2

I'd like to create a self-signed certificate by invoking keytool in my java script. Here is a simplified version of my code which includes the problem I have: 

    public class Tester {
        public static void main(String[] args) {   
            String[] cmd = {   
                "/bin/sh",  
                "-c",  
                "keytool",  
                "-genkey",   
                "-dname",  
                "\"C=US,CN=CU,L=ABC,O=ABC_Univ,OU=ABC_Pro\"",  
                "-keysize",  
                "1024",  
                "-alias",  
                "testkeypairs",
                "-keyalg",  
                "RSA",  
                "-sigalg",   
                "SHA1withRSA",  
                "-keystore",     
                "testkeystore",  
                "-storepass",  
                "abcdef",  
                "-keypass",  
                "abcdef"  
            }    
            Process testProc = Runtime.getRuntime().exec(cmd);  
}

There is no error when I ran it. But it did not give me the keystore. My questions are:

  1. The certificate generated by keytool is not considered as the "subprocess's output" which needs to be fed to the parent process using getinputstream(), is it?

  2. If it is, I also tried the getinputstream() thing as discussed in the following post,

Keytool usage with Runtime.getRuntime().exec() under Linux

the program just got stuck and seems to never stop.

  1. Is there any other ways to create self-signed certificate using java program?

I am a newbie in Java and English is not my first language. I hope I have expressed my question clearly.

Community
  • 1
  • 1
Amy Yu
  • 23
  • 1
  • 7
  • I don't know exactly what you're trying, but consider changing your tactic slightly: instead of calling `exec` to call the keytool binary, try calling the Keystore creation code yourself, programatically. http://stackoverflow.com/questions/5312559/how-do-i-programmatically-create-a-new-keystore – Gus Dec 18 '13 at 21:58
  • What I want is to create a self-signed certificate programmatically. I thought I can invoke keytool using Runtime.getRuntime.exec(), just like discussed the following post.[http://stackoverflow.com/questions/8308148/keytool-usage-with-runtime-getruntime-exec-under-linux] I tried their method but couldn't get the certificate. @Hariprasad – Amy Yu Dec 18 '13 at 22:12
  • @Gus Certificate signature is not possible with the standard java crypto API. You need to use a 3rd party library (e.g. BouncyCastle) to do that. – Jcs Dec 18 '13 at 22:30
  • Is it possible the file is created, but in a different directory than you expected? Try specifying a full path for the -keystore parameter and see what happens. – erickson Dec 18 '13 at 23:07
  • You might need to call testProc.waitFor(); and also consume testProc.getInputStream(); and testProc.getErrorStream(); with something like while(stream.read()!=-1) {}; – Mike Clark Dec 19 '13 at 00:21
  • I've seen some posts about using BC. That's what I am going to try next.@Jcs – Amy Yu Dec 19 '13 at 05:02
  • I did specify the full path in my code, just omitted here in the post.@erickson – Amy Yu Dec 19 '13 at 05:05

1 Answers1

2

You could try a different approach again - since keytool is written in Java and it is delivered with the JDK, you can actually instantiate the keytool class directly, like in this answer. This approach will let you generate a self-signed certificate in the JKS file of your choice, but it won't give you programmatic access to the generated certificate.

Just watch out, under Java 7 you will need to do new sun.security.tools.KeyTool(), but under Java 8 the class has been moved and you will need to do new sun.security.tools.keytool.Main. And of course it only works for the Oracle JDK, the APIs are internal and not guaranteed to be present in any future Java version, etc., etc.

Community
  • 1
  • 1
rxg
  • 3,777
  • 22
  • 42