hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sachin Nikumbh <saniku...@gmail.com>
Subject Re: HTTP async client and accessing server certificate (SSL)
Date Tue, 14 May 2013 02:10:17 GMT
Hi Oleg,

Thanks a lot for the response. I have one more question.

In my client application, I need to provide extra authorization based on
the common name in the server certificate. I want to allow the
request-response exchange (I am sending a POST request) only after the
server passes this extra authorization step.

Is using BasicAsyncResponseConsumer going be too late for me to access the
server certificate?

I want the behavior similar to following sample code based
on HttpsURLConnection :

************************************************************************************************************
HttpsURLConnection urlConnection =
(HttpsURLConnection)madsUrl.openConnection();
urlConnection.setRequestMethod("POST");
...
...
urlConnection.connect(); //Establish connection for initial SSL handshake
String peerDN = urlConnection.getPeerPrincipal().getName();
if( isAuthorizedPeer(peerDN) ){
     // Now it's safe to write request data
     OutputStream oStream = urlConnection.getOutputStream();
     ...
     ...
}
************************************************************************************************************

Thanks once again
Sachin



On Tue, Apr 30, 2013 at 6:46 AM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Mon, 2013-04-29 at 11:27 -0400, Sachin Nikumbh wrote:
> > Hi,
> >
> > I am currently using the HTTP async client in my application to
> communicate
> > with a proprietary server. Now, I need to extend the functionality to
> > include HTTPS support. We need to provide client authentication and I
> have
> > the following picture of how I can provide client credentials.
> >
> > My first question is, is this the correct approach? Am I missing anything
> > here?
> >
> > ************************************************
> >
> > SSLContext context = ..... ; // Create with user provided
> > keystore/truststore
> >
> > AsyncScheme scheme = new AsyncScheme( "https", 9910, new
> > SSLLayeringStrategy(context) );
> >
> > HttpAsyncClient httpClientAsync = new DefaultHttpAsyncClient();
> >
> > PoolingClientAsyncConnectionManager connectionMgr =
> >
> (PoolingClientAsyncConnectionManager)httpClientAsync.getConnectionManager();
> >
> > AsyncSchemeRegistry asyncReg = connectionMgr.getSchemeRegistry();
> >
> > asyncReg.register(scheme);
> > ************************************************
> >
> > My second question is about server authorization for which I need access
> to
> > the server certificate. I need to get the CN value from the certificate
> > which I am later going to use internally. I am basically looking for
> > something similar to java.net.HttpsUrlConnection.getPeerPrincipal or
> > java.net.HttpsUrlConnection.getServerCertificates.
> >
> > Any help will be greatly appreciated.
> >
> > Thanks
> > Sachin
>
> You can get full access to the SSL session details from the local
> execution context:
>
> ---
> final HttpAsyncClient httpclient = new DefaultHttpAsyncClient();
> httpclient.start();
> try {
>     final HttpHost host = new HttpHost("www.verisign.com", -1, "https");
>     final HttpGet request = new HttpGet("/");
>     final BasicAsyncRequestProducer requestProducer = new
> BasicAsyncRequestProducer(host, request);
>     final BasicAsyncResponseConsumer responseConsumer = new
> BasicAsyncResponseConsumer() {
>
>         @Override
>         protected HttpResponse buildResult(final HttpContext context) {
>             final ManagedClientAsyncConnection conn =
> (ManagedClientAsyncConnection) context.getAttribute(
>                     ExecutionContext.HTTP_CONNECTION);
>             final SSLSession sslsession = conn.getSSLSession();
>             if (sslsession != null) {
>                 try {
>                     System.out.println(sslsession.getPeerPrincipal());
>                 } catch (final SSLPeerUnverifiedException e) {
>                 }
>             }
>             return super.buildResult(context);
>         }
>
>     };
>     final Future<HttpResponse> future =
> httpclient.execute(requestProducer, responseConsumer, null);
>     final HttpResponse response = future.get();
>     System.out.println("Response: " + response.getStatusLine());
>     System.out.println("Shutting down");
> } finally {
>     httpclient.shutdown();
> }
> ---
>
> Hope this helps
>
> Oleg
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message