Peter Coppens wrote:
> Yes, occasionally things turn out easier than what one expects
>
> Something I did run into is that the Jersey client bails out when the CN of
> the server certificate does not match the url.
What would you prefer to happen?
If the type ClientResponse returned then no exception will be thrown.
For any other type the assumption is the client wants a 2xx response,
which means the client can handle exception cases using exceptions.
> For testing purposes that is
> a bit of nuisance, but it is not blocking.
>
You might be able to include a client filter when testing.
> Anyway, many thanks for your support!
>
No problem.
Paul.
> Peter
>
> On 20/06/08 10:47, "Paul Sandoz" <Paul.Sandoz_at_Sun.COM> wrote:
>
>> Peter Coppens wrote:
>>> Well...apparently it is already working :)
>>>
>> Wow! i forgot that you can set default information statically. This is
>> great.
>>
>> So if there were multiple clients with different certificate
>> requirements we could have a property:
>>
>> com.sun.jersey.client.property.SSLSocketFactory
>>
>> whose value is an instance of SSLSocketFactory. And then if that
>> property is present we can call:
>>
>> setSSLSocketFactory
>>
>> Paul.
>>
>>> At least I can get it going by initializing an SSLContext and setting that
>>> as the default context on HttpsUrlConnection
>>>
>>> A bit like...
>>>
>>>
>>> if(base.startsWith("https")) {
>>> KeyStore ks = KeyStore.getInstance("JKS");
>>> ks.load(null, null);
>>> CertificateFactory cf = CertificateFactory.getInstance("X.509");
>>> X509Certificate the_cert = (X509Certificate)cf.generateCertificate(
>>> new FileInputStream("trust.crt"));
>>> ks.setCertificateEntry("server_cert",the_cert);
>>> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
>>> tmf.init(ks);
>>>
>>> // Client certificate and key for key manager
>>> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
>>> KeyStore ks2 = KeyStore.getInstance("pkcs12");
>>> ks2.load(new FileInputStream(
>>> new File("keystore.p12")),"pc2luma".toCharArray());
>>> kmf.init(ks2, "password".toCharArray());
>>>
>>> // SSL Context
>>> SSLContext ctx = SSLContext.getInstance("TLS");
>>> KeyManager[] km = kmf.getKeyManagers();
>>> TrustManager[] tm = tmf.getTrustManagers();
>>> ctx.init (km, tm, null);
>>> // SSL connection with context
>>> HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
>>>
>>> }
>>>
>>>
>>> Wonderful indeed :)
>>>
>>> Peter
>>>
>>> On 20/06/08 08:48, "Paul Sandoz" <Paul.Sandoz_at_Sun.COM> wrote:
>>>
>>>> On Jun 19, 2008, at 7:09 PM, Peter Coppens wrote:
>>>>
>>>>>
>>>>> On 19/06/08 18:36, "Paul Sandoz" <Paul.Sandoz_at_Sun.COM> wrote:
>>>>>
>>>>>> Hi Peter,
>>>>>>
>>>>>> It is possible to use https but currently not possible to set the
>>>>>> client
>>>>>> certificate.
>>>>> Ok, pity.
>>>> Let's try and get this into the 0.9 release.
>>>>
>>>>
>>>>> Thanks for the info. Is https support available in the 0.8 code
>>>>> base?
>>>> Yes. Just use the "https" scheme in the URIs you use.
>>>>
>>>>
>>>>>> Do you have any experience utilizing HttpsURLConnection to achieve
>>>>>> what
>>>>>> you require? if so you might be able to help me :-)
>>>>> Not yet...but as it seems I am going to write the client part
>>>>> myself I soon
>>>>> will ;). Not being hindered by any upfront knowledge on jersey
>>>>> internals, I
>>>>> can try to get something into the code base or alternatively, come
>>>>> up with
>>>>> some standalone client code. Any guidance from your end?
>>>>>
>>>> If you want to try using the code base then this would be the way i
>>>> would go about it:
>>>>
>>>> - it is possible to add properties to the Client and ClientConfig
>>>> (see the pattern for setting say if redirection is followed
>>>> or not). I suspect we could use this for the developer to add the
>>>> appropriate mechanism (an SSL factory?)
>>>>
>>>> - The following class:
>>>>
>>>> com.sun.jersey.impl.client.urlconnection.URLConnectionClientHandler
>>>>
>>>> does all the work with HttpURLConnection (see line 153). But it
>>>> could check to see if the instance is of
>>>> HttpsURLConnection and then set additional properties on it.
>>>>
>>>> Paul.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
--
| ? + ? = To question
----------------\
Paul Sandoz
x38109
+33-4-76188109