Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

Client certificate selection with JSSE

I have an application that connects to a SSL-server that requires client authentication. Depending on the type of interaction my client app has to choose one from several client certificates. To complicate things, I need to setup multiple connections concurrently, using a different certificate for every connection.

The JSSE uses system properties (javax.net.ssl.keyStoreProvider, etc.) to configure the keystore that will be used for finding a client certificate. I need an alternative for this mechanism that allows me to specify the keystore to use when I create de SSL-socktet. In the API-docs of the javax.net.ssl package I can't find a way to do this. Does anybody have a solution for this problem?

[719 byte] By [gjkreefta] at [2007-10-2 23:53:36]
«« (TOMCAT) resource not found exception
»» Which classes from J2SE might be encoded by java.beans.XMLEncoder?
# 1
Look again! and look at the Javadoc/Gude to Features/Security/JSSE Reference to see about creating your own KeyManagers and TrustManagers, or possibly Factories for these.
ejpa at 2007-7-14 16:39:33 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 2
I have seen the KeyManager interface but it only allows me to select a certificate based on an alias. The problem is that I have several providers that contain key material. Do you know if it's possible to select the Provider as well as the alias to choose a certificate?
gjkreefta at 2007-7-14 16:39:33 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 3
Look again! That's not what it does at all. What it does it allow you to select an alias, based on the key type and the issuers.
ejpa at 2007-7-14 16:39:33 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 4
Well, I guess it won't work for me then. I have several providers (PKCS#11 devices) that contain key material from the same issuer. Do you know if it's possible to select the provider that will be used?
gjkreefta at 2007-7-14 16:39:33 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 5
So you search all your devices for a key of the correct type and issuer and return the corresponding alias(es).It then comes back to you and asks for the private key & certificate chain for that alias.Plenty of opportunities for you to search your providers.
ejpa at 2007-7-14 16:39:33 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 6
Ok, thanks a lot!
gjkreefta at 2007-7-14 16:39:33 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified