    try {
      String filename = getTestKeyStoreFilename();
      char[] passphrase = PASSWORD.toCharArray();
      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream(filename), passphrase);
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, passphrase);
      TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
                if (keyStoreFileName.length() == 0) {
                    // using the default keystore name
                    keyStoreFileName = "DATA/SETTINGS/myPeerKeystore";
                    // creating an empty java keystore
                    final KeyStore ks = KeyStore.getInstance("JKS");
                    final FileOutputStream ksOut = new FileOutputStream(keyStoreFileName);
          , keyStorePwd.toCharArray());
                    // storing path to keystore into config file
                    this.switchboard.setConfig("keyStore", keyStoreFileName);

                // importing certificate
                pkcsTool.importToJKS(keyStoreFileName, keyStorePwd);
                // removing entries from config file
                this.switchboard.setConfig("pkcs12ImportFile", "");
                this.switchboard.setConfig("keyStorePassword", "");
                // deleting original import file
                // TODO: should we do this
            } catch (final Exception e) {
                this.log.logSevere("Unable to import certificate from import file '" + pkcs12ImportFile + "'.",e);
        } else if (keyStoreFileName.length() == 0) return null;
        // get the ssl context
        try {
            this.log.logInfo("Initializing SSL support ...");
            // creating a new keystore instance of type (java key store)
            if (this.log.isFine()) this.log.logFine("Initializing keystore ...");
            final KeyStore ks = KeyStore.getInstance("JKS");
            // loading keystore data from file
            if (this.log.isFine()) this.log.logFine("Loading keystore file " + keyStoreFileName);
            final FileInputStream stream = new FileInputStream(keyStoreFileName);           
            ks.load(stream, keyStorePwd.toCharArray());
            // creating a keystore factory
            if (this.log.isFine()) this.log.logFine("Initializing key manager factory ...");
            final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    public void importToJKS(final String jksName, final String jksPassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        // creating java keystore
        final KeyStore jks=KeyStore.getInstance("JKS");
        // loading keystore from file       
        FileInputStream jksFileIn = null;
        final File jksFile = new File(jksName);
        if (jksFile.exists()) {
            System.err.println("Loading java keystore from file '" + jksFile + "'");
            jksFileIn = new FileInputStream(jksFile);
        } else{
            System.err.println("Creating new java keystore '" + jksFile + "'");
        if (jksFileIn != null) jksFileIn.close();
        final Enumeration<String> pkcs12Aliases = aliases();
        while (pkcs12Aliases.hasMoreElements()) {
           final String strAlias = pkcs12Aliases.nextElement();
           System.err.println("Importing Alias '" + strAlias + "'");

           if (this.kspkcs12.isKeyEntry(strAlias)) {
              System.err.println("- Alias has key");
              final Key key = this.kspkcs12.getKey(strAlias, (this.kspkcs12Pass!=null)?this.kspkcs12Pass.toCharArray():null);
              System.err.println("- Alias key imported");

              final Certificate[] chain = this.kspkcs12.getCertificateChain(strAlias);
              System.err.println("- Alias certificate chain size: " + chain.length);

              jks.setKeyEntry(strAlias, key, (jksPassword!=null)?jksPassword.toCharArray():null, chain);
        // storing jdk into file
        System.err.print("Storing java keystore");
        final FileOutputStream jksFileOut = new FileOutputStream(jksName);,(jksPassword!=null)?jksPassword.toCharArray():null);
        System.err.print("Import finished.");
   * @throws Exception
  public static boolean checkServerCertValidity(int daysFromNow) {
    KeyStore keyStore;
      try {
        keyStore = KeyStore.getInstance(LDAPLoginModule.getTrustStoreType());
        keyStore.load(new FileInputStream(LDAPLoginModule.getTrustStoreLocation()), (LDAPLoginModule.getTrustStorePwd() != null) ? LDAPLoginModule.getTrustStorePwd().toCharArray() : null);
        Enumeration aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
          String alias = (String) aliases.nextElement();
          Certificate cert = keyStore.getCertificate(alias);
          if (cert instanceof X509Certificate) {
            return isCertificateValid((X509Certificate)cert, daysFromNow);
      }  catch (Exception e) {
                        "creating SSLContext: ERROR no such algorithm");

        //Step 2: obtain a key store instance, type is fixed
        KeyStore myKeys;
            myKeys = KeyStore.getInstance(ConstsIf.KS_TYPE_JKS);

        } catch (KeyStoreException e1)
            throw new ConfigurationException(
                        "creating SSLContext: ERROR no such algorithm");

        InputStream is = null;
        char[] keyPassPhrase = null;

        if (!isDefaultConfig)
            //Step 3:obtain password phrase for a keystore
                keyPassPhrase = ((String) m_config.get(KEYSTOREPASS_KEY)).toCharArray();
            } catch (Exception epass) {}
            //Step 4:obtain input stream for a key store
            // - if the config admin set it to type byte[], assume it is a keystore itself
            // - else if it is of type string try to interpret this string as an (absolute) path
            //   to a file
            // - else assume that this is a incomplete configruation we got from the CM Admin,
            //   use the default keystore
            // from CM as byte[] ?
            if ((keyPassPhrase != null) && (is == null))
                    is = new ByteArrayInputStream((byte[]) m_config.get(KEYSTORE_KEY));
                } catch (Exception eb) {}
            //from CM as a file pointer ?
            if ((keyPassPhrase != null) && (is == null))
                    is = new FileInputStream((String) m_config.get(KEYSTORE_KEY));
                } catch (Exception ef) {}
            if ((is == null) &&  m_log.doWarn())
                m_log.warn("using default, config is invalid: " + m_config.get(""));
        // Step 3 & 4 executed now if config is bad or we just use the default config
        if (is == null)
                keyPassPhrase = DEFAULT_PASSPHR_VALUE.toCharArray();
                is = getClass().getResourceAsStream(DEFAULT_KEYSTORE_VALUE);
            } catch (Exception edef)
        // Step 5: load keys into keystore
            myKeys.load(is, keyPassPhrase);
        } catch (Exception eload)
            throw new ConfigurationException(
                            KEYSTORE_KEY + "," + KEYSTOREPASS_KEY,
    if ((antProp.getProperty("keystore.password") == null) || (antProp.getProperty("keystore.alias") == null)) {
      throw new IllegalArgumentException(" is missing parameters keystore.alias or keystore.password");

    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    // get user password and file input stream
    char[] password = antProp.getProperty("keystore.password").toCharArray();
    is = UpdatePropUpdater.class.getClassLoader().getResourceAsStream("keystore.ks");
    if (is == null) {
      throw new IOException("No keystore.ks in root folder.");
    ks.load(is, password);

    // get my private key
    KeyStore.PasswordProtection protection = new KeyStore.PasswordProtection(password);
    KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(antProp.getProperty("keystore.alias"), protection);
    PrivateKey key = pkEntry.getPrivateKey();

    signer = Signature.getInstance("SHA1withRSA");
    try {

      SSLContext sslc = SSLContext.getInstance("TLS");

      KeyStore defaultKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
      // load the KeyStore.
      String java_home = System.getProperty("java.home");
      String library_file = java_home + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts";
      String passwd = "changeit";
      defaultKeyStore.load(new FileInputStream(library_file), passwd.toCharArray());

      KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      kmf.init(defaultKeyStore, passwd.toCharArray());

      KeyManager[] keyManagers = kmf.getKeyManagers();
        /* open first time */
        PDDocument docOpen1 = PDDocument.load(output);
        KeyStore ks1 = KeyStore.getInstance("PKCS12");       
        ks1.load(new FileInputStream(privateCert1), password1.toCharArray());           
        PublicKeyDecryptionMaterial pdm = new PublicKeyDecryptionMaterial(ks1, null, password1);       

        /* open second time */
        PDDocument docOpen2 = PDDocument.load(output);
        KeyStore ks2 = KeyStore.getInstance("PKCS12");       
        ks2.load(new FileInputStream(privateCert2), password2.toCharArray());           
        PublicKeyDecryptionMaterial pdm2 = new PublicKeyDecryptionMaterial(ks2, null, password2);       
    private void open(PDDocument doc, String certPath, String password) throws Exception
        KeyStore ks = KeyStore.getInstance("PKCS12");
        ks.load(new FileInputStream(certPath), password.toCharArray());
        PublicKeyDecryptionMaterial pdm = new PublicKeyDecryptionMaterial(ks, null, password);
                if( document.isEncrypted() )
                    DecryptionMaterial decryptionMaterial = null;
                    if( keyStore != null )
                        KeyStore ks = KeyStore.getInstance("PKCS12");      
                        ks.load(new FileInputStream(keyStore), password.toCharArray());
                        decryptionMaterial = new PublicKeyDecryptionMaterial(ks, alias, password);
