Tom,
I have not seen a reply so I will offer up one possible solution.
If you are using the standard HTTP client provider in Jersey (HttpURLConnection) you can specify the keystore and truststore on as parameters into the VM. In my experience the HttpURLConnection provider will respect these parameters and you do not need any special SSL code. I prefer this over writing code to load and configure the stores. Here are the parameters:
-Djavax.net.ssl.keyStore=$KEYSTORE \
-Djavax.net.ssl.keyStorePassword=$PASSWORD \
-Djavax.net.ssl.trustStore=$TRUSTSTORE \
-Djavax.net.ssl.trustStorePassword=$PASSWORD \
In your keystore place your client's private key and any CA certificates associated with your key. Your client will pick up the first private key in the keystore. Since there is only one you are good to go. In the truststore place the certificate of the server you would like to trust.
Also, you can use the following to track the progress of SSL setup:
-Djavax.net.debug=all \
Let me know if that works for you. It has worked fine for me.
John
On 2015-02-08, at 9:37 AM, TomJones <bagelbig_at_yahoo.com> wrote:
> I am attempting to access a secured server (https://localhost:55555/rest).
> I have the server side certificate in my Windows certificate store.
> I have the client side certificate with which I wish to authenticate also in
> my Windows certificate store.
> (Note, I need to not only accept the server side, but authenticate with my
> own certificate).
>
> Attempting to connec to the service with a browser (IE or Chrome) causes a
> prompt to select the client certificate to pop up (good) and then notice
> about the server side certificate (good). Now I am attempting to access the
> service via java rather than just a browser.
>
> I have done the following:
>
> HostnameVerifier hostnameVerifier = getHostnameVerifier();
>
> KeyStore ks = KeyStore.getInstance("Windows-MY");
> ks.load(null, null);
> SslConfigurator sslConfigDirect = SslConfigurator.newInstance()
> .keyStore(ks)
> .trustStore(ks);
>
> SSLContext sslContext = sslConfigDirect.createSSLContext();
>
> Client client = ClientBuilder.newBuilder()
> .sslContext(sslContext)
> .hostnameVerifier(hostnameVerifier)
> .build();
>
> HttpAuthenticationFeature authFeature =
> HttpAuthenticationFeature.basicBuilder().credentials("name","password").build();
> client.register(authFeature);
>
> WebTarget webTarget =
> client.target("https://localhost:55555/rest").path("list");
> Response response = webTarget.request().get();
>
>
>
>
> private HostnameVerifier getHostnameVerifier() {
> HostnameVerifier hostnameVerifier = new HostnameVerifier() {
> @Override
> public boolean verify(String s, SSLSession sslSession) {
> return true;
> }
> };
>
> return hostnameVerifier;
> }
>
>
>
> So my questions are:
> 1) What am I doing wrong?
> 2) How do I specify which certificate from the certificate store I wish to
> use (I have multiple at that location which I can enumerate by doing a
> KeyStore.Aliases() and getting a correct list.
> 3) For specifying credentials, which name/password does it want (friendly,
> alias, primary, CN, etc.?)
>
> Thank you.
>
>
>
> --
> View this message in context: http://jersey.576304.n2.nabble.com/Client-Authentication-with-Certificate-tp7583106.html
> Sent from the Jersey mailing list archive at Nabble.com.