I have an Java application running on a weblogic server. The application has two distinct modules which use SSL to connect to external web services - let's say module A and module B.
Module A - Built on Axis - Uses truststore A Moudle B - Built on Spring-ws - Uses truststore B.
Module A is existing. Module B is being introduced.
I need to be able to set the truststore dynamically in the JVM based on which module is being invoked.
Due to some constraints I do not have the option - to create a custom key manager. - use one truststore
I tried to use System.setProperty im Module B codebase to set truststore. However it works only if Module B got invoked first. For example - Say I have a fresh restart of the JVM then I invoke module A - it set's it's own truststore in the JVM then I invoke module B - It fails - it's does not set it's own truststore in the JVM even though I have used System.setProperty method.
Am I missing something or it's just that System.setProperty doesn't override existing set values. If so what are my options here.
You can load trusted key stores dynamically at runtime.
// load your key store as a stream and initialize a KeyStore
InputStream trustStream = ...
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
// if your store is password protected then declare it (it can be null however)
char[] trustPassword = ...
// load the stream to your store
trustStore.load(trustStream, trustPassword);
// initialize a trust manager factory with the trusted store
TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
// get the trust managers from the factory
TrustManager[] trustManagers = trustFactory.getTrustManagers();
// initialize an ssl context to use these managers and set as default
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
SSLContext.setDefault(sslContext);
Watch out, because SSLContext.getDefault()
would give you back the default context which you cannot modify, so you have to create a new one, initialize it then set this new context as the default.
The bottom line is that you can use any number of trust stores if you want to.