Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How I can tell alias of the wanted key-entry to SSLSocket before connecting?

Tags:

java

authentication

ssl

keystore

I have two certificate/key pairs in a java keystore. Aliases of those key-entries are "foo" and "bar".

My TLS client (java program) uses the keystore. TLS client authentication is done during connection opening. The client program should use "foo" key-entry when TLS server request certificate from the client. Now the client send wrong certificate ("bar") to the server during connection handshake.

How I can tell alias of the wanted key-entry to SSLSocket before connecting?

Currently the code is following:

final SSLSocket ss = (SSLSocket)SSLSocketFactory.getDefault().createSocket(); 
ss.setEnabledProtocols( new String[] {"TLSv1"});
ss.connect( targetAddress );
like image 742
SKi Avatar asked Mar 04 '13 12:03

SKi

1 Answers

The default KeyManager will send the first certificate it finds that matches the conditions requested by the server, that is, it will send the first one it find for which it can build a certification chain up one of the CA names sent by the server during the request.

If you always want a specific alias to be chosen, you'll need to implement your own X509KeyManager, possibly wrapping the default manager. Something along these lines should work (not tested this actual code, there may be a few typos):

KeyStore keystore = ... // create and load your keystore.

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keystore, password.toCharArray());

final X509KeyManager origKm = (X509KeyManager)kmf.getKeyManagers()[0];

X509KeyManager km = new X509KeyManager() {
    public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
        return "foo";
    }

    public X509Certificate[] getCertificateChain(String alias) {
        return origKm.getCertificateChain(alias);
    }

    // Delegate the rest of the methods from origKm too...
}

Then use it for your SSLContext:

SSLContext sslContext = sslContext.getInstance("TLS");
sslContext.init(new KeyManager[] { km }, null, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
like image 77
Bruno Avatar answered Nov 07 '22 03:11

Bruno
Sign in to Comment

Related questions

Automatic 'loading' indicator when calling an async function
Ant scp task not working, even with jsch on ant/lib
How is ambiguity in selecting from overloaded methods resolved in Java?
getRequestProperty("Authorization") always returns null
Can I avoid such cumbersome try...catch block
Some necessary libraries are missing in WAR-File after export from Eclipse - why?
Java: XML canonicalization
How do I write a JUnit test case to test threads and events
Two Persistence Unit in one Persistence.xml
Detect silence when recording
Convert a list of array into an array of array
Difference between java downloads
Will using longs instead of ints benefit in 64bit java
NoClassDefFoundError on external library project for Android
Including JAR files in Eclipse (App Engine) project
Generics Hell: Can I construct a TypeLiteral<Set<T>> using generics?
Advantages of using Hibernate Callback?
Tomcat stopped without any log or any stack
JVM exceeds maximum memory defined with -Xmx
Regexp metachars "*" and "*?" in the JAVA's replaceAll() method behave oddly [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!