aspose file tools*
The moose likes Security and the fly likes certificate chain Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "certificate chain" Watch "certificate chain" New topic
Author

certificate chain

swap Inam
Ranch Hand

Joined: Sep 28, 2002
Posts: 37
Hello All

I have created a JKS file using Keytool and can view it on command line as below :
keytool -list -keystore keystore.jks -v
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: mydomain
Creation date: Jan 14, 2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Swap Inam, OU=PO, O=PO, L=PO, ST=PO, C=PO
Issuer: CN=Swap Inam, OU=PO, O=PO, L=PO, ST=PO, C=PO
Serial number: 496de2dc
Valid from: Wed Jan 14 18:34:28 IST 2009 until: Tue Apr 14 18:34:28 IST 2009
Certificate fingerprints:
MD5: 07:25:02:86:E2:01:65:4C:4B:46:BD:75:4C:4C:3E:A2
SHA1: 73:CC:38:83:7B:E3:AD:55:36:E4:67:04:9B:72:E6:AF:3D:5F:86:14
Signature algorithm name: SHA1withRSA
Version: 3


*******************************************
*******************************************

when I try to read this file programatically as below :

final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(m_KeyStore.getInput(), m_KeyStore.getPassword());
kmf = getKeySunX509ManagerFactory();
kmf.init(ks, m_KeyStore.getPassword());

// Check if certificates are valid.
final KeyManager[] kmgrs = kmf.getKeyManagers();
for (int i = 0; i < kmgrs.length; i++)
{
if (kmgrs[i] instanceof X509KeyManager)
{
final X509KeyManager mgr = (X509KeyManager) kmgrs[i];
final X509Certificate[] certs = mgr.getCertificateChain(m_KeyStore.getAlias());
if (certs != null)
{
for (int j = 0; j < certs.length; j++)
{
final X509Certificate cert = certs[j];
cert.checkValidity();
}
}
else
{
final String error = "Key Store Certificate Chain incomplete";
LOG.error(error);
throw new AgentException(error);
}
}
}

I always happen to get the error : "Key Store Certificate Chain incomplete" as NULL is returned
for mgr.getCertificateChain(m_KeyStore.getAlias()) in the above code snippet

Why this error is thrown when on command line output above it shows Certificate chain length: 1

Any help is appreciated
Swap
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: certificate chain