• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

"javax.net.ssl.keyStore" system property inside a jar package

 
adrian wardell
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am developing an application that must connect to an http server using ssl (https). During testing without packaging the application as a jar file everything works fine. As I am using the following code to specify the keystore file:
System.setProperty("javax.net.ssl.trustStore", "/absolute/file/location/java/application/keystore");
But when the code gets put into a jar file and tranfered to another machine with a different file system layout... how do I set the system property in a machine independant way?
Please someone help me on this one, as I've been banging my head way too long...
 
Dirk Schreckmann
Sheriff
Posts: 7023
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to JavaRanch, adrian!
This is probably a little bit above the concerns of a typical Java greenhorn. I'm moving this to the intermediate forum...
 
Nils Larsgard
Greenhorn
Posts: 5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have the same problem as the thread starter. Is there a clean way of doing this?
 
Santhosh Kumar
Ranch Hand
Posts: 242
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately the javax.net.ssl.trustStore property cannot read the data from classpath but expect it to be a file path. So it means there is no machine independent way to specify the path.

Best way is to take the below line,



out of your code base and specify property using command line while starting the JVM as below.

 
Norm Radder
Ranch Hand
Posts: 707
3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The general question is how to find the location of a file on a new/different system.
1) If you know the filename, you could search all possible paths.
2) Ask someone where it is when you install the program and save it's location somewhere. Does Preferences do this?
 
Nils Larsgard
Greenhorn
Posts: 5
  • 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The thing is that I won't know the exact location because the keystore is inside a jar file for a web-start application. I could force the users of the application to install a certificate on their local vm, but this is not very user-friendly.

However, I tried something like this code, but it doesn't work. Am I on to something here?
 
Nils Larsgard
Greenhorn
Posts: 5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok. I gave up this strategy. Instead, this made it work:


  • read the keystore file as a resource stream :MyClass.class.getClassLoader().getResourceAsStream(jarCertFile);
  • write it to localhost
  • set truststore property to local file, System.setProperty("javax.net.ssl.trustStore",trustStore);


  • [ July 09, 2008: Message edited by: Nils Magnus Larsg�rd ]
     
    Paul Donohue
    Greenhorn
    Posts: 1
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    @Nils Lasgard:
    Your code above works for me. I'm not sure why it didn't work for you.

    You can also use:
    SSLContext sc = SSLContext.getInstance("TLS");
    instead of:
    SSLContext sc = SSLContext.getInstance("SSL");
    I'm not sure if that makes any difference (it works for me either way).

    And you can also use:
    SSLContext.setDefault(sc);
    instead of:
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    to use the specified trust store for all SSL connections rather than just HttpsURLConnections.
     
    Campbell Ritchie
    Sheriff
    Pie
    Posts: 47228
    52
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Welcome to JavaRanch

    Are you sure he is still reading after 15 months? Look at this FAQ.
     
    Andreas Pax Lück
    Greenhorn
    Posts: 18
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    @Campbell Ritchie:

    no, but there are many other guys who search the internet to solve the same problem and are glad to get as much as information that are necessary. in other words: every post might be helpfull and the date of postings doesn't matter in these cases.

    best regards

    PAX
     
    Campbell Ritchie
    Sheriff
    Pie
    Posts: 47228
    52
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Point taken, and welcome to JavaRanch
     
    b hoff
    Greenhorn
    Posts: 1
    • 1
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Larsgard's code snippet helped me out a lot (and was very clever). To get it working I had to make a few small changes. Here's my revision:

     
    Campbell Ritchie
    Sheriff
    Pie
    Posts: 47228
    52
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Welcome to the Ranch
    It shows how useful old posts can be.
     
    H Paul
    Ranch Hand
    Posts: 471
    4
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Campbell Ritchie wrote:Welcome to the Ranch
    It shows how useful old posts can be.


    Resurrection.
     
    Opher Shachar
    Greenhorn
    Posts: 1
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    For me too this was extremely useful.
    That's 7 years since @Nils Larsgard's post

    (I registered just to leave this post!)
     
    Campbell Ritchie
    Sheriff
    Pie
    Posts: 47228
    52
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Welcome to the Ranch

    If you look at the link I posted many years ago, you will see we have changed our tune: we now recognised the potential usefulness of old posts and how they can be rediscovered ten years later and still provide valuable information.
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic