users@jersey.java.net

[Jersey] Client Authentication with Certificate

From: TomJones <bagelbig_at_yahoo.com>
Date: Sun, 8 Feb 2015 07:37:03 -0700 (MST)

I am attempting to access a secured server (https://localhost:55555/rest).
I have the server side certificate in my Windows certificate store.
I have the client side certificate with which I wish to authenticate also in
my Windows certificate store.
(Note, I need to not only accept the server side, but authenticate with my
own certificate).

Attempting to connec to the service with a browser (IE or Chrome) causes a
prompt to select the client certificate to pop up (good) and then notice
about the server side certificate (good). Now I am attempting to access the
service via java rather than just a browser.

I have done the following:

HostnameVerifier hostnameVerifier = getHostnameVerifier();

KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
SslConfigurator sslConfigDirect = SslConfigurator.newInstance()
                    .keyStore(ks)
                    .trustStore(ks);

SSLContext sslContext = sslConfigDirect.createSSLContext();

Client client = ClientBuilder.newBuilder()
                    .sslContext(sslContext)
                    .hostnameVerifier(hostnameVerifier)
                    .build();

HttpAuthenticationFeature authFeature =
HttpAuthenticationFeature.basicBuilder().credentials("name","password").build();
client.register(authFeature);

WebTarget webTarget =
client.target("https://localhost:55555/rest").path("list");
Response response = webTarget.request().get();




private HostnameVerifier getHostnameVerifier() {
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }
        };

        return hostnameVerifier;
    }



So my questions are:
1) What am I doing wrong?
2) How do I specify which certificate from the certificate store I wish to
use (I have multiple at that location which I can enumerate by doing a
KeyStore.Aliases() and getting a correct list.
3) For specifying credentials, which name/password does it want (friendly,
alias, primary, CN, etc.?)

Thank you. 



--
View this message in context: http://jersey.576304.n2.nabble.com/Client-Authentication-with-Certificate-tp7583106.html
Sent from the Jersey mailing list archive at Nabble.com.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.