commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Cole" <sc...@camsbycbs.com>
Subject Re: Two-way SSL with HttpClient
Date Thu, 02 Jul 2009 12:27:25 GMT
Yes. I should have included this example before, but here's how we did it.
Our implementation of the AuthSSLProtocolSocketFactory didn't have the
constructor with the keystore and truststore urls, but they both accomplish
the same thing. The important thing is that the KeyManagers are created from
a KeyStore that contains any client certificates you want presented for
authentication and the TrustManagers are created using a keystore containing
trusted certificates for any servers you're going to connect to and want to
verify their authenticity....

    AuthSSLProtocolSocketFactory authSSLProtocolSocketFactory = new
AuthSSLProtocolSocketFactory();
    authSSLProtocolSocketFactory.keyStoreName       = keyStore;
    authSSLProtocolSocketFactory.keyStorePassword   = keyStorePassword;
    authSSLProtocolSocketFactory.trustStoreName     = trustStore;
    authSSLProtocolSocketFactory.trustStorePassword = trustStorePassword;
    Protocol myProtocol = new Protocol("https",
authSSLProtocolSocketFactory, 443);
    HttpClient httpClient = new HttpClient(new
MultiThreadedHttpConnectionManager());
    httpClient.getHostConfiguration().setHost(www.thehost.com, 443,
myProtocol);



----- Original Message ----- 
From: "Meeraj Kunnumpurath" <mkunnumpurath@googlemail.com>
To: "Commons Users List" <user@commons.apache.org>
Sent: Thursday, July 02, 2009 3:18 AM
Subject: Re: Two-way SSL with HttpClient


> Thanks Steve. I assume below are the links you have been referring to ..
>
> http://hc.apache.org/httpclient-3.x/sslguide.html
>
http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
>
> Ta
> Meeraj <http://hc.apache.org/httpclient-3.x/sslguide.html>
>
> On Wed, Jul 1, 2009 at 2:30 PM, Steve Cole <scole@camsbycbs.com> wrote:
>
> > Actually, there's a AuthSSLProtocolSocketFactory constructor that
includes
> > the Keystore URL and password.
> >
> > ----- Original Message -----
> > From: "Steve Cole" <scole@camsbycbs.com>
> > To: "Commons Users List" <user@commons.apache.org>
> > Sent: Wednesday, July 01, 2009 9:28 AM
> > Subject: Re: Two-way SSL with HttpClient
> >
> >
> > > If you mean, can HttpClient present a client certificate to the server
so
> > > the server can authenticate the client, then yes.
> > >
> > > Look at the SSL Guide and using AuthSSLProtocolSocketFactory. Use the
> > > AuthSSLProtocolSocketFactory.createKeyManagers method to setup the
> > > KeyManager array initialized from a keystore that contains the client
> > > certificate.
> > >
> > > ----- Original Message -----
> > > From: "Meeraj Kunnumpurath" <mkunnumpurath@googlemail.com>
> > > To: <user@commons.apache.org>
> > > Sent: Wednesday, July 01, 2009 9:07 AM
> > > Subject: Two-way SSL with HttpClient
> > >
> > >
> > > > Hi,
> > > > Can I do 2-way SSL with server authenticating the client with
commons
> > > > HttpClient? If yes, does anyone have an example?
> > > >
> > > > Thanks
> > > > Meeraj
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
> > > For additional commands, e-mail: user-help@commons.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
> > For additional commands, e-mail: user-help@commons.apache.org
> >
> >
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org


Mime
View raw message