commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@bluewin.ch
Subject RE: AW: [httpClient] ClassLoader problem
Date Mon, 30 Aug 2004 13:09:29 GMT
Sascha,

I have never worked with IS, so I am not a position to comment on the classloader
problem you have been experiencing

As to IAIK SSL stuff, I do use IAIK proprietary framework directly bypassing
the JSSE compatibility layer altogether. As far as I am concerned I find
this well justified as the SecureProtocolSocketFactory already provides an
abstraction layer which keeps my protocol code decoupled from the underlying
transport code.

Basically all it takes is something like that (Please note this code is NOT
compileable. It is intended to demonstrate the basic use pattern. So please
do make adjustments that are necessary for your application):

============================================================================================

import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;

import iaik.security.ssl.SSLSocket;
import iaik.security.ssl.SSLClientContext;
import iaik.security.ssl.CipherSuite;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;


public class IAIKSSLSocketFactory implements SecureProtocolSocketFactory
{

  private SSLClientContext SSLCONTEXT = null;

  public IAIKSSLSocketFactory()
  {
   super();
  }

  protected static SSLClientContext getDefaultClientContext() 
    throws IOException
  {
     if (SSLCONTEXT == null) {
        SSLCONTEXT = new SSLClientContext();
        // Tighten things up a little
        // You may want to provide a custom cert chain verifier
        SSLCONTEXT.setChainVerifier(new MyChainVerifier());
        // You may want to use only a few specific ciphers
        CipherSuite[] clientCipherSuite = new CipherSuite[2];
        clientCipherSuite[0]=CipherSuite.SSL_RSA_WITH_3DES_EDE_CBC_SHA;
        clientCipherSuite[1]=CipherSuite.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
        SSLCONTEXT.setEnabledCipherSuites (clientCipherSuite);
        SSLCONTEXT.updateCipherSuites();
        // You may want to set trusted server certs 
        SSLCONTEXT.addTrustedCertificate(serverCertificate);
      }
      return SSLCONTEXT;
    }

  public Socket createSocket(String host, int port) 
     throws IOException, UnknownHostException
  {
    return new SSLSocket(host, port, getDefaultClientContext()); 
  }

  public Socket createSocket(String host, int port, InetAddress clientHost,
int clientPort)
    throws IOException, UnknownHostException
  {
    return new SSLSocket(host, port, clientHost, clientPort, getDefaultClientContext());

  }

  public Socket createSocket(Socket socket, String host, int port, boolean
autoClose)
    throws IOException, UnknownHostException
  {
    return new SSLSocket(socket, getDefaultClientContext(), host, port);
 
  }
}

Hope this helps

Oleg




>-- Original Message --
>Reply-To: "Jakarta Commons Users List" <commons-user@jakarta.apache.org>
>Subject: AW: [httpClient] ClassLoader problem
>Date: Mon, 30 Aug 2004 14:40:41 +0200
>From: "Benkart Sascha (QI/SES1) *" <Sascha.Benkart@de.bosch.com>
>To: "Jakarta Commons Users List" <commons-user@jakarta.apache.org>
>
>
>Hi Oleg,
>
>IS is running on Java 1.4 but without JCE. A file called server.jar includes
>the IAIK classes including an IAIK JSSE framework.
>I'm able to create a Cipher object within my package, but the httpClient
>is added as a JAR file. Because I get a ClassNotFoundException on the httpClient,
>I think JAR files are loaded by an other ClassLoader than the package or
>the server bootstrap (including the IAIK component).
>
>Do you use IAIK JSSE framework for own SecureProtocolSocketFactory or IAIK
>own classes?
>
>Kind regards
>Sascha
>
>> -----Urspr√ľngliche Nachricht-----
>> Von: olegk@bluewin.ch [mailto:olegk@bluewin.ch]
>> Gesendet: Montag, 30. August 2004 13:21
>> An: Jakarta Commons Users List
>> Betreff: RE: [httpClient] ClassLoader problem
>> 
>> 
>> Hi Sascha,
>> 
>> I believe you can work this problem around by providing a 
>> custom socket factory
>> that creates secure sockets using IAIK SSL directly, rather 
>> than through
>> the JSSE.  
>> 
>> See the HttpClient SSL guide for details
>> 
>> http://jakarta.apache.org/commons/httpclient/sslguide.html
>> 
>> I have been using HttpClient with IAIK SSL in production for 
>> three years.
>> It just takes a custom socket factory to get them coexist quite well.
>> 
>> On the classloader issue, HttpClient 2.0.x does not load 
>> classes dynamically.
>> So there's no way to get it to use another classloader
>> 
>> Hope this helps
>> 
>> Oleg
>> 
>> >-- Original Message --
>> >Reply-To: "Jakarta Commons Users List" 
>> <commons-user@jakarta.apache.org>
>> >Subject: [httpClient] ClassLoader problem
>> >Date: Mon, 30 Aug 2004 11:45:38 +0200
>> >From: "Benkart Sascha (QI/SES1) *" <Sascha.Benkart@de.bosch.com>
>> >To: <commons-user@jakarta.apache.org>
>> >
>> >
>> >Hi,
>> >
>> >I'm using httpClient v2.0.1 with webMethods' Integration 
>> Server (IS). IS
>> >=
>> >uses code units called packages to add functionality at runtime.
>> >I add httpclient to a package and everytime I execute with 
>> SSL, I get a
>> =
>> >javax.crypto.Cipher ClassNotFoundException. IS uses its own =
>> >JCE-implementation from company IAIK.=20
>> >There's no problem to create a new Cipher object within my 
>> package, but
>> =
>> >within httpClient. I think there's a ClassLoader problem.
>> >
>> >Is there a possibility to give the httpClient another 
>> ClassLoader? I =
>> >only found instanciation of class Cipher in class NTLM, but 
>> I don't use
>> =
>> >NTLM.
>> >
>> >Thanks,
>> >Sascha
>> >
>> >---------------------------------------------------------------------
>> >To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>> >For additional commands, e-mail: commons-user-help@jakarta.apache.org
>> >
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>> 
>> 
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: commons-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message