Configure p2 Repository Managers to connect to HTTPS repository(-ies) with client certificate(s) programmatically
Question
I'd like to configure p2 repository managers to connect to HTTPS repositories (Apache + client certificates).
There are several methods available to load repositories:
public IMetadataRepository loadRepository(URI location, IProgressMonitor monitor) throws ProvisionException, OperationCanceledException;
public IMetadataRepository loadRepository(URI location, int flags, IProgressMonitor monitor) throws ProvisionException, OperationCanceledException;
public IArtifactRepository loadRepository(URI location, IProgressMonitor monitor) throws ProvisionException;
public IArtifactRepository loadRepository(URI location, int flags, IProgressMonitor monitor) throws ProvisionException;
with location
parameter I can provide URI to HTTPS server. How can I provide paths to key-stores/trust-stores that contain client and CA certificates? I don't like to use global key-stores for Java process.
Solution
Found a solution. p2 uses ECF as communication layer.
To activate SSL support:
- install and start bundle(s):
org.eclipse.ecf.provider.filetransfer.httpclient.ssl
and/ororg.eclipse.ecf.provider.filetransfer.ssl
create SSLSocketFactory object with keystore(s) and register as OSGi service
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keymanagers, trustmanagers, null);
SSLSocketFactory factory = sslContext.getSocketFactory();
bundleContext.registerService(SSLSocketFactory.class.getName(), factory, null);
OTHER TIPS
See "Secure storage runtime options" help chapter: http://help.eclipse.org/helios/index.jsp?topic=%2Forg.eclipse.platform.doc.user%2Freference%2Fref-securestorage-options.htm
-eclipse.keyring <file path> (Equinox)
Set to override location of the default secure storage
Probably you can set this value somehow programmatically, have a look in the sources.