Cert issue
fkrauthan opened this issue · comments
If I export my p12 file the key and the cert have different alias. Is there another way to export my key or to fix the alias name? Because now the lib can load my certificate (Because the first alias is correct for the certificate) but not for my private key.
My certificate has the alias: "Pass Type ID: pass.com.pl.something" and my private key has the alias: "something".
Did you do anything special to specify the alias when you exported the p12 from Keychain? I'll re-export my cert and see what happens.
No. I just use the key chain tool for the newest mac osx like written in many blogs. I have now converted my p12 file to a jks file and load the KeyStore by my self. That works for me.
Hello,
i have the same problem.
The error is "KeyStore must contain a PrivateKey and Certificate" and the private key is null:
this.privateKey = getPrivateKey(keyStore, password);
I get the p12 file from external and I would not like to rebuild this file.
I had this issue too. The only way to fix that was converting my keystore. First I looked for the alias with this command:
openssl pkcs12 -in myp12.p12
You see something like this in your output:
-----END CERTIFICATE-----
Bag Attributes
friendlyName: YOURALIAS
What you can now do is to run the following command to convert the p12 into a jks file:
keytool -importkeystore -srckeystore ./myp12.p12 -srcstoretype PKCS12 -srcstorepass KEYSTOREPASSWORD -srcalias YOURALIAS -destkeystore ./myjks.jks -deststoretype JKS -deststorepass DESTKEYSTOREPASSWORD -destalias DESTALIAS
After that you can load this jks file with the simple Java Keystore functions like this:
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
KeyStore keyStore = KeyStore.getInstance("JKS", "SUN");
keyStore.load(new FileInputStream(".../myjks.jks"), "DESTKEYSTOREPASSWORD".toCharArray());
signer = PassSignerImpl.builder()
.keystore(keyStore, "DESTKEYSTOREPASSWORD")
.intermediateCertificate(new FileInputStream(".../wwdr.pem"))
.build();I hope this may help you too.
I checked out the aliases in my p12 file and they are different, but for whatever reason the certificate can be referenced by either alias...
I'm currently working on a solution, it's likely I'll change the PassSignerImpl.Builder to accept aliases for the signing certificate and private key:
PassSigner signer = PassSignerImpl.builder()
.keystore(new FileInputStream("certificates/Certificates.p12"), null)
.signingCertificateAlias("...")
.privateKeyAlias("...")
.intermediateCertificate(new FileInputStream("certificates/AppleWWDRCA.cer"))
.build();I thought you have already implemented the functionality to set an alias?
I did (it's included in version 1.0.1 which should be available from Maven central shortly), but this would allow setting the aliases for the signing certificate and private key separately, for when they are different.
That make sense 👍
I just released 1.1.0-SNAPSHOT to the Sonatype snapshot repository. It contains this and other changes. Give it a shot!
Sorry, i can't find the signingCertificateAlias and privateKeyAlias methods in the builder pattern of PassSignerImpl.Builder!
Are you using the 1.1.0-SNAPSHOT version? If you're using Maven you can clone the repository and run mvn install, or you can add the Sonatype Snapshot repository to your POM:
<repositories>
<repository>
<id>sonatype-nexus-snapshots</id>
<name>Sonatype Nexus Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.ryantenney.passkit4j</groupId>
<artifactId>passkit4j</artifactId>
<version>1.1.0-SNAPSHOT</version>
</dependency>
</dependencies>Alternately you can download this particular version at https://oss.sonatype.org/content/repositories/snapshots/com/ryantenney/passkit4j/passkit4j/1.1.0-SNAPSHOT/passkit4j-1.1.0-20130110.194847-3.jar