user1006585 user1006585 - 22 days ago 17
Java Question

Open x509 Certificate store from Java APIs

I am trying to show the list of certificates from the Client Certificate store in JSP.
In .Net there is an option to show the list of certificates with the following code...

X509Store xStore = new X509Store(...);
xStore.Open(...); // This will open the list of certicates in open dialog box.


Is there any similar functionality to get this information in Java?

Answer

You can open a JKS store using the default JDK classes, to open a pkcs12 file or the likes you need a library like bouncycastle. For example:

KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");

Then load the actual keystore:

keystore.load(inputStream, password);

Note that an empty password is handled differently by bouncycastle or jdk (one requires an empty string the other null iirc). Once you have a keystore instance, you can get the certificates easily by looping over the aliases and checking the types:

Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
    String alias = aliases.nextElement();
    if (store.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class))
        certificates.put(alias, (X509Certificate) store.getCertificate(alias));
}