Do you have a test-case I can run to reproduce the problem? Colm.
On Tue, Jun 19, 2018 at 8:52 AM, Tóth Csaba <[email protected]> wrote: > Hello! > I did some research: > > I tired to debug the certification selection methods, and found this class > (TLSClientParametersConfig). this handle the tls config from the config > file. > - its run only once (even if need another config for another endpoint) > - its parse only one conduit, and the end get back only one key. > - it called from native classes, i cant debug it. > maybe its because both endpoint has the same owner, and both client cert > is signed to the same subject (the subject field is the same), and the > keymanager in the return value contains a hashmap, what keys are the > subject (or derivated from the subject) > > So can be, that the program cant notice: need an another cert? > > thanx > Csaba > > > > On 2018-06-15 08:14, Tóth Csaba wrote: > > Hello! > -Need the same WS service in different endpoint. > -both need to set up to use client certification but different one. (maybe > good if the boot client cert is similar as it can be) > -put the certs and the server certs into different keystore (one keystore > for each endpoint) > -set up the conduits in the cxf-config > -create a client (proxy client), and make it, can change the endpoint. > -call endpoint 1 > -call endpoint 2 without restart the environment. > > I did a full ssl debug and its clearly visible, it use the wrong cert . > What I didnt find, how choose a client cert the ssl framework? because all > the endpoint run the same company, everything is very similar (endpoints, > certs, everything), maybe the key attributes are the same, and the > framework think, use the right one cert. > > Thanx > Csaba > > On 2018-06-14 10:56, Colm O hEigeartaigh wrote: > > Do you have a test-case to reproduce the issue? > > Colm. > > On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <[email protected]> > <[email protected]> wrote: > > Hello! > I need to put a client into the webapp what communicate over ssl and > before every call need to evaluate and maybe change the endpoint url. > I set up the system via cxf-servlet.xml: > > <jaxws:client id="LDAPRequesterBean" > serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType" > address="https://myserver.com/mypath"; > <https://myserver.com/mypath>> > > <jaxws:binding> > <soap:soapBinding version="1.2" mtomEnabled="true" /> > </jaxws:binding> > </jaxws:client> > > <bean id="LDAPClientBean" class="mypackage.LDAPClient" > > <property name="lDapRequesterBean" ref="LDAPRequesterBean"/> > </bean> > > <http:conduit name="https://myserver_1/.*"; <https://myserver_1/.*>> > <http:tlsClientParameters> <http:tlsClientParameters> > ... > </http:conduit> > > <http:conduit name="https://myserver_1/.*"; <https://myserver_1/.*>> > <http:tlsClientParameters> <http:tlsClientParameters> > ... > </http:conduit> > > and in the client I change the endpoint: > > endpoint = //evaluate and change it, if needed > > BindingProvider bindingProvider = (BindingProvider) > lDapRequesterBean; > bindingProvider.getRequestContext() > .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint); > > And its working, for the first time. (endpoint A) > If It changed the url (endpoint B) (the 2nd call must go to another > endpoint), I get SSL error. > After I restart the tomcat, and try first with this url (endpoint B), its > working, but next not working with the first URL (endpoint A) > > I think, its some caching problem, but not find where, and how can I turn > off > > Thanx > Csaba > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > > > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
