i've successfully set SSL authentication up with certificates: configured Apache http-client, configured the server (weblogic, CLIENT-CERT login-config if that matters), tested that it works.
however, in the client code i have to hardcode path to trust-store (either manually initializing TrustManagerFactory or through respective JVM properties) and its password also and i don't feel it's right. additionally, the certificates have to be manually registered on the client-side with keytool, which is also not so flexible.
so, is there a way to completely avoid all that? ideally the client will have certificate file bundled with it, sending it to the server when requested to do so. i tried to google it, but never found how to manually stream a certificate file.
UPDATE
as suggested here, i tried to read certificate file into a new keystore with no password and initialize both KeyManagerFactory and TrustManagerFactory with this keystore:
CertificateFactory cf = CertificateFactory.getInstance("X509");
Certificate cer = cf.generateCertificate(new FileInputStream("myFile.cer"));
KeyStore defaultKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
defaultKeyStore.load(null, "".toCharArray());
defaultKeyStore.setCertificateEntry("alias", cer);
trustManagerFactory.init(defaultKeyStore);
keyManagerFactory.init(defaultKeyStore, "".toCharArray());
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
but it didn't work. usual exception "peer not authenticated". i guess it's because i need corresponding private key also, but there's no way to get it...
