Peter Coppens wrote:
> Well...apparently it is already working :)
>
Wow! i forgot that you can set default information statically. This is
great.
So if there were multiple clients with different certificate
requirements we could have a property:
com.sun.jersey.client.property.SSLSocketFactory
whose value is an instance of SSLSocketFactory. And then if that
property is present we can call:
setSSLSocketFactory
Paul.
> At least I can get it going by initializing an SSLContext and setting that
> as the default context on HttpsUrlConnection
>
> A bit like...
>
>
> if(base.startsWith("https")) {
> KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(null, null);
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate the_cert = (X509Certificate)cf.generateCertificate(
> new FileInputStream("trust.crt"));
> ks.setCertificateEntry("server_cert",the_cert);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ks);
>
> // Client certificate and key for key manager
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> KeyStore ks2 = KeyStore.getInstance("pkcs12");
> ks2.load(new FileInputStream(
> new File("keystore.p12")),"pc2luma".toCharArray());
> kmf.init(ks2, "password".toCharArray());
>
> // SSL Context
> SSLContext ctx = SSLContext.getInstance("TLS");
> KeyManager[] km = kmf.getKeyManagers();
> TrustManager[] tm = tmf.getTrustManagers();
> ctx.init (km, tm, null);
> // SSL connection with context
> HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
>
> }
>
>
> Wonderful indeed :)
>
> Peter
>
> On 20/06/08 08:48, "Paul Sandoz" <Paul.Sandoz_at_Sun.COM> wrote:
>
>> On Jun 19, 2008, at 7:09 PM, Peter Coppens wrote:
>>
>>>
>>>
>>> On 19/06/08 18:36, "Paul Sandoz" <Paul.Sandoz_at_Sun.COM> wrote:
>>>
>>>> Hi Peter,
>>>>
>>>> It is possible to use https but currently not possible to set the
>>>> client
>>>> certificate.
>>> Ok, pity.
>> Let's try and get this into the 0.9 release.
>>
>>
>>> Thanks for the info. Is https support available in the 0.8 code
>>> base?
>> Yes. Just use the "https" scheme in the URIs you use.
>>
>>
>>>> Do you have any experience utilizing HttpsURLConnection to achieve
>>>> what
>>>> you require? if so you might be able to help me :-)
>>> Not yet...but as it seems I am going to write the client part
>>> myself I soon
>>> will ;). Not being hindered by any upfront knowledge on jersey
>>> internals, I
>>> can try to get something into the code base or alternatively, come
>>> up with
>>> some standalone client code. Any guidance from your end?
>>>
>> If you want to try using the code base then this would be the way i
>> would go about it:
>>
>> - it is possible to add properties to the Client and ClientConfig
>> (see the pattern for setting say if redirection is followed
>> or not). I suspect we could use this for the developer to add the
>> appropriate mechanism (an SSL factory?)
>>
>> - The following class:
>>
>> com.sun.jersey.impl.client.urlconnection.URLConnectionClientHandler
>>
>> does all the work with HttpURLConnection (see line 153). But it
>> could check to see if the instance is of
>> HttpsURLConnection and then set additional properties on it.
>>
>> Paul.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
--
| ? + ? = To question
----------------\
Paul Sandoz
x38109
+33-4-76188109