Hi Oleg,
Thanks a lot for the response. I have one more question.
In my client application, I need to provide extra authorization based on
the common name in the server certificate. I want to allow the
request-response exchange (I am sending a POST request) only after the
server passes this extra authorization step.
Is using BasicAsyncResponseConsumer going be too late for me to access the
server certificate?
I want the behavior similar to following sample code based
on HttpsURLConnection :
************************************************************************************************************
HttpsURLConnection urlConnection =
(HttpsURLConnection)madsUrl.openConnection();
urlConnection.setRequestMethod("POST");
...
...
urlConnection.connect(); //Establish connection for initial SSL handshake
String peerDN = urlConnection.getPeerPrincipal().getName();
if( isAuthorizedPeer(peerDN) ){
// Now it's safe to write request data
OutputStream oStream = urlConnection.getOutputStream();
...
...
}
************************************************************************************************************
Thanks once again
Sachin
On Tue, Apr 30, 2013 at 6:46 AM, Oleg Kalnichevski <[email protected]> wrote:
> On Mon, 2013-04-29 at 11:27 -0400, Sachin Nikumbh wrote:
> > Hi,
> >
> > I am currently using the HTTP async client in my application to
> communicate
> > with a proprietary server. Now, I need to extend the functionality to
> > include HTTPS support. We need to provide client authentication and I
> have
> > the following picture of how I can provide client credentials.
> >
> > My first question is, is this the correct approach? Am I missing anything
> > here?
> >
> > ************************************************
> >
> > SSLContext context = ..... ; // Create with user provided
> > keystore/truststore
> >
> > AsyncScheme scheme = new AsyncScheme( "https", 9910, new
> > SSLLayeringStrategy(context) );
> >
> > HttpAsyncClient httpClientAsync = new DefaultHttpAsyncClient();
> >
> > PoolingClientAsyncConnectionManager connectionMgr =
> >
> (PoolingClientAsyncConnectionManager)httpClientAsync.getConnectionManager();
> >
> > AsyncSchemeRegistry asyncReg = connectionMgr.getSchemeRegistry();
> >
> > asyncReg.register(scheme);
> > ************************************************
> >
> > My second question is about server authorization for which I need access
> to
> > the server certificate. I need to get the CN value from the certificate
> > which I am later going to use internally. I am basically looking for
> > something similar to java.net.HttpsUrlConnection.getPeerPrincipal or
> > java.net.HttpsUrlConnection.getServerCertificates.
> >
> > Any help will be greatly appreciated.
> >
> > Thanks
> > Sachin
>
> You can get full access to the SSL session details from the local
> execution context:
>
> ---
> final HttpAsyncClient httpclient = new DefaultHttpAsyncClient();
> httpclient.start();
> try {
> final HttpHost host = new HttpHost("www.verisign.com", -1, "https");
> final HttpGet request = new HttpGet("/");
> final BasicAsyncRequestProducer requestProducer = new
> BasicAsyncRequestProducer(host, request);
> final BasicAsyncResponseConsumer responseConsumer = new
> BasicAsyncResponseConsumer() {
>
> @Override
> protected HttpResponse buildResult(final HttpContext context) {
> final ManagedClientAsyncConnection conn =
> (ManagedClientAsyncConnection) context.getAttribute(
> ExecutionContext.HTTP_CONNECTION);
> final SSLSession sslsession = conn.getSSLSession();
> if (sslsession != null) {
> try {
> System.out.println(sslsession.getPeerPrincipal());
> } catch (final SSLPeerUnverifiedException e) {
> }
> }
> return super.buildResult(context);
> }
>
> };
> final Future<HttpResponse> future =
> httpclient.execute(requestProducer, responseConsumer, null);
> final HttpResponse response = future.get();
> System.out.println("Response: " + response.getStatusLine());
> System.out.println("Shutting down");
> } finally {
> httpclient.shutdown();
> }
> ---
>
> Hope this helps
>
> Oleg
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
