Java in a Nutshell, 5th Edition by David Flanagan

Synopsis

A KeyManagerFactory is responsible for creating KeyManager objects for a specific key management algorithm. Obtain a KeyManagerFactory object by calling one of the getInstance( ) methods and specifying the desired algorithm and, optionally, the desired provider. In Java 1.4, the "SunX509” algorithm is the only one supported by the default "SunJSSE” provider. After calling getInstance( ), you initialize the factory object with init( ). For the “SunX509” algorithm, you always use the two-argument version of init( ) passing in a KeyStore object that contains the private keys and certificates required by X509KeyManager objects, and also specifying the password used to protect the private keys in that KeyStore. Once a KeyManagerFactory has been created and initialized, use it to create a KeyManager by calling getKeyManagers( ) . This method returns an array of KeyManager objects because some key management algorithms may handle more than one type of key. The “SunX509” algorithm manages only X509 keys, and always returns an array with an X509KeyManager object as its single element. This returned array is typically passed to the init( ) method of an SSLContext object.

If a KeyStore and password are not passed to the init( ) method of the KeyManagerFactory for the “SunX509” algorithm, then the factory uses attempts to read a KeyStore from the file specified by the javax.net.ssl.keyStore system property using the password specified by the javax.net.ssl.keyStorePassword ...