Migrating from Java to Weblogic SSL implementation, SSLContext
Hi,
In java SSLContext.init(keyManagers, trustManagers, null) we pass keyManagers and trustManagers to init it, these managers can be created for example like this:
KeyManagerFactory kmfactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keystore, password !=null ? password.toCharArray()
:null);
return kmfactory.getKeyManagers();
then I can call sslContext.getSocketFactory() and pass it to HttpsURLConnection - ready and works..
In weblogic classes in SSLContext I don't have init() method, dont have something like KeyManagerFactory ...
I can get this factory by calling sslContext.getSocketFactory() but firstly I must create and initialize SSLContext.
Here's the problem:
KeyStore keystore = (I use java classes, that is simple)
weblogic.security.SSL.SSLContext sslcontext = weblogic.security.SSL.SSLContext.getInstance("https");
weblogic.security.SSL.TrustManager tm = what? - no any factory that could be initialized by keyStore and would have getTrustManagers() ;
And then sslcontext.setTrustManager(tmanager); - which one? No init method in some factory, that would start the whole SSL engine..
In samples there is NulledTrustManager that does nothing so how to create such manager basing on java.security.KeyStore? - because I have to check all the aliases and respec certificate chains and return some result.. In Java classes it hapens automatically and it can be done like this:
publicclass AuthSSLX509TrustManagerimplements X509TrustManager{
private X509TrustManager defaultTrustManager =null;
privatestatic Logger log = Logger.getLogger(AuthSSLX509TrustManager.class);
;
/**
* Constructor for AuthSSLX509TrustManager.
*/
public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager){
super();
if (defaultTrustManager ==null){
thrownew IllegalArgumentException("Trust manager may not be null");
}
this.defaultTrustManager = defaultTrustManager;
}
/**
* @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String
*authType)
*/
publicvoid checkClientTrusted(X509Certificate[] certificates,
String authType)throws CertificateException{
System.out.println(" checkClientTrusted!! ");
if (certificates !=null){
for (int c = 0; c < certificates.length; c++){
X509Certificate cert = certificates[c];
System.out.println(" Client certificate " + (c + 1) +":");
System.out.println(" Subject DN: " + cert.getSubjectDN());
System.out.println(" Signature Algorithm: " + cert.getSigAlgName());
System.out.println(" Valid from: " + cert.getNotBefore());
System.out.println(" Valid until: " + cert.getNotAfter());
System.out.println(" Issuer: " + cert.getIssuerDN());
}
}else{
System.out.println(" certificates are null!! ");
}
defaultTrustManager.checkClientTrusted(certificates, authType);
}
/**
* @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String
*authType)
*/
publicvoid checkServerTrusted(X509Certificate[] certificates,
String authType)throws CertificateException{
System.out.println(" checkServerTrusted!! ");
if (certificates !=null){
for (int c = 0; c < certificates.length; c++){
X509Certificate cert = certificates[c];
System.out.println(" Server certificate " + (c + 1) +":");
System.out.println(" Subject DN: " + cert.getSubjectDN());
System.out.println(" Signature Algorithm: " + cert.getSigAlgName());
System.out.println(" Valid from: " + cert.getNotBefore());
System.out.println(" Valid until: " + cert.getNotAfter());
System.out.println(" Issuer: " + cert.getIssuerDN());
}
}else{
System.out.println(" certificates are null!! ");
}
defaultTrustManager.checkServerTrusted(certificates, authType);
}
/**
* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
*/
public X509Certificate[] getAcceptedIssuers(){
return this.defaultTrustManager.getAcceptedIssuers();
}
}
What is important is that I want to have my own location of keystore file, like D:\\certs\blabla..
In samples there is NulledTrustManager that does nothing so how to create such manager basing on java.security.KeyStore? - because I have to check all the aliases and respec certificate chains and return some result.. In Java classes it hapens automatically
In Weblogic it is not so easy- can u pass me some examples please? I want to create weblogic HttpsURLConnection and pass to it respect data like hostnameverifier or socketfactory, dont want to make all of it using sockets, i did such client with java SSL classes, i need help with weblogic solution.
--
Edited by haiaw at 02/28/2007 4:35 AM
