advertisement
javaboutique
Search Tips
Articles  |   Tutorials  |   Reviews  |   Tools  |   by Category  |   by Date  |   by Name  |   Submit  |   Source  |   Forums  |  
javaboutique
Browse DevX


Partners & Affiliates


advertisement

Tutorials : Customize Your JSSE Key and Trust Material Managers :

Customization of Your JSSE Key Material Managers

The main task of the KeyManager interface is to manage the keys used for authentication in front of its peer (client or server). For example, the KeyManager interface is responsible for selecting the correct key material that will be sent to the peer. The authentication process can take place only in the presence of a context.

The sample application's SSLContext uses a default KeyManager (redirect this KeyManager to a keystore by setting the javax.net.ssl.keyStore system property). To customize SSLContext, you first must initialize it by providing one or more KeyManagers.Providing the null value ensures that an empty KeyManager will be used, but this is not what you need. The idea is to create your own KeyManager and there are several ways to do this.

The most common approach is to use the KeyManagerFactory class. As its name suggests, this class is a factory for one or more KeyManagers. When you generate a KeyManagerFactory , you can specify a key management algorithm. The default SunJSSE services provider contains two such algorithms:

  1. SunX509: This can be used to obtain key managers for the X.509 certificates.
  2. PKIX
Set the right algorithm using the ssl.KeyManagerFactory.algorithm property which can be found in the <java.home>/lib/security/java.security file, shown in Figure 1.


Figure 1. The java.security File: Setting the ssl.KeyManagerFactory.algorithm

You can also specify a different provider by using a String or a Provider object, as you can see from the below KeyManagerFactory.getInstance methods (these methods are used to generate KeyManagerFactory objects): 


public static final KeyManagerFactory getInstance(String algorithm) throws
NoSuchAlgorithmException
public static final KeyManagerFactory getInstance(String algorithm, Provider provider)
throws NoSuchAlgorithmException
public static final KeyManagerFactory getInstance(String algorithm, String provider) throws
NoSuchAlgorithmException, NoSuchProviderException
Here's a simple example of creating a KeyManagerFactory: 
...
KeyManagerFactory ClientKMF=null;
…
try{
   KeyManagerFactory KMF=KeyManagerFactory.getInstance("SunX509", "SunJSSE");
   }catch(java.security.NoSuchAlgorithmException e)          
      {System.out.println(e.getMessage());
   }catch(java.security.NoSuchProviderException e)
      {System.out.println(e.getMessage());}      
...
To initialize a KeyManagerFactory, call one of the following init methods: 
public final void init(KeyStore KS,char[] KSpassword) throws
KeyStoreException,NoSuchAlgorithmException,UnrecoverableKeyException
Generally, when you initialize a KeyManagerFactory, you have to provide the name of your keystore and the access password to the keys. It's mandatory that all the keys from the keystore are protected by the same password—otherwise, the provider won't be able to access all the keys from that keystore. The password can be exactly the same as the password that protects the keystore:

Now, suppose you have a special provider that needs more parameters to initialize a KeyManagerFactory. Then, you'd have to use the following init method: 

public final void init(ManagerFactoryParameters MFP)throws InvalidAlgorithmParameterException
In our example, this means you must provide all the parameters by implementing the ManagerFactoryParameters interface in agreement with the provider requests.

Finally, to retrieve all the KeyManagers, call the KeyManagerFactory.getKeyManagers method. This method returns one key manager for each type of key material: 

public final KeyManager[] getKeyManagers()
After all this theory, let's see a practical example. The server in Listing 3 is another version of the SSLServerSide.java from Listing 1. This modified server uses a customized context along with the set of key managers returned by the generated KeyManagerFactory, provided by SunJSSE for the SunX509 algorithm. The factory has been initialized with the SSLcert keystore, without using system properties.

Note: In most cases, only one KeyManager will support the authentication mechanism, based on the X.509 certificates' public keys, but this isn't mandatory. J2SSE can handle more than one authentication mechanism simultaneously, but in this case every mechanism is represented by a separate KeyManager.

Home / Articles / Customize Your JSSE Key and Trust Material Managers / 1 / 2 / 3 / Next Page

How to Add Java Applets to Your Site

New on the Java Boutique:

New Review:

Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling API boasts simplicity, ease-of-integration, a well-rounded feature set, and it's free!

New Applet:

Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA sequences into three useful formats.

Elsewhere on internet.com:

WebDeveloper Java
Lots of Java information on webdeveloper.com

WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.

ScriptSearch Java
Hundreds of free Java code files to download.

jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.

 Avaya DevConnect Center
 Service Component Architecture/Service Data Objects Solution Center
 Intel Go Parallel Portal
 Internet.com eBook Library
 IBM Software Construction Toolbox
 Microsoft RIA Development Center
 Destination .NET
XML error: not well-formed (invalid token) at line 53
advertisement
Receive Articles via our XML/RSS feed
Receive Articles via our XML/RSS feed

JavaBytes
Internet Cyclone
This powerful, easy-to-use, internet optimizer is for Windows 95, 98, ME, NT, 2000 and XP. It's designed to automatically optimize your Windows settings, boosting your Internet connection up to 200%.

Windows 7: It's Not Just a Codename Anymore
Microsoft Shines Silverlight on Eclipse
OpenOffice Hits 3.0: Can It Challenge Microsoft?
Get Ready for Microsoft's 'Oslo' Modeling Tool
Latest Linux Hits Networking Flaws
Metasploit 3.2 Offers More 'Evil Deeds'
'Thank You Apple. Seriously.'
The Buzz: BlackBerry App Store Seen Next
Is .NET on Linux Finally Ready?
Red Hat Takes on HPC Market, Microsoft

Intel Sees Fewer Power Cords in Your Future
F# 101
Use Explicit Conversion Functions to Avert Reckless Implicit Conversions
Polyglot Programming: Building Solutions by Composing Languages
Automated testing for .NET by Ben Hall
"Supply Chain" SOA with SKOS
Service Component Architecture in Real Life
C++Ox: The Dawning of a New Standard
Getting Started with Virtualization
Master Complex Builds with MSBuild

Advertising Info  |   Member Services  |   Contact Us  |   Help  |   Feedback  |   Site Map  |   Network Map  |   About



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: BitLocker Encryption on Windows Server 2008
Go Parallel Article: Intel Thread Checker, Meet 20 Million LOC
IBM Whitepaper: Innovative Collaboration to Advance Your Business
Internet.com eBook: Real Life Rails
Avaya Article: Call Control XML - Powerful, Standards-Based Call Control
Tripwire Whitepaper: Seven Practical Steps to Mitigate Virtualization Security Risks
Internet.com eBook: The Pros and Cons of Outsourcing
Internet.com eBook: Best Practices for Developing a Web Site
 IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers
 Rackspace Hosting Center: Customer Videos
Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Microsoft Download: Silverlight 2 Software Development Kit Beta 2
30-Day Trial: SPAMfighter Exchange Module
Red Gate Download: SQL Toolbelt
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Beta 2 Runtime
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications
 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES