hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: how to do client authentication
Date Thu, 29 Nov 2007 11:19:09 GMT

On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
> Is there a way to do client authentication with HttpClient without
> setting javax.net.ssl.keyStore?
> 
> I tried the following code after building the contrib files:
> 
>     HttpClient httpClient = new HttpClient();
>     URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
>     URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
>     AuthSSLProtocolSocketFactory socketFactory =
>         new AuthSSLProtocolSocketFactory(
>                 keyStoreURL, "keyStorePassword", trustStoreURL, "trustStorePassword");
>     Protocol httpsProtocol = new Protocol(url.getProtocol(), socketFactory, url.getPort());
>     httpClient.getHostConfiguration().setHost(url.getHost(), url.getPort(), httpsProtocol);
> 
> But this fails with:
> 
>     java.net.SocketException: Default SSL context init failed: null
> 
> Thanks,
> 
> Raul Acevedo
> http://www.cantara.com
> 

Paul,

(1) Keystore is optional. You can safely omit it.
(2) Implement a custom trust manager that trusts anything. This way you
will not need a truststore.
(3) Implement your own protocol socket factory that initializes the SSL
context with your own trust-anything trust manager. You can use
EasySSLProtocolSocketFactory as a starting point.

Hope this helps,

Oleg

> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message