4

In my application I make use of a p12 certificate file to encrypt traffic when talking to an API I am using.

For my production environment, I need to read these files off the system rather than from the application.

On Linux, how might I read these files off my system into my application into an InputStream just like I would from a resources directory in my application?

I am using Java.

Adam Bronfin
  • 1,209
  • 3
  • 27
  • 43
  • Have a look here: http://stackoverflow.com/questions/18621508/getting-a-privatekey-object-from-a-p12-file-in-java You can load the key into the KeyStore using a stream. In the linked question, they stream a resource, but you should be able to use any InputStream. – Eric Hughes Feb 23 '15 at 18:39
  • But again this is loading it off the applications file structure as I am doing now. I need to load it from the actual system. What I'm also looking for in the answer is where on the system it should be placed for Linux. – Adam Bronfin Feb 23 '15 at 18:44
  • Have you tried a `FileInputStream`? You should be able to place the p12 file anywhere that makes sense for you (and is accessible) – Eric Hughes Feb 23 '15 at 18:47
  • Some examples of sensible places is what I am looking for, as well as a code example showing how to read the file in a relative manner that will work across environments (assuming it's placed in the same location) – Adam Bronfin Feb 23 '15 at 18:49
  • `FileInputStream(string path)` will allow a relative path. As for location, if you're deploying supporting files along with your JAR, you may have a conf/ directory or something similar, and that might be a good location. Or, you could include the path to the p12 in a configuration file. "Sensible places" is a subjective question, though, so you're probably not going to get a good answer. Are you trying to use keyrings? – Eric Hughes Feb 23 '15 at 19:00
  • Keyrings? I'm aware that FileInputStream takes relative files, however I'd like to see an example of a relative path. – Adam Bronfin Feb 23 '15 at 19:02

1 Answers1

3

I built a quick and dirty little class to show the opening of a relative .pfx (P12) that I created with keytools. Naturally, you can also look through different potential directories looking for the file, if there are a couple likely places for it to be.

The file structure looks like this:

./bin
./bin/Test.java
./bin/Test.class
./conf
./conf/myFile.pfx

Here's the test code:

import java.io.*;
import java.security.*;

class Test {
  public static void main(String[] args) {
    String pass = "password";
    try {
      File file = new File("../conf/myFile.pfx");
      InputStream stream = new FileInputStream(file);
      KeyStore store = KeyStore.getInstance("PKCS12");
      store.load(stream, pass.toCharArray());
      PrivateKey key = (PrivateKey)store.getKey("example", pass.toCharArray());
      System.out.println("Success");
    } catch (KeyStoreException kse) {
      System.err.println("Error getting the key");
    } catch (Exception e) {
      System.err.println("Error opening the key file");
      e.printStackTrace();
    }
  }
}
Eric Hughes
  • 831
  • 6
  • 19