Hi Wenian

I also tried now the similar approach by using a Http apache client library 
whic is handling some internally and reusing the handshake.

But I want to user resteasy client library only and some how i want to reuse 
that Ssl handshake.

Plz suggest something about resteasy api to handle it .

Thanks
Mukul



On Sep 3, 2013, at 6:44 PM, "Weinan Li" <l.wei...@gmail.com> wrote:

> 
> 
> -- 
> Weinan Li
> 
> 
> On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote:
> 
>> 
>> Hi 
>> 
>> Sorry for late reply, I am using JBoss AS provided SSL connector and my 
>> configuration as: 
>> 
>> <connector name="https" protocol="HTTP/1.1" scheme="https" 
>> socket-binding="https" secure="true">
>> <ssl name="ssl" key-alias="jbosskey" password="changeit" 
>> certificate-key-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore"
>>  verify-client="want" 
>> ca-certificate-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore"/>
> 
> 
> Server side config looks fine. 
>> </connector> and when I am calling from client code look like as:
>> 
>> void initializedCredential(){
>> 
>> System.setProperty("javax.net.ssl.trustStore", "D:/temp/client.jks"); 
>> System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); 
>> // keystore has the certificates presented to the server when a server 
>> // requests one to authenticate this application to the server 
>> System.setProperty("javax.net.ssl.keyStore", "D:/temp/client.jks"); 
>> System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); 
>> }
> 
> 
> I believe the problem is that you haven't stored the SSLContext in client so 
> that it creates a new one(with SSL handshake) each time.
> 
> Here are some codes that I have used before that holding the context in 
> client side:
> 
> private Socket clientWithCert() throws Exception { 
> SSLContext context = SSLContext.getInstance("TLS"); 
> KeyStore ks = KeyStore.getInstance("jceks"); 
> 
> ks.load(new FileInputStream(CLIENT_KEY_STORE), null); 
> KeyManagerFactory kf = KeyManagerFactory.getInstance("SunX509"); 
> kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray()); 
> context.init(kf.getKeyManagers(), null, null); 
> 
> SocketFactory factory = context.getSocketFactory(); 
> Socket s = factory.createSocket("localhost", 8443); 
> return s; 
> }
> 
> With above method you have to use Socket intend of RESTEasy client api. If 
> you reuse the context then you don't have to do a new SSL handshake with 
> Server each time.
> 
> I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how it 
> could be setup to use SSL. I'll do more research on it and give you feedback 
> soon.
> 
>> public <T> Object post (String url, Map obj, Class<T> class1) 
>> {initializedCredential();
>> url = webServiceUrlUtil.getSearchClaimantURL() + url;
>> clientRequest = new ClientRequest(url);
>> ClientResponse<T> res = null;
>> try {
>> res = clientRequest.post(class1);
>> if (res == null) {
>> return null;
>> }
>> if (res != null && res.getStatus() != 200) {
>> logger.debug("GET Response not getting correct , Status Code: "
>> + res.getStatus());
>> throw new RuntimeException("Failed : HTTP Webservice error : "
>> + res.serverError());
>> }
>> 
>> } catch (Exception e) {
>> // TODO Auto-generated catch block
>> e.printStackTrace();
>> }
>> return res.getEntity();
>> }
>> 
>> Thanks
>> Mukul
>> 
>> -----Original Message-----
>> From: Weinan Li [mailto:l.wei...@gmail.com] 
>> Sent: Friday, August 30, 2013 8:12 AM
>> To: Mukul Panwar
>> Cc: Bill Burke; resteasy-users@lists.sourceforge.net 
>> (mailto:resteasy-users@lists.sourceforge.net)
>> Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during 
>> certificate authentication on jboss
>> 
>> 
>> 
>> -- 
>> Weinan Li
>> 
>> 
>> On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote:
>> 
>>> Hi Bill
>>> 
>>> I also tried successfully to implement certificate authentication but SsL 
>>> handshake doing every time of request. Which should reuse the first 
>>> handshake session. Please suggest about it.
>> 
>> Hi Mukul, are you using the RESTEasy provided security solution (like 
>> skeleton and resteasy-crypto) or JBoss AS provided SSL connector?
>> 
>> If you are using the SSL connection provided by JBoss AS, it could be a 
>> configuration problem. Could you please provide the configs you've used so 
>> that I could check it for you?
>>> 
>>> Thanks
>>> Mukul 
>>> 
>>> On Aug 29, 2013, at 7:11 PM, "Bill Burke" <bbu...@redhat.com 
>>> (mailto:bbu...@redhat.com)> wrote:
>>> 
>>>> I have used certs successfully before.
>>>> 
>>>> On 8/29/2013 9:31 AM, Mukul Panwar wrote:
>>>>> 
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>> Begin forwarded message:
>>>>> 
>>>>>> *From:* <muku...@hcl.com <mailto:muku...@hcl.com>>
>>>>>> *Date:* August 29, 2013, 7:00:06 AM GMT+05:30
>>>>>> *To:* Bill Burke <bbu...@redhat.com <mailto:bbu...@redhat.com>>
>>>>>> *Cc:* <resteasy-users@lists.sourceforge.net 
>>>>>> (mailto:resteasy-users@lists.sourceforge.net)
>>>>>> <mailto:resteasy-users@lists.sourceforge.net>>
>>>>>> *Subject:* *Regarding Ssl handshake during certificate authentication
>>>>>> on jboss*
>>>>>> 
>>>>>> Hi Bill
>>>>>> 
>>>>>> I have a resteasy client and doing post request . I also set the
>>>>>> keystore as trusted and cert key entries before sending the request.
>>>>>> 
>>>>>> The server also having import the client key in their keystore
>>>>>> certificate.
>>>>>> 
>>>>>> Means we are doing Two way mutual certificate authentication .
>>>>>> 
>>>>>> The client and server doing handshake successfully . But for each
>>>>>> request there is a new handshake where as they should use the session
>>>>>> of first Ssl handshake. Please suggest about or give any reference for
>>>>>> this.
>>>>>> 
>>>>>> Thanks
>>>>>> Mukul
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> ::DISCLAIMER::
>>>>> ----------------------------------------------------------------------------------------------------------------------------------------------------
>>>>> 
>>>>> The contents of this e-mail and any attachment(s) are confidential and
>>>>> intended for the named recipient(s) only.
>>>>> E-mail transmission is not guaranteed to be secure or error-free as
>>>>> information could be intercepted, corrupted,
>>>>> lost, destroyed, arrive late or incomplete, or may contain viruses in
>>>>> transmission. The e mail and its contents
>>>>> (with or without referred errors) shall therefore not attach any
>>>>> liability on the originator or HCL or its affiliates.
>>>>> Views or opinions, if any, presented in this email are solely those of
>>>>> the author and may not necessarily reflect the
>>>>> views or opinions of HCL or its affiliates. Any form of reproduction,
>>>>> dissemination, copying, disclosure, modification,
>>>>> distribution and / or publication of this message without the prior
>>>>> written consent of authorized representative of
>>>>> HCL is strictly prohibited. If you have received this email in error
>>>>> please delete it and notify the sender immediately.
>>>>> Before opening any email and/or attachments, please check them for
>>>>> viruses and other defects.
>>>>> 
>>>>> ----------------------------------------------------------------------------------------------------------------------------------------------------
>>>>> 
>>>>> 
>>>>> 
>>>>> ------------------------------------------------------------------------------
>>>>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>>>>> Discover the easy way to master current and previous Microsoft 
>>>>> technologies
>>>>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>>>>> tutorial videos with LearnDevNow. Subscribe today and save!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Resteasy-users mailing list
>>>>> Resteasy-users@lists.sourceforge.net 
>>>>> (mailto:Resteasy-users@lists.sourceforge.net)
>>>>> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>>>> Discover the easy way to master current and previous Microsoft technologies
>>>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>>>> tutorial videos with LearnDevNow. Subscribe today and save!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> Resteasy-users mailing list
>>>> Resteasy-users@lists.sourceforge.net 
>>>> (mailto:Resteasy-users@lists.sourceforge.net)
>>>> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>>> 
>>> 
>>> 
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>>> Discover the easy way to master current and previous Microsoft technologies
>>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>>> tutorial videos with LearnDevNow. Subscribe today and save!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Resteasy-users mailing list
>>> Resteasy-users@lists.sourceforge.net 
>>> (mailto:Resteasy-users@lists.sourceforge.net)
>>> https://lists.sourceforge.net/lists/listinfo/resteasy-users
> 
> 
> 

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

Reply via email to