How do I programmatically create a new KeyStore?

Question

I'm trying to programmatically create a new keystore in Java. The following code:

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.setCertificateEntry("alias", cert);

throws a Uninitialized KeyStore exception.

Answer 1

To create a new KeyStore in Java you first need to create the KeyStore file and then store it using the store(FileOutputStream, char[]) method:

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

char[] password = "some password".toCharArray();
ks.load(null, password);

// Store away the keystore.
FileOutputStream fos = new FileOutputStream("newKeyStoreFileName");
ks.store(fos, password);
fos.close();

I hope this helps, you can see more info here.

Answer 2

The KeyStore needs to be loaded after it has been created. The load method asks for a FileInputStream to read from but if you supply a null one, an empty KeyStore is loaded.

See this link

Answer 3

I use this code, it works, hope it can help.

public static KeyStore createKeyStore() throws Exception {
    File file = new File("/Users/keyserverstore.keystore");
    KeyStore keyStore = KeyStore.getInstance("JKS");
    if (file.exists()) {
        // if exists, load
        keyStore.load(new FileInputStream(file), "123456".toCharArray());
    } else {
        // if not exists, create
        keyStore.load(null, null);
        keyStore.store(new FileOutputStream(file), "123456".toCharArray());
    }
    return keyStore;
}

Answer 4

 // load the keystore
 KeyStore p12 = KeyStore.getInstance("pkcs12");
 p12.load(new FileInputStream("KEYSTORE.p12"), "passwd".toCharArray());

// load the private key entry from the keystore  
 Key key = p12.getKey("mykey", "passwd".toCharArray()); 
 PrivateKey privKey = (PrivateKey) key;

Answer 5

If you want to use a bean (Spring Boot 2.4.x):

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;

@Configuration
public class KeyStoreConfiguration {

    private static final String KEY_STORE = "keystore.p12";
    private static final String KEY_STORE_TYPE = "PKCS12";
    private static final String KEY_STORE_PASSWORD = "password";
    
    @Bean
    public KeyStore keyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
        keyStore.load(new ClassPathResource(KEY_STORE).getInputStream(), KEY_STORE_PASSWORD.toCharArray());
        
        return keyStore;
    }
}

Answer 6

public static void main(String[] args) {
    // Load the JDK's cacerts keystore file
    String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
    FileInputStream is = new FileInputStream(filename);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    char[] password = "changeit".toCharArray();
    //keystore.load(is, password.toCharArray());
    keystore.load(is, password);

    // This class retrieves the most-trusted CAs from the keystore
    PKIXParameters params = new PKIXParameters(keystore);
    // Get the set of trust anchors, which contain the most-trusted CA certificates
    java.security.cert.Certificate sapcert = keystore.getCertificate("SAPNetCA");
    PublicKey sapcertKey =  sapcert.getPublicKey();
    System.out.println(sapcertKey);
    Enumeration<String> aliases = keystore.aliases();
    while (aliases.hasMoreElements()) {
       String alias = aliases.nextElement();
        //System.out.println("alias certificates :"+alias);
       if (keystore.isKeyEntry(alias)) {
            keystore.getKey(alias, password);
        }
    }