I used a custom keystore in my program, specifying javax.net.ssl.keyStore , javax.net.ssl.keyStorePassword , javax. net.ssl.trustStore , javax.net.ssl.trustStorePassword . My trust store contains self-signed certificates. Now I want to make some https request (say https://google.com ) and use the default trusstore system jre, which contains information about different CAs. To execute http requests, I use the OkHttp library. Its client has the ability to specify SslSocketFactory , but to get it I need to initialize SSLContext for the standard jr truststore. How can i do this?
UPDATE: The code I worked with is -
KeyStore keyStore = KeyStore.getInstance("JKS"); // load default jvm keystore keyStore.load(new FileInputStream( System.getProperties() .getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"), "changeit".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, tmf.getTrustManagers(), new SecureRandom());
javax.net.ssl.* SSLContext, SSLSocketFactory.getDefault(), , SSLContext.getDefault(), SSLContext.setDefault(...) .
javax.net.ssl.*
SSLContext
SSLSocketFactory.getDefault()
SSLContext.getDefault()
SSLContext.setDefault(...)
( , ), . SSLContext, . ( , , API JRE.)
, , SSLSocketFactory, SSLContext, . ( SSLContext , , , .)
SSLSocketFactory
, . javax.net.ssl.trustStore javax.net.ssl.trustStorePassword, . ( : $JAVA_HOME/jre/lib/security/cacerts changeit (, )).
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
$JAVA_HOME/jre/lib/security/cacerts
changeit