Java: Loading SSL Keystore via a resource

by

I had to do something similar a while back. I had a certificate file and I had to figure out a way to load it in and use it for an SSL connection. Hopefully what I did will help you out.

First I had to create a trust manager:

public class MyX509TrustManager implements X509TrustManager {

    X509TrustManager pkixTrustManager;

    MyX509TrustManager() throws Exception {

        String certFile = "/certificates/MyCertFile.cer";

        Certificate myCert = CertificateFactory.getInstance("X509").generateCertificate(this.getClass().getResourceAsStream(valicertFile));

        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, "".toCharArray());
        keyStore.setCertificateEntry("myCert", myCert);

        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
        trustManagerFactory.init(keyStore);

        TrustManager trustManagers[] = trustManagerFactory.getTrustManagers();

        for(TrustManager trustManager : trustManagers) {
            if(trustManager instanceof X509TrustManager) {
                pkixTrustManager = (X509TrustManager) trustManager;
                return;
            }
        }

        throw new Exception("Couldn't initialize");
    }

    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        pkixTrustManager.checkServerTrusted(chain, authType);
    }

    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        pkixTrustManager.checkServerTrusted(chain, authType);
    }

    public X509Certificate[] getAcceptedIssuers() {
        return pkixTrustManager.getAcceptedIssuers();
    }
}

After that I had to create a socket factory that used my trust manager:

public class MySSLProtocolSocketFactory implements SecureProtocolSocketFactory {

    private SSLContext sslContext = null;

    public MySSLProtocolSocketFactory() {
        super();
    }

    private static SSLContext createMySSLContext() {
        try {
            MyX509TrustManager myX509TrustManager = new MyX509TrustManager();
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, new MyX509TrustManager[] { myX509TrustManager}, null);
            return context;
        }

        catch(Exception e) {
            Log.error(Log.Context.Net, e);
            return null;
        }
    }

    private SSLContext getSSLContext() {
        if(this.sslContext == null) {
            this.sslContext = createMySSLContext();
        }

        return this.sslContext;
    }

    public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException {
        return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
    }

    public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort, final HttpConnectionParams params) throws IOException {
        if(params == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }

        int timeout = params.getConnectionTimeout();
        SocketFactory socketFactory = getSSLContext().getSocketFactory();

        if(timeout == 0) {
            return socketFactory.createSocket(host, port, localAddress, localPort);
        }

        else {
            Socket socket = socketFactory.createSocket();
            SocketAddress localAddr = new InetSocketAddress(localAddress, localPort);
            SocketAddress remoteAddr = new InetSocketAddress(host, port);
            socket.bind(localAddr);
            socket.connect(remoteAddr, timeout);
            return socket;
        }
    }

    public Socket createSocket(String host, int port) throws IOException {
        return getSSLContext().getSocketFactory().createSocket(host, port);
    }

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
        return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
    }

    public boolean equals(Object obj) {
        return ((obj != null) && obj.getClass().equals(MySSLProtocolSocketFactory.class));
    }

    public int hashCode() {
        return MySSLProtocolSocketFactory.class.hashCode();
    }
}

Then I used that socket factory to send my POST:

Protocol.registerProtocol("myhttps", new Protocol("myhttps", new MySSLProtocolSocketFactory(), 443));

PostMethod postMethod = new PostMethod("myhttps://some.url.here");

HttpClient client = new HttpClient();
int status = client.executeMethod(postMethod);

The only thing I couldn’t figure out was how to simply add the certificate file to the regular keystore. All the example source code I found during my research pointed to creating a socket factor and then registering a protocol with that socket factory. Perhaps there is a way to simply use the socket factory to make a connection without registering a protocol; I haven’t investigated that thoroughly. In my particular situation, creating a specific protocol was necessary. Hopefully this will get your further along the way. I admit it seems a bit roundabout; I felt the same way when I did it initially. But this was the only way I got it to work. Maybe other people have a better solution.

More Related Contents:

  1. How can I use different certificates on specific connections?
  2. Received fatal alert: handshake_failure through SSLHandshakeException
  3. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  4. How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?
  5. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  6. Import PEM into Java Key Store
  7. Using a custom truststore in java as well as the default one
  8. Does Java support Let’s Encrypt certificates?
  9. java – path to trustStore – set property doesn’t work?
  10. How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
  11. Java SSL: how to disable hostname verification
  12. Caused by: java.security.UnrecoverableKeyException: Cannot recover key
  13. What is Keystore?
  14. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  15. Using SSLContext with just a CA certificate and no keystore
  16. Java7 Refusing to trust certificate in trust store
  17. SSL “Peer Not Authenticated” error with HttpClient 4.1
  18. How to build a SSLSocketFactory from PEM certificate and key without converting to keystore?
  19. How Can I Access an SSL Connection Through Android?
  20. Setting multiple truststore on the same JVM
  21. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  22. Ignore self-signed ssl cert using Jersey Client [duplicate]
  23. How do I list / export private keys from a keystore?
  24. Can we load multiple Certificates & Keys in a Key Store?
  25. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  26. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake during web service communicaiton
  27. Keystore type: which one to use?
  28. java – ignore expired ssl certificate
  29. javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
  30. Java SSLHandshakeException: no cipher suites in common

Leave a Comment