In the windows personal certificate store, I am trying to programmatically install a certificate with the private key(using method setKeyEntry) using Java. But I get an exception when I do that.
Caused by: java.lang.UnsupportedOperationException: Cannot assign the key to the given alias.
at jdk.crypto.mscapi/sun.security.mscapi.CKeyStore.engineSetKeyEntry(CKeyStore.java:405)
at jdk.crypto.mscapi/sun.security.mscapi.CKeyStore$MY.engineSetKeyEntry(CKeyStore.java:57)
Code snippet:
KeyStore userCertStore = KeyStore.getInstance(getValue(CERTIFICATE_STORE_TYPE));
userCertStore.load(null,null);
for (iaik.x509.X509Certificate cert : user.getUserCertificates()) {
userCertStore.setCertificateEntry(cert.getSubjectDN().toString(), cert);
userCertStore.setKeyEntry(cert.getSubjectDN().toString(),user.getUserPrivateKey(cert),new
SecureStringBuffer(new StringBuffer(password)).toCharArray(),user.getUserCertificates());
}
The certificates are already set during
setKeyEntry- do not store the certificate usingsetCertificateEntry.setCertificateEntryis used to set trusted certificates (of the other party), thesetKeyEntryis used to store private keys and the full certificate chain belonging to that private key.So when you set the private key the alias is already taken by a "trusted certificate".