I am attempting to access a secured server (
https://localhost:55555/rest).
I have the server side certificate in my Windows certificate store.
I have the client side certificate with which I wish to authenticate also in
my Windows certificate store.
(Note, I need to not only accept the server side, but authenticate with my
own certificate).
Attempting to connec to the service with a browser (IE or Chrome) causes a
prompt to select the client certificate to pop up (good) and then notice
about the server side certificate (good). Now I am attempting to access the
service via java rather than just a browser.
I have done the following:
HostnameVerifier hostnameVerifier = getHostnameVerifier();
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
SslConfigurator sslConfigDirect = SslConfigurator.newInstance()
.keyStore(ks)
.trustStore(ks);
SSLContext sslContext = sslConfigDirect.createSSLContext();
Client client = ClientBuilder.newBuilder()
.sslContext(sslContext)
.hostnameVerifier(hostnameVerifier)
.build();
HttpAuthenticationFeature authFeature =
HttpAuthenticationFeature.basicBuilder().credentials("name","password").build();
client.register(authFeature);
WebTarget webTarget =
client.target("
https://localhost:55555/rest").path("list");
Response response = webTarget.request().get();
private HostnameVerifier getHostnameVerifier() {
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
};
return hostnameVerifier;
}
So my questions are:
1) What am I doing wrong?
2) How do I specify which certificate from the certificate store I wish to
use (I have multiple at that location which I can enumerate by doing a
KeyStore.Aliases() and getting a correct list.
3) For specifying credentials, which name/password does it want (friendly,
alias, primary, CN, etc.?)
Thank you.
--
View this message in context: http://jersey.576304.n2.nabble.com/Client-Authentication-with-Certificate-tp7583106.html
Sent from the Jersey mailing list archive at Nabble.com.