Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Platform » [Solved] How do I use alternative keystore and truststore providers when using Eclipse?
[Solved] How do I use alternative keystore and truststore providers when using Eclipse? [message #811130] Fri, 02 March 2012 00:40 Go to next message
Dustin Parker is currently offline Dustin Parker
Messages: 1
Registered: March 2012
Junior Member
Hi forum,

Searching furiously hasn't turned up anything, so here's my problem. I'd like to use Oracle's MSCAPI support for Java in Eclipse to hit a secure website. Here's a simple test I've been doing from the command line:

cat > TestURL.java <<EOT
import java.net.*;
public class TestURL {
    public static void main(String[] args) throws Exception {
        System.out.println(((HttpURLConnection)new URL(args[0]).openConnection()).getResponseCode());
    }
}
EOT
javac TestURL.java
java -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=Windows-MY -cp . TestURL some-secure-site-address
# Pin is prompted for here...
# Should report 200


The MSCAPI extension causes a prompt for my PIN, and the connection is made successfully. Notice the javax.net.ssl parameters. My eclipse.ini has these lines at the bottom:

-Djavax.net.ssl.keyStore=NONE
-Djavax.net.ssl.keyStoreType=Windows-MY
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.trustStoreType=Windows-ROOT


After launching Eclipse, I used VisualVM to verify that these system properties did indeed get set in the JVM. However, trying to connect to our task repository (a JIRA installation) results in a handshake_failure. It seems like Eclipse or one of its plugins is reconfiguring the SSL context. How can I either get Eclipse to obey those SSL settings?

EDIT: After setting
javax.net.ssl.{key,trust}StorePassword
, I've found something interesting:

java.io.FileNotFoundException: NONE (The system cannot find the file specified)
	at java.io.FileInputStream.open(Native Method)
	at java.io.FileInputStream.<init>(FileInputStream.java:120)
	at java.io.FileInputStream.<init>(FileInputStream.java:79)
	at org.eclipse.mylyn.internal.commons.net.PollingSslProtocolSocketFactory.<init>(PollingSslProtocolSocketFactory.java:72)
	at org.eclipse.mylyn.commons.net.WebUtil.<clinit>(WebUtil.java:194)
	at org.eclipse.mylyn.internal.tasks.ui.TasksUiPlugin.start(TasksUiPlugin.java:549)
	at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
        [snip]


I looked at an older version at grepcode (I can't post the link since I have <25 posts) and found it tries to use these standard properties itself and chokes on the fact that NONE isn't a valid file. I created a file called "NONE" in Eclipse's home directory and, lo and behold, it works! Now I can use my smart card from within Eclipse, woo hoo!

[Updated on: Fri, 02 March 2012 00:56]

Report message to a moderator

Re: [Solved] How do I use alternative keystore and truststore providers when using Eclipse? [message #1234359 is a reply to message #811130] Tue, 21 January 2014 19:43 Go to previous message
Jeff Lockemy is currently offline Jeff Lockemy
Messages: 1
Registered: January 2014
Junior Member

I wanted to thank you so much for posting this. I was looking for settings in order to use the MSCAPI to access certificates from the Windows store for a Java plug-in that we are running. Your posting pointed me in the right direction and helped me tremendously.

Jeff
Previous Topic:How to get Eclipse Installed
Next Topic:Status bar icons not working correctly in eclipse 4
Goto Forum:
  


Current Time: Wed Sep 17 01:35:28 GMT 2014

Powered by FUDForum. Page generated in 0.01622 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software