Open x509 Certificate store from Java APIs

4k views Asked by At

I am trying to show the list of certificates from the Client Certificate store in JSP. In .Net there is an option to show the list of certificates with the following code...

X509Store xStore = new X509Store(...);
xStore.Open(...); // This will open the list of certicates in open dialog box.

Is there any similar functionality to get this information in Java?

1

There are 1 answers

4
nablex On BEST ANSWER

You can open a JKS store using the default JDK classes, to open a pkcs12 file or the likes you need a library like bouncycastle. For example:

KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");

Then load the actual keystore:

keystore.load(inputStream, password);

Note that an empty password is handled differently by bouncycastle or jdk (one requires an empty string the other null iirc). Once you have a keystore instance, you can get the certificates easily by looping over the aliases and checking the types:

Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
    String alias = aliases.nextElement();
    if (store.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class))
        certificates.put(alias, (X509Certificate) store.getCertificate(alias));
}