Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting multiple truststore on the same JVM

I have an Java application running on a weblogic server. The application has two distinct modules which use SSL to connect to external web services - let's say module A and module B.

Module A - Built on Axis - Uses truststore A Moudle B - Built on Spring-ws - Uses truststore B.

Module A is existing. Module B is being introduced.

I need to be able to set the truststore dynamically in the JVM based on which module is being invoked.

Due to some constraints I do not have the option - to create a custom key manager. - use one truststore

I tried to use System.setProperty im Module B codebase to set truststore. However it works only if Module B got invoked first. For example - Say I have a fresh restart of the JVM then I invoke module A - it set's it's own truststore in the JVM then I invoke module B - It fails - it's does not set it's own truststore in the JVM even though I have used System.setProperty method.

Am I missing something or it's just that System.setProperty doesn't override existing set values. If so what are my options here.

like image 700
user825258 Avatar asked Sep 29 '11 00:09

user825258


People also ask

Can I have multiple Keystores?

Keystores are specific to apps, so multiple builds use them generally. As for your issue, sure thing!

Is truststore and keystore the same?

TrustStore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in an SSL connection. While Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification.

How do you know which truststore to use?

To determine what SSL/TLS keystore and truststore a Java™ application is using, you can set the JVM property javax. net. debug=true and re-create the error.

Is cacerts a keystore or truststore?

'cacerts' is a truststore. A trust store is used to authenticate peers. A keystore is used to authenticate yourself.


1 Answers

You can load trusted key stores dynamically at runtime.

// load your key store as a stream and initialize a KeyStore
InputStream trustStream = ...    
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());    

// if your store is password protected then declare it (it can be null however)
char[] trustPassword = ...

// load the stream to your store
trustStore.load(trustStream, trustPassword);

// initialize a trust manager factory with the trusted store
TrustManagerFactory trustFactory = 
  TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());    
trustFactory.init(trustStore);

// get the trust managers from the factory
TrustManager[] trustManagers = trustFactory.getTrustManagers();

// initialize an ssl context to use these managers and set as default
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
SSLContext.setDefault(sslContext);

Watch out, because SSLContext.getDefault() would give you back the default context which you cannot modify, so you have to create a new one, initialize it then set this new context as the default.

The bottom line is that you can use any number of trust stores if you want to.

like image 130
Kohányi Róbert Avatar answered Oct 16 '22 11:10

Kohányi Róbert