Re: Certificate Based Client Authentication

Thu, 08 Mar 2007 08:29:27 -0800 

Hi, Lalit,

If you really, really, really are sure that you don't want to
"authenticate" the server (not recommended!) you can use
TrustMaterial.TRUST_ALL with "not-yet-commons-ssl-0.3.7.jar" like so:

------------------------------------------------------
char[] pwd = "secret".toCharArray();
KeyMaterial km = new KeyMaterial( "/path/to/client_cert.p12", pwd );

HttpSecureProtocol sf = new HttpSecureProtocol();
sf.setKeyMaterial( km );

// Trust ANY server!  NOT RECOMMENDED!
sf.setTrustMaterial( TrustMaterial.TRUST_ALL );

ProtocolSocketFactory psf = sf;
Protocol specialHttps = new Protocol("https-special", psf, 443);
Protocol.registerProtocol("https-special", specialHttps);

// From this point on, HttpClient will use the client cert specified
// for all URL's of the form "https-special://".
------------------------------------------------------


To do this just using the "HttpClient" contrib code is not possible.
Giving "null" to the AuthSSLProtocolSocketFactory just tells it to use
$JAVA_HOME/jre/lib/security/cacerts as the "truststore":

new AuthSSLProtocolSocketFactory( keystore, key_pwd, null, null );


What you're trying to do is essentially a hybrid of
"EasySSLProtocolSocketFactory" (trusting any server), and
"AuthSSLProtocolSocketFactory" (providing a client certificate).

If you don't want to use not-yet-commons-ssl-0.3.7, you'll have to
code up the hybrid yourself using the "contrib" code to guide you.


yours,

Julius



On 3/8/07, Lalit Sahoo <[EMAIL PROTECTED]> wrote:

Hi Julius,

Thanks for the response!

You have adviced me to do in this way:

URL keystore = new URL( "file:///path/to/keystore.jks" ); URL truststore
= new URL( "file:///path/to/truststore.jks" ); String key_pwd =
"secret";
String trust_pwd = "changeit";

AuthSSLProtocolSocketFactory sf;
sf = new AuthSSLProtocolSocketFactory( keystore, key_pwd, truststore,
trust_pwd );


Supoose I don't want to authenticate server then I should use as below:


AuthSSLProtocolSocketFactory sf;
sf = new AuthSSLProtocolSocketFactory( keystore, key_pwd, null, null );

But I am getting SSL handshake error.

Could you please help?

Regards,
Lalit



--
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to