Can I reload trustmanager after opening serversocket in a ssl connection

Question

Lets say I have created a SSLContext, created a serverSocket from the serverSocketFactory and I have started accepting connections.

something like: SSLContext.getDefault().getServerSocketFactory().createServerSocket(1234).accept();

Assume it is running for sometime and now I decide to modify my TrustManager(add/delete new certificates to trust). Is it possible to do this without closing the socket and creating a new SSLContext?

Answer 1

You can use the following approach.

First, you keep a reference to your SSLContext object when you are creating it.

SSLContext sslContext=SSLContext.getDefault();
sslContext.getServerSocketFactory().createServerSocket(1234).accept();

Then, when you want to load the new TrustManager, you can call the init() method again with the corresponding TrustManager as follows.

TrustManager trustManagers[] = // load trust managers here.
sslContext.init(null,trustManagers,null);

Here, the init() method takes 3 parameters, KeyManager[],TrustManager[] and SecureRandom. If you pass null for any of them, the SSLContext will be loaded with the default Key Managers and Trust Managers. Since you want to load the Trust Managers only, you have to pass the new TrustManager[] to it.

Since you are not changing the reference to your SSLContext object, this will not break your flow or will not affect your existing SSLIOSessions.