Open Radar

 
Summary:
When a java application (or applet, I suppose) attempts to access a private key from the system keychain, only one private key is accessible.  Any other private keys do not appear to exist when using this API.

This seems to be a bug in the "KeychainStore" keystore which adapts the java KeyStore API to the OS X system keychain API.


Steps to Reproduce:
Run the following code on a machine with more than one private key in the default keychain:
import java.security.*;
import java.util.*;
import java.security.cert.*;

class keystore {
	private static void listEntries(KeyStore keyStore) throws Exception {
		Enumeration<String> aliases = keyStore.aliases();
		while(aliases.hasMoreElements()) {
			String alias = aliases.nextElement();
			if (keyStore.isKeyEntry(alias)) {
				System.out.println("key "+alias);
			} else if (keyStore.isCertificateEntry(alias)) {
				System.out.println("   cert "+alias);
			} else {
				System.err.println("????  "+alias);
				
			}
		}
	}


	public static void main(String[] args) throws Exception {
		KeyStore keyStore = KeyStore.getInstance("KeychainStore");
		keyStore.load(null, null);
		listEntries(keyStore);
		
		//System.out.println("key: "+keyStore.getKey("200/0", "-".toCharArray()));
		//System.out.println("cert: "+keyStore.getCertificate("200/0"));
	}
}



Expected Results:
It should display a list of all certificates and private keys (secret keys are not supported in this API) in the user's keychains.

Actual Results:
It displays a list of certificates and only the first private key that is encountered.

Regression:

Notes: