Programmatically Inspect an iOS Certificate with Java

The first naïve approach in a JUnit4:

@Test
public void shouldBeAbleToLoadP12Keystore() throws Exception {
  KeyStore store = KeyStore.getInstance( "PKCS12", "BC" );
  store.load( IOSCertificateUtilTest.class.getResourceAsStream( "ios_build.p12" ), "notSoShortKeystorePassword".toCharArray() );
}

Note: You might have to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

Kudos: Java Security: Illegal key size or default parameters?

java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size

On a Mac you could grab your Java 8 JAVA_HOME like this:

export JAVA_HOME="$(/usr/libexec/java_home -v 1.8)"

or copy the files directly into $(/usr/libexec/java_home -v 1.8)/jre/lib/security

Now with unlimited strength let's dig deeper into the iOS certificate:

...
String certificateName = store.aliases().nextElement();
X509Certificate certificate = ( X509Certificate )store.getCertificate( certificateName );
Principal dn = certificate.getSubjectDN();
String splits[] = dn.toString().split( "," );
for( String s : splits ) {
  String[] str = s.trim().split( "=" );
  String key = str[ 0 ];
  if( key.equals( "CN" ) ) {
    System.out.println( "CN - Name: " + str[ 1 ] );
  }
  if( key.equals( "O" ) ) {
    System.out.println( "O - Team name: " + str[ 1 ] );
  }
  if( key.equals( "OU" ) ) {
    System.out.println( "OU - Team ID: " + str[ 1 ] );
  }
}

Nice little utility to check some of the main information of an (iOS) certificate.

Show Comments