Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Rich Client Platform (RCP) » SSL
SSL [message #436538] Mon, 12 September 2005 18:15 Go to next message
Khawaja Shams is currently offline Khawaja ShamsFriend
Messages: 3
Registered: July 2009
Junior Member
Hello,
does anyone have experience using SSL connections with an RCP? I am
unsure of how I can tell my RCP to trust a source. Usually, I can use a
command line options with simple java programs, but I would like some
guidance as to how this can be accomplished using an RCP.

Thanks in advance
Re: SSL [message #436551 is a reply to message #436538] Tue, 13 September 2005 07:47 Go to previous messageGo to next message
Stefan Langer is currently offline Stefan LangerFriend
Messages: 236
Registered: July 2009
Senior Member
How are you providing the certificates to your rcp? The keyring file? A
separate keystore?

Khawaja Shams wrote:
> Hello,
> does anyone have experience using SSL connections with an RCP? I am
> unsure of how I can tell my RCP to trust a source. Usually, I can use a
> command line options with simple java programs, but I would like some
> guidance as to how this can be accomplished using an RCP.
>
> Thanks in advance
>
Re: SSL [message #436606 is a reply to message #436551] Tue, 13 September 2005 17:44 Go to previous messageGo to next message
Khawaja Shams is currently offline Khawaja ShamsFriend
Messages: 3
Registered: July 2009
Junior Member
Hello,
thank you for responding. I made a keystore using java's keytool, and
I imported a copy of my self signed certificates into my keystore. At
this point, I made a successful connection with my ssl server by using a
command similar to the following:
java -Djavax.net.ssl.trustStore=trustedcerts TestServletSSL localhost

I obtained instructions on how to do this from the following link:
http://java.sun.com/developer/technicalArticles/Security/sec ureinternet2/index.html

As I mentioned above, I have made sucessful connection using the command
line, but I am having trouble using the truststore from my rcp
application. Any help would be greatly appreciated.


Best Regards,
Khawaja Shams
Re: SSL [message #436612 is a reply to message #436606] Wed, 14 September 2005 08:42 Go to previous message
Stefan Langer is currently offline Stefan LangerFriend
Messages: 236
Registered: July 2009
Senior Member
What you need to do is get an implementation of a TrustManager through
the TrustManagerFactory.getInstance methods and initialize it with your
keystore. The TrustManager you need is actually a X509TrustManager
because you are handling X509 Certificates.
The classes are located in the javax.net.ssl package.
Something along the lines: (Errorhandling omitted for clearity)
// Trying to obtain the X509 Certification Trustmanager from Sun
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
// You should load your keystore here either by looking it up on the
// classpath or maybe by configuring it in your rcp preferencestore or
// by providing it through the enviroment on the commandline
tmf.init(keystore);
TrustManager[] trustmanagers = tmf.getTrustManagers();
// simply use the first one (You should of course check that you
// actually have a trustmanager in the above array!)
X509TrustManager tm = (X509TrustManager)trustmanagers[0];

You now have a trustmanager you can use for your sslsocket.
Install this by calling the void init(KeyManager[] km,TrustManager[]
tm, SecureRandom random) method on your SSLContext before you create the
SSLSocketFactory through the SSLContext.getSSLSocketFactory() method.
// simply use default KeyManager and default SecureRandom generator
context.init(null, new TrustManager[] {tm}, null);
// See the documentation of javadoc to see if you need to specify a
// KeyTrustManger and a SecureRandom generator

You can now use the SSLSocketFactory to create your sockets in the usual
manner. All calls to your SSLSocket should go through the above
mentioned Trustmanager using the keystore you used to init your
TrustManagerFactory.
You might even consider providing your own implementation of the
X509TrustManager interface that simply delegates to the Trustmanager you
received in the above example and add Logging and Errorhandling to it.

Hope that helps and brings you on the right track

Regards
Stefan

Khawaja Shams wrote:
> Hello,
> thank you for responding. I made a keystore using java's keytool, and
> I imported a copy of my self signed certificates into my keystore. At
> this point, I made a successful connection with my ssl server by using a
> command similar to the following:
> java -Djavax.net.ssl.trustStore=trustedcerts TestServletSSL localhost
>
> I obtained instructions on how to do this from the following link:
> http://java.sun.com/developer/technicalArticles/Security/sec ureinternet2/index.html
>
>
> As I mentioned above, I have made sucessful connection using the command
> line, but I am having trouble using the truststore from my rcp
> application. Any help would be greatly appreciated.
>
>
> Best Regards,
> Khawaja Shams
>
Previous Topic:org.eclipse.swt.events.KeyAdapter
Next Topic:exporting rcp with 3rd party jar libraries
Goto Forum:
  


Current Time: Sat Dec 07 14:58:37 GMT 2024

Powered by FUDForum. Page generated in 0.03253 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top