On Wed, 2017-10-11 at 17:27 +0200, Mitchell Stevenson wrote:
> I use httpcore 4.4.4 together with mutual ssl.
>
> I load the key material in that way:
>
> KeyStore trustStore = ...;
> sslContextBuilder.loadTrustMaterial(trustStore, null);
>
> Question is: If there are more than one aliases with different
> trusted
> certs in the keystore would then all of them be trusted or just the
> first one? Can not find this info in the docs. It also seems not to
> be
> possible to specify a single alias.
>
As far as I understand all of them would be considered trusted but this
may depend on the JSSE provider. With the default Oracle JSSE
implementation one cannot influence alias selection for trust material.
> The keymaterial for mutual ssl is loaded like:
>
> sslContextBuilder.loadKeyMaterial(keystore, keyPassword, new
> PrivateKeyStrategy() {
> @Override
> public String chooseAlias(Map<String, PrivateKeyDetails> aliases,
> Socket socket) {
> if(aliases == null || aliases.isEmpty()) {
> return kAlias;
> }
> if(kAlias == null || kAlias.isEmpty()) {
> return aliases.keySet().iterator().next();
> }
> return kAlias;
> }
> });
>
> Here i like to load only keymatrial for one specific alias (kAlias)
> or
> the first one if not given. I don't know if the code above is really
> correct. I am also wondering whats the default if PrivateKeyStrategy
> is not given.
>
I suspect it is also JSSE provider specific.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
