configuring "trust store" for SSL clients
Hi,
Would any one please be able to tell whether and SSL client can *programatically* configure its "trust store" , and *not* by using System.setProperty ?
In detail:
I'm writing a client, that connects to a server using SSL.
The server's certificate is *not* signed by a "well-known" CA (certificate authority). Rather, it's signed by my company's private CA.
Now, I *know* you can edit the default java trust-store file. Or you can use System.setProperty() to set the trust-store file.
But, is it possible to have finer control over the trust store ? In my case, the client has multiple threads, each thread requiring a different trust sotre - so a global "system property" is not good enough...
Thanks !
[759 byte] By [
solmyr72a] at [2007-10-1 22:47:56]
Yes. Sample code (frome the jsse reference guide):import javax.net.ssl.*;
import java.security.*;
// Create/initialize the SSLContext with key material
char[] passphrase = "passphrase".toCharArray();
// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testKeys"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testTrust"), passphrase);
// KeyManager's decide which key material to use.
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ksKeys, passphrase);
// TrustManager's decide whether to allow connections.
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(ksTrust);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(
kmf.getKeyManagers(), tmf.getTrustManagers(), null);
Then use the methods of the SSLContext to get SSLSockets, SSLServerSockets and that stuff. If you pass null for any of the parameters of sslContext.init(), the SSLContext will use the defaults.
