Hi Tharindu, Are you using HttpClient library or javax.net library ? I think its better you use javax.net library like Waruna has used, then there will be less dependencies to pack into the webapp. The authenticationendpoint webapp should be lightweight as possible.
Thanks, Johann. On Thu, Oct 23, 2014 at 9:39 AM, Johann Nallathamby <[email protected]> wrote: > You should be able to use SSLSocketFactory API to create a custom SSL > context. > > However you need to think about where you are going to store the key store > and trust store. For your requirement, it should default to the carbon key > store and trust store in IS by default. Only if someone wants to they can > override it with their own configuration. > > Basically you need to provide a callback to get this information. Default > callback should populate it using carbon server key store. > > Thanks, > Johann. > > On Wed, Oct 22, 2014 at 12:47 PM, Tharindu Edirisinghe <[email protected] > > wrote: > >> Hi, >> >> I have a webapp that calls an admin service of IS through mutual ssl >> authentication. The call is done using the HttpClient. For that I am >> setting the keystore and truststore details of the client at runtime like >> below. >> >> System.setProperty("javax.net.ssl.keyStore", >> CLIENT_KEY_STORE_PATH); >> System.setProperty("javax.net.ssl.trustStore", >> CLIENT_TRUST_STORE_PATH); >> System.setProperty("javax.net.ssl.keyStorePassword", >> CLIENT_KEY_STORE_PASSWORD); >> System.setProperty("javax.net.ssl.trustStorePassword", >> CLIENT_TRUST_STORE_PASSWORD); >> >> SSLContext context = SSLContexts.createSystemDefault(); >> HttpClientBuilder builder = HttpClientBuilder.create(); >> >> Registry<ConnectionSocketFactory> registry = RegistryBuilder >> .<ConnectionSocketFactory>create() >> .register("https", new >> SSLConnectionSocketFactory(context)) >> .build(); >> >> HttpClientConnectionManager ccm = new >> BasicHttpClientConnectionManager(registry); >> >> builder.setConnectionManager(ccm); >> HttpClient client = builder.build(); >> >> Now I want to get rid of the code that sets the ssl system properties at >> runtime. Here it is assumed that those properties are already set. >> >> But System.getProperty("javax.net.ssl.keyStore") and >> System.getProperty("javax.net.ssl.keyStorePassword") return null at runtime >> and therefore the client cannot call the service properly. >> >> It seems those two properties get overwritten at runtime. TrustStore >> properties are not overwritten and they remain with the same values set >> previously. >> >> Any suggestions for setting the keyStore properties correctly (outside >> the webapp) ? >> >> -- >> >> Tharindu Edirisinghe >> Software Engineer | WSO2 Inc >> Identity Server Team >> mobile : +94 775 181586 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Associate Technical Lead & Product Lead of WSO2 Identity Server > Integration Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
