How to get privatekey from keystore on mac osx via java?

I write a jar for filling the apk in Google Play. Required to send the p12 key, it was placed in the keystore on the mac keychain mac osx

Now we need to somehow extract the privatekey. I started doing this:

String ALIAS = "test1234";
char[] PASSWORD = null;
KeyStore keyStore = KeyStore.getInstance("KeychainStore", "Apple");
keyStore.load(null, null);
PrivateKey privateKey = (PrivateKey)keyStore.getKey(ALIAS, PASSWORD);

PrivateKey gets NullPointerException

String

Enumeration<String> al = keyStore.aliases();

It is possible to get a list of all certificates, as well as pull the public key. If you can't get the privatekey - are there any ready-made solutions for pulling out the key? Can shells/wrappers? Maybe you can somehow pull it through bash?

From what I managed to dig up in the Internet, for example, here is this question, but here about the login/password, I tried to use the osx-keychain-java shell, but it is only for pulling passwords, not for keys.

P.S. We can't give the p12 key in the clear, so we put it in the keychain. Here is such a task...

Knowledgeable, direct, pliz, in the right direction.

Author: Дух сообщества, 2016-09-21
Source

1 answers

After some time, a solution was found:

1. Setting access to the private key in the keychain. Double-click on the key to open the properties window, where in the "Access" tab, set "Allow all programs to access this object"

2. On the mac, we use the keychain_access utility to build the executable file.

3. In teamcity, in command_line, we call this utility to get the key

chmod +x keychain_access
PRIVATE_KEY=$(./keychain_access -t private-key "<имя_ключа,_как назван_в_связке_ключей>")

4. Received we pass the key in String format to our Java utility (what it is - https://habrahabr.ru/post/281557/)

    java -jar public.jar "$PRIVATE_KEY"

5. Converting String key to PrivateKey using the additional library https://github.com/rtyley/spongycastle For myself, I have collected separately spongycastle-core-1.54.0.0.jar and attached to the project in eclipse.

    PrivateKey getPrivateKeyAttempt(String key) {
        String privKeyPEM = key.replace("-----BEGIN RSA PRIVATE KEY-----\n", "")
        .replace("-----END RSA PRIVATE KEY-----", "");

        // Base64 decode the data
        byte[] encodedPrivateKey = Base64.decodeBase64(privKeyPEM);

        try {
            ASN1Sequence primitive = (ASN1Sequence) ASN1Sequence.fromByteArray(encodedPrivateKey);
            Enumeration<?> e = primitive.getObjects();
            BigInteger v = ((ASN1Integer) e.nextElement()).getValue();

            int version = v.intValue();
            if (version != 0 && version != 1) {
                throw new IllegalArgumentException("wrong version for RSA private key");
            }

            BigInteger modulus = ((ASN1Integer) e.nextElement()).getValue();
            BigInteger privateExponent = ((ASN1Integer) e.nextElement()).getValue();

            RSAPrivateKeySpec spec = new RSAPrivateKeySpec(modulus, privateExponent);
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PrivateKey pk = kf.generatePrivate(spec);
            return pk;
        } catch (IOException e2) {
            throw new IllegalStateException();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        } catch (InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

6. Well, actually, everything, we use PrivateKey for filling.

 1
Author: Евгений Детков, 2016-10-14 10:44:31