I have a JavaFX application that has a GUI that uses the Confluence API to create pages, delete pages and so on. For that to work I had to get a SSL certificate of Confluence with the browser, create a truststore and implement the certificate in the truststore. There is only this certificate in there and everyone can get this certificate with their own browser. So in my understanding this truststore is not really something "secret". But my problem is: How do I implement the truststore in my code so that other users can use this application when it will be an executable jar?
When only I am using this locally, I used this in the initialize-method:
System.setProperty("javax.net.ssl.trustStore", "path\to\truststore.jks");
But of course, when I create an executable jar file, other users do not have this file on their machine. So my approach here was to put the truststore.jks in src/main/resources and do this in the initialize-method:
try (InputStream truststoreStream = getClass().getResourceAsStream("/truststore.jks")) {
System.setProperty("javax.net.ssl.trustStore", "path\to\truststore.jks");
KeyStore truststoreKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
truststoreKeystore.load(truststoreStream, truststorePassword.toCharArray());
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
e.printStackTrace();
}
But I think to implement the truststore directly in the project is not the right way.
So I do not know how to fix the problem so that other users on different machines can use this application.
Thanks for any help.