0

Here's my code as below:

public static void main(String[] args) throws IOException, GeneralSecurityException, DocumentException {
    String path = "<pfx file>";
    char[] pass = "<password>".toCharArray();

    BouncyCastleProvider provider = new BouncyCastleProvider();
    Security.addProvider(provider);
    KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
    ks.load(new FileInputStream(path), pass);
    String alias = (String) ks.aliases().nextElement(); /* alias='CCA India 2011\u0000'*/
    PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);/* returns null */
    Certificate[] chain = ks.getCertificateChain(alias);/* returns null */
    X509Certificate last = (X509Certificate) chain[chain.length - 1];
    System.out.println(last.getNotBefore());
    System.out.println(last.getNotAfter());
}

The alias that is returned back has a \u0000 at the end of it. I am not sure what to make of it. Is that the reason why pk and chain is null? I tried to trim the alias to no avail.

I am able to import this certificate into the microsoft keystore. Meaning I am able to see it in the Internet Explorer .. Certificates. I am able to use it to sign documents on Adobe Reader. So there is no issue the pfx file. Just not able to work with it in java.

I have JCE installed as well.

sethu
  • 8,181
  • 7
  • 39
  • 65

1 Answers1

0

I am quite sure the alias is your problem. We had similar problems with upper and lower case letters. Some Providers are case sensitive (I think BC for example) some are not (I think the sun providers) and I am not sure if they support special characters.

Have you tried the Sun "SunJSSE" Provider? It should be used by default if you do not specify BC and he supports PKCS#12. I think the provider is also a bit lenient in regards to the alias than bc. If nothing helps I would try to change the alias of the entry, maybe some microsoft tool can do this if they support this alias.

MatK
  • 96
  • 2