Accessing keystore certificates in Java

Question

I am developing a Java applet for singing PDF documents in the web browser. The applet needs to be able to work with both Windows and Mac OS. The applet will display a list of installed certificates on user's computer and let the user select one of them for signing.

I have found examples how to read certificates from a Windows keystore using the "Windows-MY" identifier, but I cannot find any example working with certificates in Java for Mac OS. How can a list of certificates be read from keystore on a Mac?

I am new to Java programming (being a .NET web developer primarily), maybe I miss something. Thank you for any help.

Answer 1

This is documented here: Java Cryptography Architecture Oracle Providers Documentation for JDK 8

You should read the whole page, but the relevant part for your question is at the bottom:

The Apple provider implements a java.security.KeyStore that provides access to the Mac OS X Keychain. The following algorithms are available in the Apple provider:

Engine: KeyStore
Algorithm Name(s): KeychainStore

So, in other words: You obtain a KeyStore object for the Mac OS X keychain by using the name "KeychainStore":

KeyStore ks = KeyStore.getInstance("KeychainStore");

After that it's basically the same as for every other keystore type. For example to list all certificates and their aliases:

ks.load(null, null);
Enumeration<String> en = ks.aliases();
while (en.hasMoreElements()) {
    String aliasKey = en.nextElement();
    X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey);
    System.out.println("alias: " + aliasKey);
    System.out.println("cert:" + c.getSubjectX500Principal().toString());
}

BTW, the browser vendors and Oracle are phasing out the browser plugin for applets. Java Web Start might be an alternative.