Creating keystore for jarsigner programmatically

Question

I'm trying to generate keystore with certificate to use it with JarSigner. Here is my code:

    System.out.println("Keystore generation...");

    Security.addProvider(new BouncyCastleProvider());

    String domainName = "example.org";

    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
    keyGen.initialize(1024, random);
    KeyPair pair = keyGen.generateKeyPair();

    X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();

    int serial = new SecureRandom().nextInt();

    v3CertGen.setSerialNumber(BigInteger.valueOf(serial < 0 ? -1 * serial : serial));
    v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
    v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));

    v3CertGen.setPublicKey(pair.getPublic());
    v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");

    X509Certificate PKCertificate = v3CertGen.generateX509Certificate(pair.getPrivate());

    FileOutputStream fos = new FileOutputStream("/Users/dmitrysavchenko/testCert.cert");
    fos.write(PKCertificate.getEncoded());
    fos.close();



    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    char[] password = "123".toCharArray();
    ks.load(null, password);

    ks.setCertificateEntry("hive", PKCertificate);

    fos = new FileOutputStream("/Users/dmitrysavchenko/hive-keystore.pkcs12");
    ks.store(fos, password);
    fos.close();

It works, but when I'm trying to sign my JAR with this keystore, I get the following error:

jarsigner: Certificate chain not found for: hive.  hive must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

I've discovered that there must be a private key, but I don't know how to add it to certificate. Can you help me?

Answer 1

This is how you can add a private key to your new keystore:

    ...
    char[] password = "123".toCharArray();
    ks.load(null, password);

    PrivateKeyEntry entry = new PrivateKeyEntry(pair.getPrivate(),
            new java.security.cert.Certificate[]{PKCertificate});
    ks.setEntry("hive",entry , new KeyStore.PasswordProtection("123".toCharArray()));

    fos = new FileOutputStream("hive-keystore.pkcs12");
    ks.store(fos, password);
    fos.close();

I've tried it with jarsigner and it gave no errors, so it should be fine.