Hello All
I have created a JKS file using Keytool and can view it on command line as below :
keytool -list -keystore keystore.jks -v
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mydomain
Creation date: Jan 14, 2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Swap Inam, OU=PO, O=PO, L=PO, ST=PO, C=PO
Issuer: CN=Swap Inam, OU=PO, O=PO, L=PO, ST=PO, C=PO
Serial number: 496de2dc
Valid from: Wed Jan 14 18:34:28 IST 2009 until: Tue Apr 14 18:34:28 IST 2009
Certificate fingerprints:
MD5: 07:25:02:86:E2:01:65:4C:4B:46:BD:75:4C:4C:3E:A2
SHA1: 73:CC:38:83:7B:E3:AD:55:36:E4:67:04:9B:72:E6:AF:3D:5F:86:14
Signature algorithm name: SHA1withRSA
Version: 3
*******************************************
*******************************************
when I try to read this file programatically as below :
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(m_KeyStore.getInput(), m_KeyStore.getPassword());
kmf = getKeySunX509ManagerFactory();
kmf.init(ks, m_KeyStore.getPassword());
// Check if certificates are valid.
final KeyManager[] kmgrs = kmf.getKeyManagers();
for (int i = 0; i < kmgrs.length; i++)
{
if (kmgrs[i] instanceof X509KeyManager)
{
final X509KeyManager mgr = (X509KeyManager) kmgrs[i];
final X509Certificate[] certs = mgr.getCertificateChain(m_KeyStore.getAlias());
if (certs != null)
{
for (int j = 0; j < certs.length; j++)
{
final X509Certificate cert = certs[j];
cert.checkValidity();
}
}
else
{
final String error = "Key Store Certificate Chain incomplete";
LOG.error(error);
throw new AgentException(error);
}
}
}
I always happen to get the error : "Key Store Certificate Chain incomplete" as NULL is returned
for mgr.getCertificateChain(m_KeyStore.getAlias()) in the above code snippet
Why this error is thrown when on command line output above it shows Certificate chain length: 1
Any help is appreciated
Swap