keyStore.load(keyFile, storepass.toCharArray());
Exception:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
On request, my comment as an answer:
p7b is a certificate file, not a keystore file. You must convert it first. Apparently OpenSSL can help with that.
I have a problema like that when I try to create a keystore file with a Sun/Oracle JDK in Portuguese... The portuguese version of JDK (or my Windows PT-BR, I don't know yet) have this bug... I needed to make the keystore file in an English operational system.
New to Applets, I have never dealt with having to export the resources to the jar.
The browser is failing to load properties files:
access denied ("java.io.FilePermission"
"config\en-us.properties""read")
Properties files are imported as so:
Code to load Properties file:
prop.load(new FileInputStream("config/en-us.properties"));
Obtain an URL to the properties file in the jar using:
URL urlToProps = this.getClass().getResource("/config/en-us.properties");
Use an URLConnection to set a read timeout.
// courtesy of MyTitle 'default timeout is infinity'
URLConnection connection = urlToProps.openConnection();
connection.setConnectTimeout(5000);
Get an InputStream.
InputStream is = connection.getInputStream();
Then use Properties.load(InputStream) to load it.
prop.load(is);
I have created an applet to read some info from a file on the server. I try to access the file using the following code:
Properties Settings = new Properties();
settings.load(new URL(getDocumentBase(), "settings.ini")).openStream());
All of a sudden, the second line is giving me the error:
java.lang.NullPointerException
at java.applet.Applet.getDocumentBase(Unknown Source)
My applet is signed and I access it through my localhost.Why can't I use getDocumentBase anymore?
Btw, I am using Netbeans Web Start option to create the necessary files (jars, html, jnlp) and then move them to my IIS local server.
SOLUTION
I'm loading the ini file from within the jar now:
Properties Settings = new Properties();
URL url = this.getClass().getResource("/myapplet/settings.ini");
settings.load(url.openStream());
At first glance I would expect:
new URL(getCodeBase(), "settings.ini")
as getCodeBase gives the directory URL, getDocumentBase gives the HTML URL.
That it worked previously is astonishing. Maybe the HTML URL ended with ?... and you read the HTML page?
SOLUTION
I'm loading the ini file from within the jar now:
Properties Settings = new Properties();
URL url = this.getClass().getResource("/myapplet/settings.ini");
settings.load(url.openStream());