Skip to main content

Developing with XCC

Managing Client-Side Authentication

You can define a KeyManager, if your client application is required to send authentication credentials to the server. The following example adds client authentication to the newTrustOptions method shown in Accessing a Keystore:

protected SecurityOptions newTrustOptions()
  throws Exception
{
// Load key store with trusted signing authorities.
  KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
  trustedKeyStore.load(
    new FileInputStream("C:/users/myname/.keystore"), 
    null);
// Build trust manager to validate server certificates using the
   specified key store.
  TrustManagerFactory trustManagerFactory =
    TrustManagerFactory.getInstance("SunX509");
  trustManagerFactory.init(trustedKeyStore);
  TrustManager[] trust = trustManagerFactory.getTrustManagers();
// Load key store with client certificates.
  KeyStore clientKeyStore = KeyStore.getInstance("JKS");
  clientKeyStore.load(
    new FileInputStream("C:/users/myname/.keystore"),
    null);
// Get key manager to provide client credentials.
  KeyManagerFactory keyManagerFactory =
    KeyManagerFactory.getInstance("SunX509");
  keyManagerFactory.init(clientKeyStore, “passphrase”);
  KeyManager[] key = keyManagerFactory.getKeyManagers();
// Initialize the SSL context with key and trust managers.
  SSLContext sslContext = SSLContext.getInstance("SSLv3");
  sslContext.init(key, trust, null);
  return new SecurityOptions(sslContext);
}