Hi, i'm trying create a new JSS certificate, but when the constructor
is called (Certificate certificadoJSS = new Certificate(info, rootkey,
sigAlg);), i'm returned the following error:
java.security.InvalidKeyException: Private Key is does not belong to
this provider
at org.mozilla.jss.pkix.cert.Certificate.<init>(Certificate.java:118)
I'm using Ubuntu 9.04, JSS 4.3, NSS 3.12 and NSPR 4.7.5
My code is:
FileInputStream ksfis;
try {
Provider proveedor = new org.mozilla.jss.JSSProvider();
Security.addProvider(proveedor);
CryptoManager.initialize(".");
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
// read in a cert
BufferedInputStream bis = new BufferedInputStream(
new FileInputStream(
"./certificates/MMS_certificates/rootca.crt"));
ksfis = new
FileInputStream("./certificates/runa/keystore.jks");
KeyStore truststore = KeyStore.getInstance("JKS");
truststore.load(ksfis, "key123".toCharArray());
PrivateKey rootkey = (PrivateKey)
truststore.getKey("rootKey",
"key123".toCharArray());
// set validity
Calendar cal = Calendar.getInstance();
Date notBefore = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date notAfter = cal.getTime();
// make a new public key
CryptoToken token = cm.getInternalKeyStorageToken();
KeyPair pair = null;
PrivateKey priv1 = null;
PublicKey pub = null;
java.security.KeyPairGenerator kpg =
java.security.KeyPairGenerator
.getInstance("DSA", "Mozilla-JSS");
pair = kpg.generateKeyPair();
priv1 = pair.getPrivate();
pub = pair.getPublic();
System.out.println("Generated key pair");
//
Name nameSubject = new Name();
nameSubject.addCommonName("luis");
nameSubject.addCountryName("ES");
nameSubject.addOrganizationName("dsic");
nameSubject.addOrganizationalUnitName("gti");
nameSubject.addLocalityName("valencia");
nameSubject.addStateOrProvinceName("valencia");
// Entidad certificadora que emite y firma el
certificado
Name nameIssuer = new Name();
nameIssuer.addCommonName("MMS");
nameIssuer.addCountryName("ES");
nameIssuer.addOrganizationName("dsic");
nameIssuer.addOrganizationalUnitName("gti");
nameIssuer.addLocalityName("valencia");
nameIssuer.addStateOrProvinceName("valencia");
SubjectPublicKeyInfo subjectPublicKeyInfo = new
SubjectPublicKeyInfo(
pub);//pair.getPublic());
AlgorithmIdentifier sigAlgID = new
AlgorithmIdentifier(sigAlg
.toOID());
CertificateInfo info = new
CertificateInfo(CertificateInfo.v3,
new INTEGER(1), sigAlgID, nameIssuer,
notBefore, notAfter,
nameSubject, subjectPublicKeyInfo);
Certificate certificadoJSS = new Certificate(info,
rootkey,
sigAlg);
what is the problem?
thanks.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
