Pheox - Forums
  [Search] Search   [Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Top Downloads] Top Downloads   [Groups] Back to home page 
[Register] Register /  [Login] Login 

Getting a pre-installed cert from keystore? RSS feed
Forum Index » General Issues
Author Message
[Post New]14/02/2006 21:24:04
Subject: Getting a pre-installed cert from keystore?
[Up] #1
Anonymous


Hi All,

I might have missed something in the examples, but if we install a certificate by right clicking on it in explorer and choosing "install certificate", how do we retrieve this from the keystore? I assumed that it's by alias, but the alias method returns something like:

AuthRoot|AEj403sVP26ieYwyPvTzGKViSp4=

And I'm not sure how to determine the alias of the certificate that I just imported. I'd greatly appreciate any suggestions since I'm new to security oriented programming.
[Post New]15/02/2006 20:48:04
Subject: Re:Getting a pre-installed cert from keystore?
[Up] #2
tommy

Visitor

Joined: May 30, 2005
Messages: 148
Offline
Hi,

That's a never ending question
Well, how do we want to identify a specific certificate in order to get its JCAPI alias? There many ways, for example by its public key, by its issuer distinguished name + serial number, by its DER encoded X.509 representation etc. Personally, I prefer to select the certificate through its issuer DN and serial number since these properties makes it unique.

Here's an example of how to do it: 

import java.security.cert.*;

import java.security.*;

import javax.security.auth.x500.X500Principal;

import com.pheox.jcapi.*;



public class FindCert

{

    static public void main(String[] args)

    {

        try {

            Security.addProvider(new JCAPIProvider());

            KeyStore ks = KeyStore.getInstance("msks", "JCAPI");

            ks.load(null, null);



            String alias = null;

            X509Certificate cert = null;

            boolean foundCert = false;

            X500Principal issuerDN = new X500Principal("O = C&W HKT SecureNet CA SGC Root, C = hk");

            int serialNum = 0;

            for(java.util.Enumeration e = ks.aliases(); e.hasMoreElements(); )

                {

                    alias = (String)e.nextElement();

                    cert = (X509Certificate)ks.getCertificate(alias);

                    if(cert.getIssuerX500Principal().equals(issuerDN) &&

                       cert.getSerialNumber().intValue() == serialNum)

                        {

                            foundCert = true;

                            break;

                        }

                }

            if(foundCert)

                {

                    System.out.println("I found your certificate with JCAPI alias '" + alias + "':");

                    System.out.println(cert);

                }

            else

                System.out.println("Sorry, couldn't find your certificate.");



        } catch(Throwable t) {

            t.printStackTrace();

            System.err.println("Test prog failed. Exiting...");

        }

    }

}


You can find the issuer DN and serial number for your specific certificate through Internet Explorer:
1. Press menu item: Tools -> Internet Options...
2. Press tab: Content
3. Press button: Certificates...
4. Press the tab where you certificate is stored e.g: Personal
5. Select your certificate from the list.
6. Press button: View
7. Press tab: Details
8. Now you can examine your certificate's issuer DN and serial number.

Btw, please note that the alias thing is not a JCAPI specific requirement. It's a requirement enforced by the (Java Cryptography Extension) JCE framework.

Regards,
Tommy
 
Forum Index » General Issues
Go to:   
Mobile view
Powered by JForum 2.8.3 © 2023 JForum Team • Maintained by Andowson Chang and Ulf Dittmer