{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Juvenile、少年° 的问题《error using PKCS#12 certificate to sign some data》','https://www.manongdao.com/q-1091912.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to use a PKCS#12 certificate to sign some data. I signed the data successfully in the development machine, but after I deployed the application into production machine I run into some problem.
In the development machine I have Oracle jdk 1.6.0 and centos 6.2 and in the production machine there is IBM jdk 1.6.0 with IBM AIX.
The problem is that I can't get the private key with it's alias out of the KeyStore instance which is loaded with the certification file , it seems that there is no entry in the KeyStore, while I have printetd the entries which exist in the certification file with keytool command(so there is no problem with the file), also this code runs in the development machine without any problem.
any help is appreciated
Here is the code:
KeyStore ks = KeyStore.getInstance("PKCS12");
String certFileAbsPath = this.getClass().getClassLoader().getResource("").getPath() + File.separator + "file.p12";
File file = new File(certFileAbsPath);
FileInputStream fis = new FileInputStream(file);
ks.load(fis, null);
Enumeration aliasEnum = ks.aliases();
String aliasName = null;
while(aliasEnum.hasMoreElements()){
aliasName = (String)aliasEnum.nextElement();
logger.debug("alias: " + aliasName);//nothing is logged!
}
In other words it's a resource.
new File()andnew FileInputStreamcan't deal with resources. You should be usingClass.getResourceAsStream().It works in development because the file exists there. It doesn't exist in production. Only the resource exists, inside the WAR file.
In my experience Java doesn't like PKCS#12 keystores that don't have a password. Set a password on your PKCS#12 file (it doesn't have to be a strong one, just "password" is fine) and provide that as the second argument to
ks.load.