Well...apparently it is already working :)
At least I can get it going by initializing an SSLContext and setting that
as the default context on HttpsUrlConnection
A bit like...
if(base.startsWith("https")) {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate the_cert = (X509Certificate)cf.generateCertificate(
new FileInputStream("trust.crt"));
ks.setCertificateEntry("server_cert",the_cert);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
// Client certificate and key for key manager
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks2 = KeyStore.getInstance("pkcs12");
ks2.load(new FileInputStream(
new File("keystore.p12")),"pc2luma".toCharArray());
kmf.init(ks2, "password".toCharArray());
// SSL Context
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManager[] km = kmf.getKeyManagers();
TrustManager[] tm = tmf.getTrustManagers();
ctx.init (km, tm, null);
// SSL connection with context
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
}
Wonderful indeed :)
Peter
On 20/06/08 08:48, "Paul Sandoz" <Paul.Sandoz_at_Sun.COM> wrote:
> On Jun 19, 2008, at 7:09 PM, Peter Coppens wrote:
>
>>
>>
>>
>> On 19/06/08 18:36, "Paul Sandoz" <Paul.Sandoz_at_Sun.COM> wrote:
>>
>>> Hi Peter,
>>>
>>> It is possible to use https but currently not possible to set the
>>> client
>>> certificate.
>> Ok, pity.
>
> Let's try and get this into the 0.9 release.
>
>
>> Thanks for the info. Is https support available in the 0.8 code
>> base?
>
> Yes. Just use the "https" scheme in the URIs you use.
>
>
>>>
>>> Do you have any experience utilizing HttpsURLConnection to achieve
>>> what
>>> you require? if so you might be able to help me :-)
>> Not yet...but as it seems I am going to write the client part
>> myself I soon
>> will ;). Not being hindered by any upfront knowledge on jersey
>> internals, I
>> can try to get something into the code base or alternatively, come
>> up with
>> some standalone client code. Any guidance from your end?
>>
>
> If you want to try using the code base then this would be the way i
> would go about it:
>
> - it is possible to add properties to the Client and ClientConfig
> (see the pattern for setting say if redirection is followed
> or not). I suspect we could use this for the developer to add the
> appropriate mechanism (an SSL factory?)
>
> - The following class:
>
> com.sun.jersey.impl.client.urlconnection.URLConnectionClientHandler
>
> does all the work with HttpURLConnection (see line 153). But it
> could check to see if the instance is of
> HttpsURLConnection and then set additional properties on it.
>
> Paul.