hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nishant Agrawal" <Nishant.Agra...@infogain.com>
Subject RE: SSL over HTTPClient
Date Tue, 27 Dec 2005 17:41:44 GMT
Thanks Oleg.

 

 

 

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: Tuesday, December 27, 2005 10:27 PM
To: httpclient-user@jakarta.apache.org
Subject: Re: SSL over HTTPClient

 

On Mon, Dec 26, 2005 at 10:39:36PM +0530, Nishant Agrawal wrote:

> Hi,

> 

>  

> 

> I use a custom SecureProtocolSocketFactory, similar to the one at

>
http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trun

>
k/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolS

> ocketFactory.java?view=markup

>  

> 

> I provde it a keystore and a truststore, and corresponding passwords.

> 

>  

> 

> Now I do following :

> 

>  

> 

> HostConfiguration hostConfig = new HostConfiguration();

> hostConfig.setHost("www.myurl.com", 443, myhttps);

> 

>  

> 

> In keystore I have lot many aliases, how does API find which alias to
be

> used for this specific URL(www.myurl.com <http://www.myurl.com/> ).

> 

> 

Nishant,

 

The KeyStore#aliases() will give you an enumeration of all aliases in a

keystore

 

The KeyStore#getCertificateChain(String) will give you an array of

certificates associated with a given alias.

 

I _believe_ the trust manager factory will generate one trust manager

per alias / certificate chain. It is usually sufficient that at least

one trust manager will recognize a certificate chain as a valid one.

 

-- If I send to 2 different servers (at 2 different URLs),

-- how will implementation decide as to which manager to use, for
present key-cert combo to each server.

-- here I assume that each different server recognizes this same client
application, by different identities.

 

--For e.g.:

--ClientApp has 2 keyManagers 

---1. KeyManager_A ( key_a, certChain_a)

---2. KeyManager_b ( key_b, certChain_b)

-- server_a identifies certChain_a only.

-- server_b identifies certChain_b only.

 

 

Hope this helps

 

Oleg

 

 

> 

> Regards,

> 

> Nishant Agrawal

> 

 

---------------------------------------------------------------------

To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org

For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message