Re: Multiple X509 client certificates (SSLSocketFactory) per HttpClient instance

Wed, 14 Sep 2011 04:11:10 -0700 

On Mon, 2011-09-12 at 15:36 +0200, Barry Pitman wrote:
> Hi
> 
> I have a web application which makes use of a third party SOAP web service
> which requires X509 client authentication. The details of the client cert
> used for the connection to the 3rd party are used for authentication and
> authorization. My application needs to be able to use different client
> certificates depending on the current user in my application.
> 
> I know that I could create multiple HttpClient instances, each configured
> with separate SSLSocketFactories like this:
> 
> defaultHttpClient.getConnectionManager().getSchemeRegistry().register(new
> Scheme("https", 443, customSslSocketFactory)),
> 
> and select the correct HttpClient instance at runtime, but ideally I'd like
> to have one threadsafe DefaultHttpClient instance, and be able to provide a
> Scheme/SchemeRegistry at runtime via HttpContext (similar to the way one can
> provide an AuthCache using HttpContext):
> 
> BasicHttpContext httpContext = new BasicHttpContext();
> httpContext.setAttribute(ClientContext.AUTH_CACHE, authCache);
> httpClient.execute(httpPost, httpContext);
> 
> I can set my custom SchemeRegistry on HttpContext like this, but it doesn't
> look like the static field ClientContext.SCHEME_REGISTRY is used by
> HttpClient anywhere.
> 
> HttpContext httpContext = new BasicHttpContext();
> httpContext.setAttribute(ClientContext.SCHEME_REGISTRY, schemeRegistry);
> 
> Is it possible to configure an HttpClient instance so that it will use
> different client certificates at runtime depending on some configurable
> strategy?
> 
> Thanks!

Hi Barry

I think there are two possible strategies one may look into

(1) Register multiple 'virtual' https schemes (say my-https1, my-https2,
etc) each having a different SSLSocketFactories with a different SSL
contexts

(2) Initialize SSL context differently based on a custom parameter
passed to the SchemeSocketFactory#createSocket() method.

Hope this helps

Oleg 



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to