Setting java client ssl identity and trust store

Hi all,

I have three issues regarding enabling ssl connections from a java client to a WMIS.

1) Using wmisClient61.jar, it is possible to create a secure connection to a IS by calling com.wm.app.b2b.client.BaseContext.setSSLCertificate(String privKey, String certChain[] ). However, we keep the required key/certs in a java.security.KeyStore object which means that the actual key/certs do not reside on the file system. Is there any way of setting the clients identity other than writing the required objects to the file system and then passing the paths to BaseContext.setSSLCertificate? I see that v7.1 now supports passing in a KeyAndCert object however this does not seem possible in 6.1.

2)Overlapping a bit with the first question, we also require server authentication. I am aware of the property “watt.security.CADir” that allows me to specify the certificate authority directory but this suffers from the same problem as question 1, i.e. the trusted certificates do not actually reside on the file system but are contained within stores. Is there any other way of setting the clients trust store other than this property? I did try the following:

wmChainVerifier verifier = wmChainVerifier.getDefault();
verifier.addTrustedCertificate( X509Certificate cert );

Unfortunetly, authentication always fails using this method as I passed in a java.security.x509.X509CertImpl which was put into a HashMap. When the servers cert is received it is of the type iaik.x509.X509Certificate which returns a different hashcode to that of my certificate type. This unfortunetly means that the two certs do not match. I do not have access to iaik.x509.X509Certificate.

3) My third issue is that if I do write the trusted certificates to file and set the property “watt.security.CADir”, then first time all is well. However, this CADir seems to only be loaded on initialisation of wmChainVerifier which only occurs once. I can’t see any way of changing the certificates that the client should trust and attempting the connection again. How can I ‘refresh’ the clients trusted certificates?

Thanks in advance.