Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.security > #104
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!feeder1.hal-mli.net!news.glorb.com!news-out.readnews.com!news-xxxfer.readnews.com!news-out.news.tds.net!newsreading01.news.tds.net!86597e80!not-for-mail |
|---|---|
| From | "howdyraju2" <howdyraju2@THRWHITE.remove-dii-this> |
| Subject | Re: Using PKCS#7 as a pro |
| Message-ID | <6da375bd-e4a0-42e6-938e-c3b4e0b82209@a1g2000hsb.googlegroups.com> (permalink) |
| X-Comment-To | comp.lang.java.security |
| Newsgroups | comp.lang.java.security |
| In-Reply-To | <a7375f37-8b5a-497f-903b-9fe37dd5ba2d@b64g200 |
| References | <a7375f37-8b5a-497f-903b-9fe37dd5ba2d@b64g200 |
| Content-Type | text/plain; charset=IBM437 |
| Content-Transfer-Encoding | 8bit |
| X-Gateway | time.synchro.net [Synchronet 3.15a-Win32 NewsLink 1.92] |
| Lines | 67 |
| Date | Wed, 27 Apr 2011 16:08:11 GMT |
| NNTP-Posting-Host | 96.60.20.240 |
| X-Complaints-To | news@tds.net |
| X-Trace | newsreading01.news.tds.net 1303920491 96.60.20.240 (Wed, 27 Apr 2011 11:08:11 CDT) |
| NNTP-Posting-Date | Wed, 27 Apr 2011 11:08:11 CDT |
| Organization | TDS.net |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.java.security:104 |
Show key headers only | View raw
To: comp.lang.java.security
As mentioned before, since pkcs#7 is not a keystore provider; hence
the JDK keytool command will not be able to parse a pkcs#7 file.
However, you can easily extract the certificate chain
programmatically. See the method below:
private X509Certificate[] getCertificateChain(InputStream in) throws
CertificateException {
CertificateFactory certFac = CertificateFactory.getInstance("X.509");
CertPath certPath = certFac.generateCertPath(in, ENCODING);
X509Certificate[] chain =
(X509Certificate[])certPath.getCertificates().toArray(new
X509Certificate[1]);
return chain;
}
On Apr 17, 2:49 am, Efi Merdler <foo...@gmail.com> wrote:
> On 17 אפריל, 02:50, Speedo <speedo...@gmail.com> wrote:
>
> > pkcs#7 is not a keyStore provider. If you want to read certificate
> > chain in a pkcs#7 file, use "keytool-importcert -file filename".
>
> > To find out all KeyStore providers, write a small program. See
> > http://exampledepot.com/egs/java.security/ListServices.html
> > Call getCryptoImpls("KeyStore") to find out what's available. For a
> > Sun JDK out of box, there should be al least pkcs12, jks, jceks. You
> > also get the pkcs11 one on Solaris and MSCAPI ones on Windows.
>
> > - Speedo
>
> > On Apr 16, 11:51 pm,EfiMerdler<foo...@gmail.com> wrote:
>
> > > Hi,
> > > I am not able to use pkcs#7 as a provider forkeytool. I want to read
> > > a certificate chain encoded in PKCS#7 format usingkeytool.
>
> > > When running the following command
> > >keytool-import -provider pkcs7 -keystore my_cert.jks -file cert.p7 -
> > > noprompt -storepass my_cert -v
> > > I receivekeytoolerror: java.lang.ClassNotFoundException: pkcs7
> > > even when qualifying the full path I still receive the same error.
>
> > > Where can I find thekeytool'sbuilt in supported providers ?
>
> > > Thanks,
> > >Efi
>
> Thanks.
> It still does not work.
> When using keytool -printcert -file cert.p7 it prints everything fine
> however when trying to import I receive Input not an X.509
> certificate.
>
> I tried to follow thawte tutorial on the subject :https://search.thawte.com/support/ssl-digital-certificates/index?page...
> still no help there.
>
> Any ideas ?
>
> Efi
---
* Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24
Back to comp.lang.java.security | Previous | Next | Find similar
Re: Using PKCS#7 as a pro "howdyraju2" <howdyraju2@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
csiph-web