Custom SSLSocketFactory
[261 byte] By [GauravLaturkara] at [2007-10-2 12:14:43] 
Hello,I want to write my own SSLSocketFactory. I want to take the certificates used, at runtime and not through a keystore file. Is it really possible? Where can I find some code samples on this?Thanks in advance.Gaurav
You can use certificates....at run time by using following option at command line-Djavax.net.ssl.trustStore='<your truststore path'.Eg. java -Djavax.net.ssl.trustStore='c:\mytruststore' ProgramHope this helps>
java_ardent_fana at 2007-7-13 8:59:33 >
Thanks. But then the server certificate must be in my keystore. Otherwise I can't open the SSL connection with the server. Isn't it?
And is there any way to add the certificate to the keystore at runtime as a trusted certificate? The javadoc of setCertificateEntry() in KeyStore class says that if the alias is already present in the keystore as a trusted certificate entry, then only new certificate will be a trusted one. But if I have to add a new certificate with different alias and must be trusted, how can I achieve it?
Thanks again,
Gaurav
GauravLaturkara at 2007-7-13 8:59:33 >
You don't want a custom socket factory, you want to customize the SSLContext with your own TrustManager.
ejpa at 2007-7-13 8:59:33 >
Right. That is what I was thinking. So can you please explain me the flow. I will be implementing my own TrustManager which picks the certificates from my keystore. Then at run time, I will get certificates that my TrustManager must check with certificates in the keystore. If those are trusted certificates, SSLScoket must be created. So should I have my own SSLScoket implementation or the the default will work with my TrustManager implementation? And is there any System property to set the custom TrustManager?
Please let me know if I am missing anything.
Thanks again.
Gaurav
GauravLaturkara at 2007-7-13 8:59:33 >
You create an SSLContext, you initialize it with your own X509TrustManager, and use the SSLContext to create an SSLSocketFactory. Use this SSLSocketFactory to create SSLSockets as required. Those SSLSockets will then call your TrustManager with each server certificate received.
None of this requires a customization of SSLSocket.
ejpa at 2007-7-13 8:59:33 >
Hey thanks. I got the idea. I have one more doubt. Actually, I am going to get the server certificates through some custom API. And I want to verify them with the certificates in the KeyStore. So can you tell me how the SSLSocket send the certificate recieved to the TrustManager?
I am still not very much clear about how all these things are going to work?
Thanks
Gaurav
GauravLaturkara at 2007-7-13 8:59:33 >
It calls one of the X509TrustManager methods, in this case X509TrustManager.checkServerTrusted().
ejpa at 2007-7-13 8:59:33 >
Thanks. I finally made it. I was a bit busy. So sorry for the reply. I have implemented SSLSocketFactory and X509TrustManager.Thanks for the help.
GauravLaturkara at 2007-7-13 8:59:33 >
Security New Topic
Security Hot Topic
Security
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding