In short, the bug that consists of only one private key being presented
at most is going to entail another bug (or request for enhancement) to
make it possible to distinguish between the various keys in a useful
manner. The two problems are closely linked and should certainly be
addressed at the same time.
I had overlooked something here, and the second problem might be rather
minor (it would have a work-around if it was possible to load more than
one key).
Indeed, the fact that isCertificateEntry(alias) returns false does not
mean that getCertificate(alias) will return null.
I had paid attention to write my test using this without "else" in
between the "if" statements, but it wasn't enough:
if (keyStore.isKeyEntry(alias)) { /* ... */ }
if (keyStore.isCertificateEntry(alias)) { /* ... */ }
The code attached at the end of this e-mail produces this for the two
entries corresponding to my pair of key and certificate:
- Alias: bruno harbulot 1
isKeyEntry? false
isCertificateEntry? true
Subject DN: CN=bruno harbulot,L=MC,OU=Manchester,O=eScience,C=UK
Does getKey work on this certificate entry as well? false
- Alias: bruno harbulot
isKeyEntry? true
isCertificateEntry? false
Key loaded successfully. Type: PKCS#8
Does getCertificate work on this key entry? Yes CN=bruno
harbulot,L=MC,OU=Manchester,O=eScience,C=UK
It is thus possible to retrieve the corresponding certificate from a key
alias, even if isCertificateEntry returns false. The opposite is not
true (it doesn't seem to be possible to get the key from the
certificate, even if it's there).
This is probably the reason why the alias corresponding to the CN of the
certificate is used for the key entry.
I find it a bit confusing, but this is fine in fact. Anyway, this is
compliant with the documentation about KeyStore.
This does not solve the main problem: only one private key is returned.
Naming will also remain an issue since there can be several certificates
with the same CN and it seems impossible to rename the certificates in
the Keychain utility.
System.out.println("List of the aliases present in the keystore
("+keyStore.getType()+")");
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
System.out.println(" - Alias: " + alias);
System.out.println(" isKeyEntry? "+keyStore.isKeyEntry(alias));
System.out.println(" isCertificateEntry?
"+keyStore.isCertificateEntry(alias));
if (keyStore.isKeyEntry(alias)) {
try {
PrivateKey key = (PrivateKey) keyStore.getKey(alias, "-".toCharArray());
System.out.println(" Key loaded successfully. Type: " +
key.getFormat());
} catch (RuntimeException e) {
System.out.println(" Key failed to load ("+e.getMessage()+")");
}
Certificate certificate = keyStore.getCertificate(alias);
String subject = "";
if ((certificate != null) && (certificate instanceof X509Certificate)) {
subject =
((X509Certificate)certificate).getSubjectX500Principal().getName();
}
System.out.println(" Does getCertificate work on this key entry? "+
((keyStore.getCertificate(alias) != null) ? "Yes "+subject : "No"));
}
if (keyStore.isCertificateEntry(alias)) {
Certificate certificate = keyStore.getCertificate(alias);
if (certificate instanceof X509Certificate) {
X509Certificate x509certificate = (X509Certificate) certificate;
System.out.println(" Subject DN: "
+ x509certificate.getSubjectX500Principal()
.getName());
} else {
System.out.println(" Unknown format certificate.");
}
System.out.println(" Does getKey work on this certificate entry as
well? "+(keyStore.getKey(alias, "-".toCharArray()) != null));
}
System.out.println();
}
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
