Massimiliano
Firstly you might want to have this discussion on a Rampart list - it might
get more involvement from real sec experts.
My question is why do you need to write your own HTTPClient? I thought we
already supported SSL/TLS.
Paul
On Dec 12, 2007 1:59 PM, Massimiliano Masi <[EMAIL PROTECTED]>
wrote:
> Hi,
>
> Quoting Massimiliano Masi <[EMAIL PROTECTED]>:
> > I don't understand exactly where to put my code, I think as options
> > for the service client.
> >
>
> I created MySTSClient, that extends STSClient. Here I did like this:
>
> Protocol myProtocolHandler = new Protocol("https",
> new CustomSSLSocket(new
> File(getIdPKeyStoreFilename()).toURL(),
>
> getSpiritIdPKeyStorePassword(),
> new
> File(getTSKeyStoreFilename()).toURL(),
>
> getTSKeyStorePassword()),
> 443);
>
> client.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
> myProtocolHandler);
>
> And it works.
>
> The customsslsocket is an the AuthSSLProtocolSocketFactory.java.
>
> But here, How can I do hostname verification? I don't understand the
> architecture...
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
[EMAIL PROTECTED]
"Oxygenating the Web Service Platform", www.wso2.com
