3

I am trying to show the list of certificates from the Client Certificate store in JSP. In .Net there is an option to show the list of certificates with the following code...

X509Store xStore = new X509Store(...);
xStore.Open(...); // This will open the list of certicates in open dialog box.

Is there any similar functionality to get this information in Java?

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
user1006585
  • 85
  • 2
  • 10
  • Look into the classes of the [`java.security.cert` package](http://docs.oracle.com/javase/7/docs/api/java/security/cert/package-summary.html). – Andrew Thompson Jan 11 '13 at 06:33

1 Answers1

2

You can open a JKS store using the default JDK classes, to open a pkcs12 file or the likes you need a library like bouncycastle. For example:

KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");

Then load the actual keystore:

keystore.load(inputStream, password);

Note that an empty password is handled differently by bouncycastle or jdk (one requires an empty string the other null iirc). Once you have a keystore instance, you can get the certificates easily by looping over the aliases and checking the types:

Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
    String alias = aliases.nextElement();
    if (store.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class))
        certificates.put(alias, (X509Certificate) store.getCertificate(alias));
}
nablex
  • 4,635
  • 4
  • 36
  • 51
  • Thanks for your Immediate response... With the above code i am able to get the list of certificates in the collection, now i want to show the "Select Certificate" dialog box. will JAVA APIs provide any method for that or we need to create any applet for showing such dialog box. Once again thanks for your immediate response... :) – user1006585 Jan 11 '13 at 09:14
  • A "select certificate dialog box" is a very vague description. I am not very familiar with JSP but I would assume a classic – nablex Jan 11 '13 at 09:40
  • Ok.. i will add "dropdown list" instead of "dialogbox". But if we want to get the list of certificates from client machine we need to execute the peace of code from the client machine... If i write the get certificate logic in servlet, that will get only the service certificates. So i am planning to implement in Applet. is there any way to overcome this.... and other solution without applet... Thanks.... – user1006585 Jan 11 '13 at 09:57
  • That depends how you are currently accessing the client certs. How does the user indicate which store to use? Is it in a fixed position or does the user select it in a file upload or the likes? If the latter, you can use javascript to send it to the server, parse it there and send back the results. Not entirely optimal but in my opinion still better than an applet (ymmv) – nablex Jan 11 '13 at 10:02