Customizing the Default Key and Trust Managers
As noted in Customizing the
Default Key and Trust Stores, Store Types, and Store Passwords,
whenever a default SSLSocketFactory
or SSLServerSocketFactory
is
created, and this default SSLSocketFactory
(or SSLServerSocketFactory
)
comes from the JSSE reference implementation, a default SSLContext
is
associated with the socket factory.
This default SSLContext
is initialized with a KeyManager
and
a TrustManager
. The KeyManager
or TrustManager
or
both, supplied to the default SSLContext
will be
a KeyManager
or TrustManager
implementation
for managing the specified keystore or truststore, as described in
the aforementioned section.
KeyManager
implementation selected is determined by first examining the
security property:
ssl.KeyManagerFactory.algorithm
KeyManagerFactory
implementation for
the specified algorithm is searched for. The implementation from the first provider that supplies an
implementation is used. Its getKeyManagers
method is called to determine the
KeyManager
to supply to the default SSLContext
. (Technically,
getKeyManagers
returns an array of KeyManager
s, one
KeyManager
for each type of key material.) If there is no such security property
value specified, the default value of IbmX509
is used to perform the search.
KeyManagerFactory
implementation for the IbmX509 algorithm is supplied by
the IBMJSSE2
provider. The KeyManager
it specifies is a
javax.net.ssl.X509KeyManager
implementation.TrustManager
implementation chosen is determined by first
examining the security property: ssl.TrustManagerFactory.algorithm
If such a property value is specified, a TrustManagerFactory
implementation for
the specified algorithm is searched for. The implementation from the first provider that supplies an
implementation is used. Its getTrustManagers
method is called to determine the
TrustManager
to supply to the default SSLContext
. (Technically,
getTrustManagers
returns an array of TrustManager
s, one
TrustManager
for each type of trust material.) If there is no such security
property value specified, the default value of PKIX is used to perform the search.
TrustManagerFactory
implementation for the PKIX algorithm is supplied by
the IBMJSSE2
provider. The TrustManager
it specifies is a
javax.net.ssl.X509TrustManager
implementation.