--
Weinan Li
On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote:
>
> Hi
>
> Sorry for late reply, I am using JBoss AS provided SSL connector and my
> configuration as:
>
> <connector name="https" protocol="HTTP/1.1" scheme="https"
> socket-binding="https" secure="true">
> <ssl name="ssl" key-alias="jbosskey" password="changeit"
> certificate-key-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore"
> verify-client="want"
> ca-certificate-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore"/>
Server side config looks fine.
> </connector> and when I am calling from client code look like as:
>
> void initializedCredential(){
>
> System.setProperty("javax.net.ssl.trustStore", "D:/temp/client.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
> // keystore has the certificates presented to the server when a server
> // requests one to authenticate this application to the server
> System.setProperty("javax.net.ssl.keyStore", "D:/temp/client.jks");
> System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
> }
>
I believe the problem is that you haven't stored the SSLContext in client so
that it creates a new one(with SSL handshake) each time.
Here are some codes that I have used before that holding the context in client
side:
private Socket clientWithCert() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
KeyStore ks = KeyStore.getInstance("jceks");
ks.load(new FileInputStream(CLIENT_KEY_STORE), null);
KeyManagerFactory kf = KeyManagerFactory.getInstance("SunX509");
kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
context.init(kf.getKeyManagers(), null, null);
SocketFactory factory = context.getSocketFactory();
Socket s = factory.createSocket("localhost", 8443);
return s;
}
With above method you have to use Socket intend of RESTEasy client api. If you
reuse the context then you don't have to do a new SSL handshake with Server
each time.
I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how it
could be setup to use SSL. I'll do more research on it and give you feedback
soon.
> public <T> Object post (String url, Map obj, Class<T> class1)
> {initializedCredential();
> url = webServiceUrlUtil.getSearchClaimantURL() + url;
> clientRequest = new ClientRequest(url);
> ClientResponse<T> res = null;
> try {
> res = clientRequest.post(class1);
> if (res == null) {
> return null;
> }
> if (res != null && res.getStatus() != 200) {
> logger.debug("GET Response not getting correct , Status Code: "
> + res.getStatus());
> throw new RuntimeException("Failed : HTTP Webservice error : "
> + res.serverError());
> }
>
> } catch (Exception e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
> return res.getEntity();
> }
>
> Thanks
> Mukul
>
> -----Original Message-----
> From: Weinan Li [mailto:[email protected]]
> Sent: Friday, August 30, 2013 8:12 AM
> To: Mukul Panwar
> Cc: Bill Burke; [email protected]
> (mailto:[email protected])
> Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate
> authentication on jboss
>
>
>
> --
> Weinan Li
>
>
> On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote:
>
> > Hi Bill
> >
> > I also tried successfully to implement certificate authentication but SsL
> > handshake doing every time of request. Which should reuse the first
> > handshake session. Please suggest about it.
>
> Hi Mukul, are you using the RESTEasy provided security solution (like
> skeleton and resteasy-crypto) or JBoss AS provided SSL connector?
>
> If you are using the SSL connection provided by JBoss AS, it could be a
> configuration problem. Could you please provide the configs you've used so
> that I could check it for you?
> >
> > Thanks
> > Mukul
> >
> > On Aug 29, 2013, at 7:11 PM, "Bill Burke" <[email protected]
> > (mailto:[email protected])> wrote:
> >
> > > I have used certs successfully before.
> > >
> > > On 8/29/2013 9:31 AM, Mukul Panwar wrote:
> > > >
> > > >
> > > > Sent from my iPhone
> > > >
> > > > Begin forwarded message:
> > > >
> > > > > *From:* <[email protected] <mailto:[email protected]>>
> > > > > *Date:* August 29, 2013, 7:00:06 AM GMT+05:30
> > > > > *To:* Bill Burke <[email protected] <mailto:[email protected]>>
> > > > > *Cc:* <[email protected]
> > > > > (mailto:[email protected])
> > > > > <mailto:[email protected]>>
> > > > > *Subject:* *Regarding Ssl handshake during certificate authentication
> > > > > on jboss*
> > > > >
> > > > > Hi Bill
> > > > >
> > > > > I have a resteasy client and doing post request . I also set the
> > > > > keystore as trusted and cert key entries before sending the request.
> > > > >
> > > > > The server also having import the client key in their keystore
> > > > > certificate.
> > > > >
> > > > > Means we are doing Two way mutual certificate authentication .
> > > > >
> > > > > The client and server doing handshake successfully . But for each
> > > > > request there is a new handshake where as they should use the session
> > > > > of first Ssl handshake. Please suggest about or give any reference for
> > > > > this.
> > > > >
> > > > > Thanks
> > > > > Mukul
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ::DISCLAIMER::
> > > > ----------------------------------------------------------------------------------------------------------------------------------------------------
> > > >
> > > > The contents of this e-mail and any attachment(s) are confidential and
> > > > intended for the named recipient(s) only.
> > > > E-mail transmission is not guaranteed to be secure or error-free as
> > > > information could be intercepted, corrupted,
> > > > lost, destroyed, arrive late or incomplete, or may contain viruses in
> > > > transmission. The e mail and its contents
> > > > (with or without referred errors) shall therefore not attach any
> > > > liability on the originator or HCL or its affiliates.
> > > > Views or opinions, if any, presented in this email are solely those of
> > > > the author and may not necessarily reflect the
> > > > views or opinions of HCL or its affiliates. Any form of reproduction,
> > > > dissemination, copying, disclosure, modification,
> > > > distribution and / or publication of this message without the prior
> > > > written consent of authorized representative of
> > > > HCL is strictly prohibited. If you have received this email in error
> > > > please delete it and notify the sender immediately.
> > > > Before opening any email and/or attachments, please check them for
> > > > viruses and other defects.
> > > >
> > > > ----------------------------------------------------------------------------------------------------------------------------------------------------
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------------------------------
> > > > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > > > Discover the easy way to master current and previous Microsoft
> > > > technologies
> > > > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > > > tutorial videos with LearnDevNow. Subscribe today and save!
> > > > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Resteasy-users mailing list
> > > > [email protected]
> > > > (mailto:[email protected])
> > > > https://lists.sourceforge.net/lists/listinfo/resteasy-users
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Bill Burke
> > > JBoss, a division of Red Hat
> > > http://bill.burkecentral.com
> > >
> > > ------------------------------------------------------------------------------
> > > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > > Discover the easy way to master current and previous Microsoft
> > > technologies
> > > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > > tutorial videos with LearnDevNow. Subscribe today and save!
> > > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> > > _______________________________________________
> > > Resteasy-users mailing list
> > > [email protected]
> > > (mailto:[email protected])
> > > https://lists.sourceforge.net/lists/listinfo/resteasy-users
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > Discover the easy way to master current and previous Microsoft technologies
> > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > tutorial videos with LearnDevNow. Subscribe today and save!
> > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Resteasy-users mailing list
> > [email protected]
> > (mailto:[email protected])
> > https://lists.sourceforge.net/lists/listinfo/resteasy-users
>
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/resteasy-users
