Re: Restlet Client class with custom SSLSocket/SSLContext

Thu, 04 Feb 2010 04:02:23 -0800 

Hi Adrian,

In Restlet 2, you can pass SslContextFactories to the client context.

import org.restlet.engine.security.SslContextFactory;
import org.restlet.engine.security.DefaultSslContextFactory;

...
// Example with the default SslContextFactory
SslContextFactory sslContextFactory = new DefaultSslContextFactory();
sslContextFactory.setKeyStorePath(...);
// ...
sslContextFactory.setTrustStorePath(...);
sslContextFactory.setTrustStorePassword(...);

// ...
// you may need client.setContext(new Context());
Context context = client.getContext();
context.getAttributes().put("sslContextFactory", sslContextFactory);


You can use other implementations of SslContextFactory.
- The DefaultSslContextFactory behaves according to the default values 
in the JSSE Ref documentation; it uses the values set in its fields 
(e.g. setTrustStorePath) if set, otherwise uses the values in the 
standard JSSE system propery (javax.net...), otherwise uses the default 
values for the provider.

- org.restlet.ext.ssl.JsslutilsSslContextFactory (in the 
org.restlet.ext.ssl module) will let you wrap any jSSLutils 
SSLContextFactory <http://www.jsslutils.org/>.

- org.restlet.ext.ssl.PkixSslContextFactory will let you use jSSLutils's 
PKIXSSLContextFactory, so you can set CRLs explicitly for example (see 
Javadoc).

You can provide your own implementation of 
org.restlet.engine.security.SslContextFactory; alternatively, let me 
know if you'd like to work with jSSLutils (comments and suggestions 
welcome).


If you work with Restlet 1, there are workarounds depending on the 
connector you want to use, but it's not ideal.


Best wishes,

Bruno.

[email protected] wrote:
> Hi There,
> 
> How do I make Client class in Restlet use my own custome 
> SSLSocket/SSLContext? I already have an application that is using Restlet 
> Client to talk to a Web Service and I've create my own X509KeyManager and 
> X509TrustManager which I would like to use when Client sets up the SSL link 
> to the server.
> 
> 
> Thanks for your help,
> Adrian
> 
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2444683
>

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2444819

Reply via email to