Storing a KeyStore in Java: empty file and unable to reload

Question

So, my question has some very specific parts, but I'll try to do my best to leave those out as much as possible.

What I'm trying to do: I'm inserting my eID card (electronic ID card). I should, theoretically, be able to save the keystore and certificates that are on it with Java KeyStore. I can load the eID card as such:

/*Load from eID*/
KeyStore keyStore = null;
try (FileOutputStream fos = new FileOutputStream(Constants.fullFileEID)) {
    /*Load*/
    Security.addProvider(new BeIDProvider());
    keyStore = KeyStore.getInstance("BeID");
    keyStore.load(null);

So I'm loading the keyStore (by adding the provider, which is possible thanks to an external library I added). For the record: Constants is a constants class I'm using and fullFileEID is the full filepath to where the EID should be saved (the path, except for the file itself, exists).

Then I try to print some details off (I'm logging to a file as I get a pretty huge log already in my System.out, just to keep things clear):

    /*Test*/
    FileLogging.writeToFile("Type: " + keyStore.getType());
    FileLogging.writeToFile("Authentication certificate: " + keyStore.getCertificate("Authentication").getClass());
    FileLogging.writeToFile("Authentication serialized: " + Serialization.serialize(keyStore.getCertificate("Authentication")));
    FileLogging.writeToFile("Signature certificate: " + keyStore.getCertificate("Signature").getClass());
    FileLogging.writeToFile("Signature serialized: " + Serialization.serialize(keyStore.getCertificate("Signature")));
    FileLogging.writeToFile("Provider: " + keyStore.getProvider());
    FileLogging.writeToFile("Should be saved in " + Constants.fullFileEID);

I get a lot of interesting details in there. It's not null, everything seems loaded perfectly (there are two aliases in my keyStore, "Authentication" and "Signature"). For the record: Serialization is another Helper class of mine, which will serialize and Base64-encode the object it receives - the serialize function receives a Serializable as parameter.

This is what I get (I truncated the serialized Strings):

Type: BeID
Authentication certificate: class sun.security.x509.X509CertImpl
Authentication serialized: rO0ABXNyAC1qYXZhLnNlY3VyaXR5LmNlcnQuQ2VydGlma[...]
Signature certificate: class sun.security.x509.X509CertImpl
Signature serialized: rO0ABXNyAC1qYXZhLnNlY3VyaXR5LmNlcnQuQ2VydGlmaWNhdG[...]
Provider: BeIDProvider version 1.0
Should be saved in [fullFilePath]\eID.jks

So the certificates itself are from the "normal" classes, they're not subclassed so nothing special that I'm not aware of should be present in the serialization methods... Hence, the serialization itself also works perfectly.

Ok, so tests are positive, I think: time to actually store my file.

    /*Save*/
    keyStore.store(fos, "xxxx".toCharArray());
    System.out.println("keystore: ");
    keyStore.store(System.out, "xxxx".toCharArray());
} catch (Exception e) {
    Util.handleLogging(e);
}

So, I use the FileOutputStream I created above to store the keyStore to. ("xxxx" is the pincode - I'm not sure whether it needs to be the pincode of the card, as I could already read and print the contents of the card certificated without ever giving any pincode). I also try to "print" the output to System.out.

Now is the funny part: the file created is empty. It is created by this function (or an earlier file at least is overwritten). If the file doesn't exist is gets created. But it's 0kb big, and of course, it doesn't work.

What am I doing wrong? I really don't see what's wrong? I'd suspect if anything went wrong during the actual saving, I'd get an exception at least (like CertificateException, which should be thrown 'if any of the certificates included in the keystore data could not be stored' along the docs)?

I have to admit the fact that I don't like that no-one needs to provide a pin code for me to be able to read the data from the card. That doesn't feel right to me.

Answer 1

The Belgian eID has a specific implementation of the Java Keystore. If you have a look into the implementation be.fedict.commons.eid.jca.BeIDKeyStore, then you will see that the store method isn't implemented.

@Override
public void engineStore(final OutputStream stream, final char[] password)
        throws IOException, NoSuchAlgorithmException, CertificateException {
}

I had the same problem and I haven't found a solution yet.