I'm trying to understand what's going on in this code.
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("my.keystore"));
try {
trustStore.load(instream, "nopassword".toCharArray());
} finally {
instream.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", socketFactory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
My Questions:
trustStore.load(instream, "nopassword".toCharArray());
is doing what exactly? From reading the documentation load()
will load KeyStore data from an input stream (which is just an empty file we just created), using some arbitrary "nopassword". Why not just load it with null
as the InputStream parameter and an empty string as the password field?
And then what is happening when this empty KeyStore is being passed to the SSLSocketFactory constructor? What's the result of such an operation?
Or -- is this simply an example where in a real application you would have to actually put a reference to an existing keystore file / password?