aspose file tools*
The moose likes Java in General and the fly likes Keystore Generation in Java Code Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Keystore Generation in Java Code" Watch "Keystore Generation in Java Code" New topic
Author

Keystore Generation in Java Code

Mathew Anderson
Greenhorn

Joined: Jan 06, 2009
Posts: 7
I wrote some code to help me manage the keystores/SSLs that I use with my J2EE application server. In two places, I run the keytool command, using Runtime.getRuntime(), but I am starting to see some java.io.IOException: Not enough space errors. The diskspace looks good, and the Heap size of the jvm looks good.

Anyways, I want to try and convert this so it does not fork and execute (and will remove the issue that I am seeing), but instead use java.security.Keystore instead (or something better).

Here are the parts of the code, I'd like to convert:


// KeyStore Generation
String params[]= {"/bin/keytool", "-genkey", "-keyalg", "RSA", "-alias", keyAlias, "-keystore", keyStore,
"-dname", keyDName, "-keypass", keyPassPhrase, "-storepass", StorePassPhrase};

Process keytool = Runtime.getRuntime().exec(params);

// SSL Cert Request Creation
String params[]= {"keytool", "-certreq", "-alias", keyAlias, "-keypass", keyPassPhrase, "-keystore", keyStore, "-storepass", StorePassPhrase, "-file", keyReqFile };

Process keytool = Runtime.getRuntime().exec(params);

Looking at information on using java.security.KeyStore (KeyStore.Builder, KeystoreSpi), I got lost rather quickly. Anyone else use these? or have some good examples I could use to help muddle my way into fixing this?

Thanks
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19783
    
  20

If you think this is a problem for beginners, you must be quite a programmer!
I think the intermediate forum is a bit better ;)


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Mathew Anderson
Greenhorn

Joined: Jan 06, 2009
Posts: 7
Yes, after I posted, I realized it should be in the intermediate forum. Would it be possible for you to move it? I did not want to cross post.

Edit - Ah, I see you did move it. thank you!
Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

Hi Matthew,

What version of the JDK are you using? Have you looked at the process builder APIs under JDK1.5+?


Cheers, Martijn - Blog,
Twitter, PCGen, Ikasan, My The Well-Grounded Java Developer book!,
My start-up.
Mathew Anderson
Greenhorn

Joined: Jan 06, 2009
Posts: 7
JDK is 1.5

I have not looked at the process builder, I'll take a look at that. It might get around the IOException error. Though, I would ultimately like to move this inside the code.. but if changeing to this processbuilder, it will work for now. thanks!
Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

No worries, there have been several discussions on this forum lately about runtime.exec() and why ProcessBuilder is 'better'. I'm too lazy right now to dig them up but if you search this forum for runtime.exec you'll see some useful discussions and links.
Mathew Anderson
Greenhorn

Joined: Jan 06, 2009
Posts: 7
ProcessBuilder did seem to help, but it only delayed the error some. So my initial question still remains open.


Has anyone done keystore generations in java code? If so, any pointers?
Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

Are you able to take a look at the JVM while this is running (jstat, jvmstat will do the trick). Mind you out of space usually indicates a file I/O issue..
Mathew Anderson
Greenhorn

Joined: Jan 06, 2009
Posts: 7
Not really. I only see the error on our production server and I am unable to take it down. Our Development and Quality seem fine.

We run Weblogic 9.2 as the j2ee engine (running on Solaris, if that helps), using that I looked at the memory usage
Before:
Heap Size Current: 3758096384
Heap Free Current: 1364779736
Heap Free Percent: 36
Heap Size Max: 3758096384
Total Physical Memory: 17179869184

After:
Heap Size Current: 3758096384
Heap Free Current: 1295966936
Heap Free Percent: 34
Heap Size Max: 3758096384
Total Physical Memory: 17179869184

The production server is rather busy, we have about 80 applications deployed on it. But the Heap Free seems rather reasonable.

Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

Thanks for that, I think you're right it looks like there's enough JVM memory. Next Q, do you know where the keystore work is being done on the physical disk, the IOException indicating out of space could be referring to a genuine out of space on physical disk problem (perhaps it is writing to a small mount point, or a user dir that is restricted in size).
Mathew Anderson
Greenhorn

Joined: Jan 06, 2009
Posts: 7
The generation is done on the root partition of the disk:

/dev/dsk/c1t0d0s0 131112519 62008144 67793250 48% /


plenty of space.


I do notice, that once the system is rebooted (we do that weekly), it works for a while.. but as time goes on, the error pops up.
Carey Evans
Ranch Hand

Joined: May 27, 2008
Posts: 225

Getting hold of a key store and saving a key isn’t hard:Generating the X509Certificate is a bit harder. I think the Bouncy Castle library includes everything you need.

Have a look at the JCA Reference Guide for much more information.
Carey Evans
Ranch Hand

Joined: May 27, 2008
Posts: 225

With respect to your problems with exec() and ProcessBuilder, could you be running out of file descriptors? Each Process has an output stream and one or two input streams which should be closed once you’re finished with them. Otherwise they will eventually be closed some time after the process and the streams are garbage collected.
Mathew Anderson
Greenhorn

Joined: Jan 06, 2009
Posts: 7
Carey - How did I miss those. Thanks, I am changing the code to close the steams. Whoops.

I started to look at Bouncy Castle, seems like some good stuff. I'll try and sit down more with it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Keystore Generation in Java Code