1

i extracted a certificate from a JKS keystore and attempted to cast it to iaik.x509.X509Certificate. it failed with sun.security.x509.X509CertImpl cannot be cast to iaik.x509.X509Certificate. is there a way to write it to iaik.x509.X509Certificate manually? code snippet -

        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream in = new FileInputStream(keystorePath);
        char[] keyPasswordChars = keyPassword == null ? new char[0] : keyPassword.toCharArray();
        try {
                trustStore.load(in, keyPasswordChars);
        } finally   {
                in.close();
        }
        Certificate cert = trustStore.getCertificate(alias);
        if (cert != null) {
            iaik.x509.X509Certificate  x509 = (iaik.x509.X509Certificate) cert;
            return x509;
        }

iaik.x509.X509Certificate is from Entrust - enttoolkit.jar

user207421
  • 305,947
  • 44
  • 307
  • 483
Olaoluwa
  • 66
  • 12
  • 1
    Why? You shouldn't be using either of these classes directly, and you will certainly never get an IAIK certificate object directly from a Java keystore file via the Java `KeyStore` API. You should be using `java.security.cert.X509Certificate` or possibly even `java.security.cert.Certificate`, whatever the `KeyStore` API actually returns. – user207421 May 30 '21 at 06:55
  • Like user207421 pointed out, do you need the iaik certificate object for any specific reason? – always_a_rookie Jun 01 '21 at 19:57
  • yes, iaik object is needed because the entrust toolkit has a CertVerifier class that accepts only iaik.X509 certificate. my certificate was saved into the keystoe using java.security.cert.Certificate but now have to pass iaik.x509.X509Certificate to the CertVerifier method. I will explore saving the certificate to keystore as iaik.x509.X509Certificate. – Olaoluwa Jun 13 '21 at 23:22
  • Why? The only reason to use IAIK at all is if you have not a JKS keystore but an HSM, for which you have a PKCS#11 (or whatever it is) DLL, and which you want to access it in Java via IAIK. – user207421 Feb 25 '22 at 03:03

0 Answers0