From cca83c09b056d7fa498bfc5ce48c8c7b89ef969f Mon Sep 17 00:00:00 2001
From: Daniel Leyden <daniel.leyden@workday.com>
Date: Thu, 15 Jun 2017 14:57:18 +0100
Subject: [PATCH] Fixing #2

Making the certificate chain an array when setting a key so that storing
works.
Also adding an example of how to set a key to readme
---
 README.md                       | 17 +++++++++++++++++
 lib/keystores/java_key_store.rb |  6 +++---
 spec/java_key_store_spec.rb     | 14 ++++++++++++++
 3 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 94017e3..45d17e4 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,23 @@ certificate_chain = keystore.get_certificate_chain('my_key')
 This gem supports writing trusted certificate entries and private key entries. It currently supports
 writing DSA, RSA, and EC private key entries.
 
+Example usage:
+
+```
+require 'keystores'
+keystore = OpenSSL::JKS.new
+
+
+key = OpenSSL::PKey::RSA.new(File.read('my_key.pem'))
+cert_chain = OpenSSL::X509::Certificate.new(File.read('my_cert.pem'))
+private_key_password = 'key_password'
+
+keystore.set_key_entry('my-key', key, cert_chain, private_key_password)
+
+key_store_password = 'keystores'
+keystore.store('my_keystore.jks', key_store_password)
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/rylarson/keystores.
diff --git a/lib/keystores/java_key_store.rb b/lib/keystores/java_key_store.rb
index 38801d0..e225ac5 100644
--- a/lib/keystores/java_key_store.rb
+++ b/lib/keystores/java_key_store.rb
@@ -177,7 +177,7 @@ def set_certificate_entry(aliaz, certificate)
       end
     end
 
-    def set_key_entry(aliaz, key, certificate_chain, password=nil)
+    def set_key_entry(aliaz, key, certificate_chain, password)
       @entries_mutex.synchronize do
         entry = @entries[aliaz]
         if !entry.nil? && entry.is_a?(TrustedCertificateEntry)
@@ -188,7 +188,7 @@ def set_key_entry(aliaz, key, certificate_chain, password=nil)
         # Java uses new Date().getTime() which returns milliseconds since epoch, so we do the same here with %Q
         entry.creation_date = DateTime.now.strftime('%Q').to_i
         entry.encrypted_private_key = Keystores::Jks::KeyProtector.new(password).protect(key)
-        entry.certificate_chain = certificate_chain
+        entry.certificate_chain = [certificate_chain].flatten
 
         @entries[aliaz] = entry
       end
@@ -365,4 +365,4 @@ class TrustedCertificateEntry
       attr_accessor :creation_date, :certificate
     end
   end
-end
\ No newline at end of file
+end
diff --git a/spec/java_key_store_spec.rb b/spec/java_key_store_spec.rb
index 0e0ebee..200ee63 100644
--- a/spec/java_key_store_spec.rb
+++ b/spec/java_key_store_spec.rb
@@ -79,6 +79,20 @@
 
     expect { keystore.get_key('test_rsa_private_key_entry', nil) }.to raise_error(IOError)
     expect(keystore.get_key('test_rsa_private_key_entry', 'keystores')).to be_a(OpenSSL::PKey::RSA)
+
+    # ensure that the created keystore can then be stored and re-read
+    stored = StringIO.new
+    stored.set_encoding('BINARY', 'BINARY')
+    expect { keystore.store(stored, 'keystores') }.not_to raise_error
+    stored.rewind
+
+    reloaded_store = OpenSSL::JKS.new
+    reloaded_store.load(stored, 'keystores')
+
+    expect(reloaded_store.size).to eq(keystore.size)
+    expect(reloaded_store.contains_alias('test_rsa_private_key_entry')).to be_truthy
+    expect(reloaded_store.get_key('test_rsa_private_key_entry', 'keystores').to_der).to \
+      eq(keystore.get_key('test_rsa_private_key_entry', 'keystores').to_der)
   end
 
   context 'writing a keystore' do