Is pyjks supports loading of base64 decoded data for creating instance of KeyStore, How to add an instance of certificate similar to keytool import

[srinivasev]

Hi,

I need to construct the KeyStore instance using the base64 decoded data pulled from the config map (actually it consists of pre-loaded jks file content in base64 encoded form) . I can see the load method only takes the jks file as input, passing decoded base64 data and creating the KeyStore instance is not possible ?. I want to avoid again creating of the local/temp .jks file just for constructing the Keystore instance.

And, I need to add a new certificate into the created Keystore instance and pull the data from Keystore instance and do the base64 encoding for re-patching into the same configmap.

is this possible with this library ?

[srinivasev]

After analyzing the library code, I can see and able to perform the below things.

config_map_downloaded = get_config_map(api_reference, deployment_info)
decoded_data = base64.b64decode(config_map_downloaded.binary_data.get("cacerts"))
keystore = jks.KeyStore.loads(decoded_data, passphrase)

Can you please let me know on these open points for me ?. @mahmoud @kurtbrose

1. Can I add the new pem file(actually the certificate) for this keystore instance ? pem file contains the certificate data of an endpoint.
2. Can I generate a binary data out of this keystore instance for saving back to my configmap.
3. Right now, I am performing the encoding of .jks file contents after invoking keytool -importcert -trustcacerts -storepass %s -keystore %s -alias %s on the keystore and loading the binary data generated by this keystore file content into the configmap.
4. My understanding is that using this library I may no need to separately maintain .jks file for each thread call and can do programmatically addition of new certificate and patch it back to the configmap.

[JadyLiu]

@srinivasev did you get any luck with your questions above ? I am experiencing the similar user case.