Re: Truststore and keystore per application

Tue, 07 Apr 2009 13:33:44 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marcus,

So, my original code was missing some important stuff (the ??? parts)
and was incorrect in one place (the first two arguments to
SSLContext.init() are arrays, not scalars).

The following code compiles and executes on my machine. You'll need to
change the password, of course, and there are a whole slew of exceptions
that will need to be handled as well. Enjoy!

- -chris

import java.io.FileInputStream;
import java.io.IOException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManager;
import java.security.KeyStore;
import java.security.SecureRandom;

        String keyStoreFilename = "my.app.keystore";
        char[] keyStorePassword = "secret".toCharArray();

        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

        FileInputStream in = null;

        try
        {
            in = new FileInputStream(keyStoreFilename);
            keyStore.load(in, keyStorePassword);
        }
        finally
        {
            if(null != in) try { in.close(); } catch (IOException ioe)
            { ioe.printStackTrace(); }
        }

        String algorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf =
TrustManagerFactory.getInstance(algorithm);
        tmf.init(keyStore);

        TrustManager[] trustManagers = tmf.getTrustManagers();

        algorithm = KeyManagerFactory.getDefaultAlgorithm();
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
        kmf.init(keyStore, keyStorePassword);

        KeyManager[] keyManagers = kmf.getKeyManagers();

        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(keyManagers, trustManagers, new SecureRandom());

        SSLServerSocketFactory sssf = sc.getServerSocketFactory();

        SSLServerSocket socket =
(SSLServerSocket)sssf.createServerSocket(8080);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAknbuH8ACgkQ9CaO5/Lv0PBSLQCePnaut3PSF7RrNszXjSNrojid
CL4AoLCv94ijdwwGiJMHp2OnTY9HNqLu
=ZrpN
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to