Alessio Cervellin wrote:
>>==========================
>>Date: Tue, 05 Apr 2005 09:21:58 +1000
>>From: jagan <Jagan.Kommineni_at_infotech.monash.edu.au>
>>[CUT]
>>application. When I try to generate keystore and truststore using
>>keytool and openssl based on
>>"http://www.devx.com/Java/Article/10185/1954?pf=true", I am facing
>>problems. As these stores are based on version 1 of x.509. I
>>suspect
>>XWS-Security requires V3 certificates.
>>
>>
>
>Yes, AFAIK XWS requires V3 certificates (though I heard there has been some discussion in the past months within the OASIS working group about adding the support for x509v1)
>
>
>
>>I will be grateful if any body could give me some details for
>>establishing new certificates based on v3 .
>>
>>
>
>If you are facing problems with keytool/openssl, the fastest way to get your target coulb be to use a frontend like "Keystore Explorer" (you can get a free trial somewhere on internet), then you can use its GUI to do the following steps:
>1- create a new jks keystore
>2- generate a new key pair
>3- create a CSR bound to the previous key
>4- send the CSR to some CA (e.g. you can do it for free from the Verisign site)
>5- import the CA certificate (e.g. for Verisign you can download it from their site) in your trustore
>6- import the certificate that will be sent back to you from the CA you sent the CSR to in your keystore
>
>
You can use the following peice of code to import certificates into
keystores (JKS).
> import java.io.*;
>
> import java.security.*;
> import java.security.cert.*;
> import java.security.spec.*;
>
> public class SecuritySample {
>
> public static X509Certificate readX509Cert(String fileLocation)
> throws Exception {
> FileInputStream fis = new FileInputStream(fileLocation);
> BufferedInputStream bis = new BufferedInputStream(fis);
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert = null;
> while (bis.available() > 0) {
> cert = (X509Certificate) cf.generateCertificate(bis);
> }
> return cert;
> }
>
> /**
> * Private key should be in "DER" format.
> */
> public static PrivateKey readPrivateKey(String fileLocation)
> throws Exception {
>
> FileInputStream fis = new FileInputStream(fileLocation);
> byte input[] = new byte[fis.available()];
> fis.read(input, 0, input.length);
> PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(input);
> KeyFactory key_fac = KeyFactory.getInstance("RSA");
> return key_fac.generatePrivate(spec);
> }
>
> /**
> * Generate a keystore with a single cert-privKey pair.
> */
> public static void generateAndSaveKeyStore(
> X509Certificate cert,
> PrivateKey key,
> String keystorePassword,
> String alias,
> String keyPassword,
> String keystoreLocation)
> throws Exception {
>
> KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(null, keystorePassword.toCharArray());
> X509Certificate[] chain = new X509Certificate[1];
> chain[0] = cert;
> ks.setKeyEntry(alias, key, keyPassword.toCharArray(), chain);
> ks.store(
> new FileOutputStream(keystoreLocation),
> keystorePassword.toCharArray());
> }
> }
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
>For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net
>
>
>