apple.security.KeychainStore does not load private key (when called from javaws)
Florian Bruckner (3kraft)
florian.bruckner at 3kraft.com
Mon Jul 14 16:38:27 UTC 2014
Hi,
I've been working on getting client certificates to run on OSX with Apple KeyChain in Java Webstart.
KeychainStore works fine if it is passed a keystore password. It does not use it, at least not when
trying to create a KeyStore with a private key entry.
Java Webstart tries to load private keys from KeyChain if the browser keystore is activated.
Unfortunately it tries to load the private key with an empty password (a char[0]), and KeychainStore
rejects to load the private key then. It works fine for the trust store, as there are no private
keys involved.
A simple "fix" for this is to set a dummy password in KeychainStore if no password is passed in
engineGetKey, e.g. like this:
if (password == null || password.length ==0) {
password = "DUMMY".toCharArray();
}
Well, not really a fix, but rather a POC that the empty password is in fact the problem.
I've not found out what exactly it is that the private key is not loaded, I just verified that the
empty password passed by javaws causes it. Before I try to dig into KeychainStore - any idea why the
private keys are not loaded if the password is empty?
regards,
Florian
--
3kraft IT GmbH & Co KG | Wasagasse 26/2 | 1090 Wien | Österreich | FN 333787 p (HG Wien)
Komplementär: 3kraft IT GmbH | Wasagasse 26/2 | 1090 Wien | Österreich | FN 333558 b (HG Wien)
More information about the macosx-port-dev
mailing list