Toby,
I'm about to try out the ssl client auth stuff. I looked in javadoc,
but didn't see anything.
What all did you have to do to get client auth working?
I assume I at least have to do (the equivalent of) the following (on the
command line):
-Djavax.net.ssl.trustStore=arces-ca-trust.jks
-Djavax.net.ssl.trustStorePassword=secret
-Djavax.net.ssl.keyStore=b-0480-identity.jks
-Djavax.net.ssl.keyStorePassword=secret
Did you use Simple? Is there any additional configuration required
there?
Also, where are you doing:
getContext().getParameters().add("needClientAuthentication",
"true")
Are you doing it in Restlet.createRoot() or somewhere else?
--Chuck
-----Original Message-----
From: Toby Thain [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 30, 2007 10:51 AM
To: [email protected]
Subject: Re: 2-way SSL authentication
On 21-May-07, at 6:43 AM, Jerome Louvel wrote:
> Hi all,
>
> I've added support for client authentication in the SVN trunk
> (upcoming 1.1). Only Simple connector has support to retrieve the
> client certificates,
These two features are working well for me in 1.1b1.
More specifically, as expected, client authentication succeeds against
my CA and fails against foreign CA, or out of date certificate. I
haven't tested a revocation list.
getContext().getParameters().add("needClientAuthentication",
"true")
And I can retrieve the certificate details that I need as follows:
List<X509Certificate> certs =
(List)req.getAttributes().get("org.restlet.https.clientCertificates");
X509Certificate firstCert = certs.get(0);
... firstCert.getSubjectX500Principal().getName() ...
Thankyou very much for the work.
--Toby
> but other connectors should ask/require a certificate too if you set
> the connector attributes correctly (see Javadocs for each connector).
>
> See details in the RFE:
> http://restlet.tigris.org/issues/show_bug.cgi?id=281
>
> I'm looking forward to getting your feed-back and test results. I will
> post a first 1.1 snapshot soon.
>
> Best regards,
> Jerome
