Hello!
No, i dont have test case, I'm not an expert to create a test case with
tls client cert services and all needed component.
Because i try develop a client, I even dont know how to start to develop
the services with certification.
sorry
Csaba
On 2018-06-19 10:37, Colm O hEigeartaigh wrote:
Do you have a test-case I can run to reproduce the problem?
Colm.
On Tue, Jun 19, 2018 at 8:52 AM, Tóth Csaba <ig...@domen.hu
<mailto:ig...@domen.hu>> wrote:
Hello!
I did some research:
I tired to debug the certification selection methods, and found
this class (TLSClientParametersConfig). this handle the tls config
from the config file.
- its run only once (even if need another config for another endpoint)
- its parse only one conduit, and the end get back only one key.
- it called from native classes, i cant debug it.
maybe its because both endpoint has the same owner, and both
client cert is signed to the same subject (the subject field is
the same), and the keymanager in the return value contains a
hashmap, what keys are the subject (or derivated from the subject)
So can be, that the program cant notice: need an another cert?
thanx
Csaba
On 2018-06-15 08:14, Tóth Csaba wrote:
Hello!
-Need the same WS service in different endpoint.
-both need to set up to use client certification but different
one. (maybe good if the boot client cert is similar as it can be)
-put the certs and the server certs into different keystore (one
keystore for each endpoint)
-set up the conduits in the cxf-config
-create a client (proxy client), and make it, can change the
endpoint.
-call endpoint 1
-call endpoint 2 without restart the environment.
I did a full ssl debug and its clearly visible, it use the wrong
cert .
What I didnt find, how choose a client cert the ssl framework?
because all the endpoint run the same company, everything is very
similar (endpoints, certs, everything), maybe the key attributes
are the same, and the framework think, use the right one cert.
Thanx
Csaba
On 2018-06-14 10:56, Colm O hEigeartaigh wrote:
Do you have a test-case to reproduce the issue?
Colm.
On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu>
<mailto:ig...@domen.hu> wrote:
Hello!
I need to put a client into the webapp what communicate over
ssl and
before every call need to evaluate and maybe change the
endpoint url.
I set up the system via cxf-servlet.xml:
<jaxws:client id="LDAPRequesterBean"
serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
address="https://myserver.com/mypath";
<https://myserver.com/mypath>>
<jaxws:binding>
<soap:soapBinding version="1.2" mtomEnabled="true" />
</jaxws:binding>
</jaxws:client>
<bean id="LDAPClientBean" class="mypackage.LDAPClient" >
<property name="lDapRequesterBean"
ref="LDAPRequesterBean"/>
</bean>
<http:conduit name="https://myserver_1/.*";
<https://myserver_1/.*>>
<http:tlsClientParameters> <http:tlsClientParameters>
...
</http:conduit>
<http:conduit name="https://myserver_1/.*";
<https://myserver_1/.*>>
<http:tlsClientParameters> <http:tlsClientParameters>
...
</http:conduit>
and in the client I change the endpoint:
endpoint = //evaluate and change it, if needed
BindingProvider bindingProvider =
(BindingProvider)
lDapRequesterBean;
bindingProvider.getRequestContext()
.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
And its working, for the first time. (endpoint A)
If It changed the url (endpoint B) (the 2nd call must go to
another
endpoint), I get SSL error.
After I restart the tomcat, and try first with this url
(endpoint B), its
working, but next not working with the first URL (endpoint A)
I think, its some caching problem, but not find where, and how
can I turn
off
Thanx
Csaba
---
This email has been checked for viruses by Avast antivirus
software.
https://www.avast.com/antivirus <https://www.avast.com/antivirus>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
