How do I import an existing Java keystore (.jks) file into a Java installation?

So, I am having trouble with LDAP. I have an integration test case that hopefully will work out, but it is currently running into LDAPS security issues with the SSL handshake.

I am able to connect to the LDAPS with Apache Directory Studio, and it has downloaded the keystore into a file "permanent.jks".

That's ok, but I want my integration test, which resides in Eclipse using a JRE, to be able to connect to the LDAP server using this keystore.

How can I take this keystore and import it into the JRE for its own use?

Solution 1:

Ok, so here was my process:

keytool -list -v -keystore permanent.jks - got me the alias.

keytool -export -alias alias_name -file certificate_name -keystore permanent.jks - got me the certificate to import.

Then I could import it with the keytool:

keytool -import -alias alias_name -file certificate_name -keystore keystore location

As @Christian Bongiorno says the alias can't already exist in your keystore.

Solution 2:

You can bulk import all aliases from one keystore to another:

keytool -importkeystore -srckeystore source.jks -destkeystore dest.jks

Solution 3:

to load a KeyStore, you'll need to tell it the type of keystore it is (probably jceks), provide an inputstream, and a password. then, you can load it like so:

KeyStore ks  = KeyStore.getInstance(TYPE_OF_KEYSTORE);
ks.load(new FileInputStream(PATH_TO_KEYSTORE), PASSWORD);

this can throw a KeyStoreException, so you can surround in a try block if you like, or re-throw. Keep in mind a keystore can contain multiple keys, so you'll need to look up your key with an alias, here's an example with a symmetric key:

SecretKeyEntry entry = (KeyStore.SecretKeyEntry)ks.getEntry(SOME_ALIAS,new KeyStore.PasswordProtection(SOME_PASSWORD));
SecretKey someKey = entry.getSecretKey();