advertisement
javaboutique
Search Tips
Articles  |   Tutorials  |   Reviews  |   Tools  |   by Category  |   by Date  |   by Name  |   Submit  |   Source  |   Forums  |  
javaboutique
Browse DevX


Partners & Affiliates


advertisement

Tutorials : Customize Your JSSE Key and Trust Material Managers :

Customization of Your JSSE Key Material Managers

The main task of the KeyManager interface is to manage the keys used for authentication in front of its peer (client or server). For example, the KeyManager interface is responsible for selecting the correct key material that will be sent to the peer. The authentication process can take place only in the presence of a context.

The sample application's SSLContext uses a default KeyManager (redirect this KeyManager to a keystore by setting the javax.net.ssl.keyStore system property). To customize SSLContext, you first must initialize it by providing one or more KeyManagers.Providing the null value ensures that an empty KeyManager will be used, but this is not what you need. The idea is to create your own KeyManager and there are several ways to do this.

The most common approach is to use the KeyManagerFactory class. As its name suggests, this class is a factory for one or more KeyManagers. When you generate a KeyManagerFactory , you can specify a key management algorithm. The default SunJSSE services provider contains two such algorithms:

  1. SunX509: This can be used to obtain key managers for the X.509 certificates.
  2. PKIX
Set the right algorithm using the ssl.KeyManagerFactory.algorithm property which can be found in the <java.home>/lib/security/java.security file, shown in Figure 1.


Figure 1. The java.security File: Setting the ssl.KeyManagerFactory.algorithm

You can also specify a different provider by using a String or a Provider object, as you can see from the below KeyManagerFactory.getInstance methods (these methods are used to generate KeyManagerFactory objects): 


public static final KeyManagerFactory getInstance(String algorithm) throws
NoSuchAlgorithmException
public static final KeyManagerFactory getInstance(String algorithm, Provider provider)
throws NoSuchAlgorithmException
public static final KeyManagerFactory getInstance(String algorithm, String provider) throws
NoSuchAlgorithmException, NoSuchProviderException
Here's a simple example of creating a KeyManagerFactory: 
...
KeyManagerFactory ClientKMF=null;
…
try{
   KeyManagerFactory KMF=KeyManagerFactory.getInstance("SunX509", "SunJSSE");
   }catch(java.security.NoSuchAlgorithmException e)          
      {System.out.println(e.getMessage());
   }catch(java.security.NoSuchProviderException e)
      {System.out.println(e.getMessage());}      
...
To initialize a KeyManagerFactory, call one of the following init methods: 
public final void init(KeyStore KS,char[] KSpassword) throws
KeyStoreException,NoSuchAlgorithmException,UnrecoverableKeyException
Generally, when you initialize a KeyManagerFactory, you have to provide the name of your keystore and the access password to the keys. It's mandatory that all the keys from the keystore are protected by the same password—otherwise, the provider won't be able to access all the keys from that keystore. The password can be exactly the same as the password that protects the keystore:

Now, suppose you have a special provider that needs more parameters to initialize a KeyManagerFactory. Then, you'd have to use the following init method: 

public final void init(ManagerFactoryParameters MFP)throws InvalidAlgorithmParameterException
In our example, this means you must provide all the parameters by implementing the ManagerFactoryParameters interface in agreement with the provider requests.

Finally, to retrieve all the KeyManagers, call the KeyManagerFactory.getKeyManagers method. This method returns one key manager for each type of key material: 

public final KeyManager[] getKeyManagers()
After all this theory, let's see a practical example. The server in Listing 3 is another version of the SSLServerSide.java from Listing 1. This modified server uses a customized context along with the set of key managers returned by the generated KeyManagerFactory, provided by SunJSSE for the SunX509 algorithm. The factory has been initialized with the SSLcert keystore, without using system properties.

Note: In most cases, only one KeyManager will support the authentication mechanism, based on the X.509 certificates' public keys, but this isn't mandatory. J2SSE can handle more than one authentication mechanism simultaneously, but in this case every mechanism is represented by a separate KeyManager.

Home / Articles / Customize Your JSSE Key and Trust Material Managers / 1 / 2 / 3 / Next Page

How to Add Java Applets to Your Site

New on the Java Boutique:

New Review:

Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling API boasts simplicity, ease-of-integration, a well-rounded feature set, and it's free!

New Applet:

Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA sequences into three useful formats.

Elsewhere on internet.com:

WebDeveloper Java
Lots of Java information on webdeveloper.com

WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.

ScriptSearch Java
Hundreds of free Java code files to download.

jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.

 DevX Skillbuilding from IBM developerWorks
 Avaya DevConnect Center
 Intel Go Parallel Portal
 Internet.com eBook Library
 Microsoft RIA Development Center
 Destination .NET
XML error: not well-formed (invalid token) at line 48
advertisement
Receive Articles via our XML/RSS feed
Receive Articles via our XML/RSS feed

JavaBytes
Internet Cyclone
This powerful, easy-to-use, internet optimizer is for Windows 95, 98, ME, NT, 2000 and XP. It's designed to automatically optimize your Windows settings, boosting your Internet connection up to 200%.

SugarCRM's Latest is 'SaaS in a Box'
Apple Details iPhone-Mac Developer Event
RIM Ups Ante With Mobile Software Push
Novell Readies Silverlight Clone for Linux
Yahoo Pitches The 'Next Generation of Search'
Alfresco's Latest ECM: Prying Open a Sector?
SaaS Tool Offers Custom Database Development
Microsoft’s Automated Agent: Can We Talk?
Borland Finally Sells CodeGear
Red Hat Heads for the JON 2.0

Keeping Up with the Joneses: Windows Mobile 6.1's New Upgrades
Nine Silverlight 2 Features Not to Be Missed
How Does Microsoft Use Team Foundation Server?
OpenSocial: The Power of Social Networks in Your Applications
Managing the Modern Network
Virtual Earth?What's New in the Latest Release
Everything You Need to Know About Your iPhone
PerformancePoint 2007: Installing Planning Server
Create Secure Java Applications Productively, Part 1: Use Rational Application Developer and Data Studio
.NET Building Blocks: Custom User Control Fundamentals

Advertising Info  |   Member Services  |   Contact Us  |   Help  |   Feedback  |   Site Map  |   Network Map  |   About



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
 Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES