- // Write out
- write(fks,Chmod.to400,jks,keystorePassArray);
-
- // Change out to TrustStore
- fks = new File(dir,arti.getNs()+".trust."+kst);
- if(fks.exists()) {
- File backup = File.createTempFile(fks.getName()+'.', ".backup",dir);
- fks.renameTo(backup);
- }
+ // Set Keystore Password
+ props.add(Config.CADI_KEYSTORE,fks.getAbsolutePath());
+ String keystorePass = Symm.randomGen(Agent.PASS_SIZE);
+ String encP = props.addEnc(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+ // Since there are now more than one Keystore type, the keystore password property might
+ // be overwritten, making the store useless without key. So we write it specifically
+ // as well.
+ props.add(Config.CADI_KEYSTORE_PASSWORD+'_'+ext,encP);
+ char[] keystorePassArray = keystorePass.toCharArray();
+ jks.load(null,keystorePassArray); // load in
+
+ // Add Private Key/Cert Entry for App
+ // Note: Java SSL security classes, while having a separate key from keystore,
+ // is documented to not actually work.
+ // java.security.UnrecoverableKeyException: Cannot recover key
+ // You can create a custom Key Manager to make it work, but Practicality
+ // dictates that you live with the default, meaning, they are the same
+ String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE);
+ PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());
+ props.addEnc(Config.CADI_KEY_PASSWORD, keyPass);
+ props.add(Config.CADI_ALIAS, arti.getMechid());
+// Set<Attribute> attribs = new HashSet<>();
+// if (kst.equals("pkcs12")) {
+// // Friendly Name
+// attribs.add(new PKCS12Attribute("1.2.840.113549.1.9.20", arti.getNs()));
+// }
+//
+ KeyStore.ProtectionParameter protParam =
+ new KeyStore.PasswordProtection(keyPass.toCharArray());
+
+ Certificate[] trustChain = new Certificate[chainList.size()];
+ chainList.toArray(trustChain);
+ KeyStore.PrivateKeyEntry pkEntry =
+ new KeyStore.PrivateKeyEntry(pk, trustChain);
+ jks.setEntry(arti.getMechid(),
+ pkEntry, protParam);