Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.lang.java.security > #104

Re: Using PKCS#7 as a pro

From "howdyraju2" <howdyraju2@THRWHITE.remove-dii-this>
Subject Re: Using PKCS#7 as a pro
Message-ID <6da375bd-e4a0-42e6-938e-c3b4e0b82209@a1g2000hsb.googlegroups.com> (permalink)
Newsgroups comp.lang.java.security
References <a7375f37-8b5a-497f-903b-9fe37dd5ba2d@b64g200
Date 2011-04-27 16:08 +0000
Organization TDS.net

Show all headers | View raw

  To: comp.lang.java.security
As mentioned before, since pkcs#7 is not a keystore provider; hence
the JDK keytool command will not be able to parse a pkcs#7 file.
However, you can easily extract the certificate chain
programmatically. See the method below:

private X509Certificate[] getCertificateChain(InputStream in) throws
CertificateException {
	CertificateFactory certFac = CertificateFactory.getInstance("X.509");
	CertPath certPath = certFac.generateCertPath(in, ENCODING);
	X509Certificate[] chain =
(X509Certificate[])certPath.getCertificates().toArray(new
X509Certificate[1]);
	return chain;
}


On Apr 17, 2:49 am, Efi Merdler <foo...@gmail.com> wrote:
> On 17 אפריל, 02:50, Speedo <speedo...@gmail.com> wrote:
>
> > pkcs#7 is not a keyStore provider. If you want to read certificate
> > chain in a pkcs#7 file, use "keytool-importcert -file filename".
>
> > To find out all KeyStore providers, write a small program. See
> >    http://exampledepot.com/egs/java.security/ListServices.html
> > Call getCryptoImpls("KeyStore") to find out what's available. For a
> > Sun JDK out of box, there should be al least pkcs12, jks, jceks. You
> > also get the pkcs11 one on Solaris and MSCAPI ones on Windows.
>
> > - Speedo
>
> > On Apr 16, 11:51 pm,EfiMerdler<foo...@gmail.com> wrote:
>
> > > Hi,
> > > I am not able to use pkcs#7 as a provider forkeytool. I want to read
> > > a certificate chain encoded in PKCS#7 format usingkeytool.
>
> > > When running the following command
> > >keytool-import -provider pkcs7 -keystore my_cert.jks -file cert.p7 -
> > > noprompt -storepass my_cert -v
> > > I receivekeytoolerror: java.lang.ClassNotFoundException: pkcs7
> > > even when qualifying the full path I still receive the same error.
>
> > > Where can I find thekeytool'sbuilt in supported providers ?
>
> > > Thanks,
> > >Efi
>
> Thanks.
> It still does not work.
> When using keytool -printcert -file cert.p7 it prints everything fine
> however when trying to import I receive Input not an X.509
> certificate.
>
> I tried to follow thawte tutorial on the subject :https://search.thawte.com/support/ssl-digital-certificates/index?page...
> still no help there.
>
> Any ideas ?
>
> Efi

---
 * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24

Back to comp.lang.java.security | Previous | Next | Find similar

Thread

Re: Using PKCS#7 as a pro "howdyraju2" <howdyraju2@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000

csiph-web