#2 Certificates and keystores

Blog Post created by Alameyo on May 26, 2017

Hi again,

This week I was checking tools for managing certificates. First is Java Keytool, that's shell/command line tool which give easy way to access Keystores and list all certificates or extract particular by alias. Other one was easy rsa that comes with openVPN, it's also nice tool for creating certificates, but seems give less options than Java's.


After that I started to looking how to manage certificates in Java's code. Extracting certificate from Keystore is pretty straightforward: load Keystore from directory as file, create instance of Keystore in code and load file to that instance using password for Keystore. From now extracting basic fields of certificate is easy as it can be done with getters methods, though getting extensions fields is a bit more complicated.


What else could I do about certificates? Create own, that's seems impossible to do easy way with basic Java so I had to add Bouncy Castle library to my dependencies. Often happens that external libraries have more frequent changes that native Java stuff. Effect is that found examples on various websites are often not up to date. So what to do? Check in documentation as in the end everything should be there . However going through can be sometimes like looking for missing pice of puzzles: class A is deprecated use instead class B > class B is also deprecated use class C > constructor of C's class takes different arguments than constructor of A class. But that's what programmers do . In the end I have done self-signed certificates with deprecated tools for now, while I am also close to solve it with new methods. Nevertheless that would be useful in later parts of GSoC project so I have still time for this.

Next week I should have already taken the first steps in doing project of certificate manager for Spark.