Hello:
Suppose I have this code:
int PORT=4444;
String SERVER="127.0.0.1";
System.setProperty("javax.net.ssl.trustStore", "trustStore.dat");
System.setProperty("javax.net.ssl.keyStorePassword","pwd");
SSLSocketFactory sslssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket s=(SSLSocket)sslssf.createSocket(java.net.InetAddress.getByName(SERVER), PORT);
This works fine. When I call SSLSocketFactory.getDefault() I can see the certificates at "trustStore.dat". (running with -Djavax.net.debug=all)
Now, assume I have a trust keystore in memory:
int PORT=4444;
String SERVER="127.0.0.1";
String file="c:\\trustStore.dat";
String PW="pwd";
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream fis = new java.io.FileInputStream(file);
ks.load(fis, PW.toCharArray());
SSLSocketFactory sslssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket s=(SSLSocket)sslssf.createSocket(java.net.InetAddress.getByName(SERVER), PORT);
In this case when I call SSLSocketFactory.getDefault() I get a list of all certificates in default keystore.
How can I append my ks certificates? I tried this:
TrustManagerFactory tmf= TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
but when running the program, trustStore is emptied and, if javax.net.ssl.trustStore!="", it's filled in with default keystore certs.
The key is class DefaultSSLContextImpl, which in its constructor makes this:
super.engineInit(getDefaultKeyManager(), getDefaultTrustManager(), null);
Here getDefaultTrustManager() creates a
TrustManagerFactory with a keystore created by TrustManagerFactoryImpl.getCacertsKeyStore("defaultctx");
which does the job of emptying the contents of KeyStore.getInstance(KeyStore.getDefaultType()) and if it's the case, filling it with values from the store specified by javax.net.ssl.trustStore.
So I don't find the right place to add my memory keystore, since all this is done when calling SSLSocketFactory.getDefault(), what classes should I reimplement?
Thanks!