|
|
|
Re: SSL [message #436612 is a reply to message #436606] |
Wed, 14 September 2005 08:42 |
Stefan Langer Messages: 236 Registered: July 2009 |
Senior Member |
|
|
What you need to do is get an implementation of a TrustManager through
the TrustManagerFactory.getInstance methods and initialize it with your
keystore. The TrustManager you need is actually a X509TrustManager
because you are handling X509 Certificates.
The classes are located in the javax.net.ssl package.
Something along the lines: (Errorhandling omitted for clearity)
// Trying to obtain the X509 Certification Trustmanager from Sun
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
// You should load your keystore here either by looking it up on the
// classpath or maybe by configuring it in your rcp preferencestore or
// by providing it through the enviroment on the commandline
tmf.init(keystore);
TrustManager[] trustmanagers = tmf.getTrustManagers();
// simply use the first one (You should of course check that you
// actually have a trustmanager in the above array!)
X509TrustManager tm = (X509TrustManager)trustmanagers[0];
You now have a trustmanager you can use for your sslsocket.
Install this by calling the void init(KeyManager[] km,TrustManager[]
tm, SecureRandom random) method on your SSLContext before you create the
SSLSocketFactory through the SSLContext.getSSLSocketFactory() method.
// simply use default KeyManager and default SecureRandom generator
context.init(null, new TrustManager[] {tm}, null);
// See the documentation of javadoc to see if you need to specify a
// KeyTrustManger and a SecureRandom generator
You can now use the SSLSocketFactory to create your sockets in the usual
manner. All calls to your SSLSocket should go through the above
mentioned Trustmanager using the keystore you used to init your
TrustManagerFactory.
You might even consider providing your own implementation of the
X509TrustManager interface that simply delegates to the Trustmanager you
received in the above example and add Logging and Errorhandling to it.
Hope that helps and brings you on the right track
Regards
Stefan
Khawaja Shams wrote:
> Hello,
> thank you for responding. I made a keystore using java's keytool, and
> I imported a copy of my self signed certificates into my keystore. At
> this point, I made a successful connection with my ssl server by using a
> command similar to the following:
> java -Djavax.net.ssl.trustStore=trustedcerts TestServletSSL localhost
>
> I obtained instructions on how to do this from the following link:
> http://java.sun.com/developer/technicalArticles/Security/sec ureinternet2/index.html
>
>
> As I mentioned above, I have made sucessful connection using the command
> line, but I am having trouble using the truststore from my rcp
> application. Any help would be greatly appreciated.
>
>
> Best Regards,
> Khawaja Shams
>
|
|
|
Powered by
FUDForum. Page generated in 0.03253 seconds