I got a certificate .cer and I'd like a script to import it in the Trusted Publisher list of certificate.
I managed to do this thing in C#
X509Certificate2 certificate = new X509Certificate2(filePath.Text, "Telecomitalia1?12524", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); X509Store store = new X509Store(StoreName.TrustedPublisher); store.Open(OpenFlags.ReadWrite); store.Add(certificate); store.Close(); Is there a way to do the same in Java?
Thanks a lot.
You can do the equivalent in Java. Check out the MSCAPI provider.
Provides direct read-write access to MS Window's keystores. The Windows-MY keystore contains the user's private keys and the associated certificate chains. The Windows-ROOT keystore contains all root CA certificates trusted by the machine.
KeyStore ks = KeyStore.getInstance("Windows-ROOT"); // Note: When a security manager is installed, // the following call requires SecurityPermission // "authProvider.SunMSCAPI". ks.load(null, null); ks.setCertificateEntry("alias", cert); ks.store(null, null); //again the permissions here... The way java handles certificates is very different to how Windows handles certificates. Windows provides predefined stores for certificates for the machine account, user accounts and service accounts, and distinguishes certificates based on their purpose (e.g. personal vs trussted CA.)
Java simply provides the concept of the Keystore - an arbitrary file of your choosing where certificates are stored. There is a default keystore used by the JDK for trusted CAs, located at$JAVA_HOME/jre/lib/security/cacerts.
To import the certificate into a keystore, you can use the keytool that is shipped with the JDK - which keystore you use depends upon your application.
See
Using the keytool, like the Java tutorial explains so well.
If you want to do it from code (not with the keytool utility) then this article will get you started.