How does Javas KeyManagerFactory.init work with multiple keys

I came across this Java snippet as part of creating an SSLContext. I am wondering about the init call, where a keyPass is specified. What if the KeyStore contains multiple certificates with different aliases and different passwords?

val keyStore = KeyStore.getInstance("jks")
keyStore.load(inputStream, "storePass")

val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
keyManagerFactory.init(keyStore, keyPass?)

val keyManagers = keyManagerFactory.getKeyManagers

val sslContext = SSLContext.getInstance("TLS")
sslContext.init(keyManagers, null, new SecureRandom)

How would you rewrite the code if keyStore contained cert1 (alias: one, pwd: foo) and cert2 (alias: two, pwd: bar)? Maybe I misunderstood a thing or two 🙂


After double checking the documentation, and doing a bit of googling, it seems like maintaining multiple keystores and wrapping them in a bespoke composite keymanager could work, as the author of this blog post is doing.

Leave a Reply

Your email address will not be published. Required fields are marked *