Suppose I have have a scenario where I want to do a two-way Trusted connection using keystores and truststores on Java.
Imagine I am using the following code:
import java.io.FileInputStream;
import java.io.PrintStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
public class MainClass {
public static void main(String args[]) throws Exception {
SSLContext context;
KeyManagerFactory kmf;
KeyStore ks;
char[] storepass = "newpass".toCharArray();
char[] keypass = "wshr.ut".toCharArray();
String storename = "newstore";
context = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
FileInputStream fin = new FileInputStream(storename);
ks = KeyStore.getInstance("JKS");
ks.load(fin, storepass);
kmf.init(ks, keypass);
context.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf = context.getServerSocketFactory();
ServerSocket ss = ssf.createServerSocket(5432);
while (true) {
Socket s = ss.accept();
PrintStream out = new PrintStream(s.getOutputStream());
out.println("Hi");
out.close();
s.close();
}
}
}
Now suppose this code used to work - but someone has jumbled the certs for the different servers and now we don't know which client cert (for which box) matches with server truststore.
I want to validate that a Server and Client KeyStore and Truststore match using Java code without opening a socket.
My question is: Is it possible to test that two-way truststores match using Java code without opening a socket? Could you modify the linked Java code to achieve this?
Assumptions:
- I'm looking for some code something like
boolean trusted = keyStore1.checkTrust(trustStore2);
