Pages

Tuesday, January 6, 2009

Integrity Checking of Keystores

Recently I had to write functionality to rekey the encrypted documents in an application. When the new keystore is uploaded I ran into the question of determining if it was valid. After a bit of searching I found that attempting to load a keystore will throw an error if there is any thing wrong with the keystore format.



// the load function checks the integrity of the keystore.
try
{
keyStore.load(fis, password1.toCharArray());
}
catch (IOException ioe)
{
log.error("Not a valid keystore. " + ioe.getMessage());
request.setAttribute("errorMessage", ioe.getMessage());
this.forwardToTemplate(request, response, adminTemplate);
return;
}



Unfortunately this goes against my rule for using errors to discriminate bad inputs. But for me to do the research and build some sort of keystore validator would be a waste... So we do this.

No comments:

Post a Comment