I created a KeyStore to hold a set of private keys in a web server. After I create the KeyStore.jks file I successfully add a private key and retrieve it from the key store. But, when I try to add a new key I get a EOFException in the KeyStore.load(...).
public void setPrivateKey(String deviceSerialNumber, PrivateKey priv) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, InvalidKeySpecException, NotSupportedException {
File privateKeyFile = getFile(Constants.JKS_PRIVATE_FILE_NAME);//Get the KeyStore.jks file
synchronized (privateKeyFile) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(privateKeyFile), Constants.JKS_PRIVATE_FILE_PASSWORD); //This is where the error happens
FileOutputStream file = null;
try {
file = new FileOutputStream(privateKeyFile);//Get the JKS file with the private keys
//Write the private key to the file
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(Constants.JKS_PRIVATE_FILE_PASSWORD);
KeyStore.PrivateKeyEntry pke = new KeyStore.PrivateKeyEntry(priv, new Certificate[] { createCertificate() });
keyStore.setEntry(deviceSerialNumber, pke, protParam);
//Save changes to key store file
keyStore.store(file, Constants.JKS_PRIVATE_FILE_PASSWORD);
} finally {
file.close();//Close the private key file output stream
}
}
}
public PrivateKey getPrivateKey(String deviceSerialNumber) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, InvalidKeySpecException, NotSupportedException, UnrecoverableEntryException {
PrivateKey key = null;
File privateKeyFile = getFile(Constants.JKS_PRIVATE_FILE_NAME);//Get the keyStore.jks file
synchronized (privateKeyFile) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(privateKeyFile), Constants.JKS_PRIVATE_FILE_PASSWORD);
FileOutputStream file = null;
try {
file = new FileOutputStream(privateKeyFile);//Get the JKS file with the private keys
//Write the private key to the jks file
boolean isKeyEntry = keyStore.isKeyEntry(deviceSerialNumber);//Check if there is a key with the alias deviceSerialnumber
if (isKeyEntry) {//If the key does exist
System.err.println("Key does exist!!!!1");
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(Constants.JKS_PRIVATE_FILE_PASSWORD);
KeyStore.PrivateKeyEntry pke = (PrivateKeyEntry) keyStore.getEntry(deviceSerialNumber, protParam);
key = pke.getPrivateKey();
} else {//If the key does not exist
System.err.println("No key!!!!!!!!");
//HANDLE THIS
return null;
}
} finally {
file.close();//Close the private key file output stream
}
}
return key;
}
private Certificate createCertificate() throws CertificateException, IOException {
FileInputStream fis = new FileInputStream(getFile(Constants.CERTIFICATE_FILE));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> c = cf.generateCertificates(fis);
Iterator<? extends Certificate> i = c.iterator();
if (i.hasNext())
return (Certificate) i.next();
else
return null;
}
The error happens in setPrivateKey(...) at the keyStore.load(...) on the second time that the method is called to add an additional private key to the key store.
I generate the KeyStore.jks file and the server.cer files using keytool
keytool -genkey -alias keyAlias -keyalg RSA -keystore KeyStore.jks -keypass password -storepass password
keytool -export -alias keyAlias -file server.cer -keystore KeyStore.jks -storepass password
Am I doing something wrong in the way I store and retrieve private keys from the keystore ? How do I stop the EOFException from happening ?
Remove this line of getPrivateKey
file = new FileOutputStream(privateKeyFile);
It is not being used and close the FileInputStream you created before, not the output stream. You have two open streams on the same file
keyStore.load(new FileInputStream(privateKeyFile), Constants.JKS_PRIVATE_FILE_PASSWORD);