setting ssl keystore at runtime in Jetty

Question

Is it possible to change keystore at runtime? Currently I am setting up SSL before I do a server.start() -

sslContextFactory.setTrustStore(ks);
sslContextFactor         


        

Answer 1

I'm not an expert in java's security packages but to my knowledge there is no straight forward way to create the keypair from public API.

However, I is possible if you could allow your code do an import from sun's restricted packages like:

import sun.security.x509.*;

Here is an outline of code you are looking for:

PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = new Date();
//Validity for next one year
Date to = new Date(from.getTime() + (365) * 86400000l);

CertificateValidity interval = new CertificateValidity(from, to);

BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(dn);

info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

// Sign the cert
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);

//cert object is ready to use

Hope this helps