After the discussion here: http://forums.sun.com/thread.jspa?threadID=5388459 and this article: http://www.ibm.com/developerworks/java/library/j-customssl/ I was able to override axis 1 socket factory to send a specific certificate from a keystore with multiple valid certificates.
But, while I was still experiencing with the code, I used the NewSUNX509 algorithm when getting an instance of the KeyManagerFactory
KeyManagerFactory.getInstance("NewSunX509");
When I did that, I could not find the alias I wanted anymore. When stepping in the code I saw that the aliases returned by
keyManager.getClientAliases(keyType, issuers);
had some numbers prefixed to them, like "8.the_alias_as_want". Since I was using String.equals() to check for the alias, it failed the verification.
I could fix that by using String.indexof() or use regular expressions to ignore the prefixed numbers, but now I start worrying how portable this code is. If each algorithm does its own alias manipulation, there's no way I can make the code generic enough to be run with any algorithm. Is there a reason why NewSunX509 adds those numbers to the aliases? It looks weird to me.
Edited by: daniel.mfreitas on May 27, 2009 11:31 AM