Return-Path: 
 <httpclient-users-return-11354-apmail-hc-httpclient-users-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org
Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 05610116F0
	for <apmail-hc-httpclient-users-archive@www.apache.org>;
 Tue, 14 May 2013 03:10:45 +0000 (UTC)
Received: (qmail 87224 invoked by uid 500); 14 May 2013 02:10:45 -0000
Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org
Received: (qmail 87144 invoked by uid 500); 14 May 2013 02:10:44 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 87123 invoked by uid 99); 14 May 2013 02:10:44 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 May 2013 02:10:44 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of sanikumbh@gmail.com designates
 209.85.214.172 as permitted sender)
Received: from [209.85.214.172] (HELO mail-ob0-f172.google.com)
 (209.85.214.172)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 May 2013 02:10:38 +0000
Received: by mail-ob0-f172.google.com with SMTP id tb18so631793obb.17
        for <httpclient-users@hc.apache.org>;
 Mon, 13 May 2013 19:10:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:content-type;
        bh=Y0h9nK+xrCS/yIqsLU+Hcsi708nFPrIxowPvi6fQ70Y=;
        b=rffL37uRDcsi83MLsvjFoQnjQF6PGZyBCVN1JF6EeAwT6WiT471XByf7K+Gnj9kXqk
         KyhPSr+v2MNJ1IGH3DwdayigasrlGj4ug9/dF1N7frSgoeSbaHXZ3WfZnbghaRgYzvx2
         FuiH4GqPKqoOQ8RUfKbrJrELkaB0XIRvcTXxdjUYFQmxb6kUOtKFVL2gA0XIdSilwG31
         31ihRpR63UU1r5FPZozE9hxEKZK1B7Fkfr2dSPRqiFIy/Efqx67PjJVuXkftNrO5bJWM
         /8spA3zKQcOrUIWeHXR8VrtgQDCnbjxxeKUvW794c3AALUvHICJaNc16ewa9y9zVx7Zy
         Izow==
MIME-Version: 1.0
X-Received: by 10.60.96.105 with SMTP id dr9mr14987828oeb.59.1368497417866;
 Mon, 13 May 2013 19:10:17 -0700 (PDT)
Received: by 10.182.22.137 with HTTP; Mon, 13 May 2013 19:10:17 -0700 (PDT)
In-Reply-To: <1367318808.2155.13.camel@ubuntu>
References: 
 <CAAZ6cWyKBWE4Rw7WR=uaQo22aqZntay2cxYF-pNLXixQ4f8v-A@mail.gmail.com>
	<1367318808.2155.13.camel@ubuntu>
Date: Mon, 13 May 2013 22:10:17 -0400
Message-ID: 
 <CAAZ6cWxTKntcW2q234dGEYrTS+Grs-UUAV+4jGHbJ+ivYA=oqg@mail.gmail.com>
Subject: Re: HTTP async client and accessing server certificate (SSL)
From: Sachin Nikumbh <sanikumbh@gmail.com>
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
Content-Type: multipart/alternative; boundary=089e012280f277d6be04dca4229c
X-Virus-Checked: Checked by ClamAV on apache.org

--089e012280f277d6be04dca4229c
Content-Type: text/plain; charset=ISO-8859-1

Hi Oleg,

Thanks a lot for the response. I have one more question.

In my client application, I need to provide extra authorization based on
the common name in the server certificate. I want to allow the
request-response exchange (I am sending a POST request) only after the
server passes this extra authorization step.

Is using BasicAsyncResponseConsumer going be too late for me to access the
server certificate?

I want the behavior similar to following sample code based
on HttpsURLConnection :

************************************************************************************************************
HttpsURLConnection urlConnection =
(HttpsURLConnection)madsUrl.openConnection();
urlConnection.setRequestMethod("POST");
...
...
urlConnection.connect(); //Establish connection for initial SSL handshake
String peerDN = urlConnection.getPeerPrincipal().getName();
if( isAuthorizedPeer(peerDN) ){
     // Now it's safe to write request data
     OutputStream oStream = urlConnection.getOutputStream();
     ...
     ...
}
************************************************************************************************************

Thanks once again
Sachin



On Tue, Apr 30, 2013 at 6:46 AM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Mon, 2013-04-29 at 11:27 -0400, Sachin Nikumbh wrote:
> > Hi,
> >
> > I am currently using the HTTP async client in my application to
> communicate
> > with a proprietary server. Now, I need to extend the functionality to
> > include HTTPS support. We need to provide client authentication and I
> have
> > the following picture of how I can provide client credentials.
> >
> > My first question is, is this the correct approach? Am I missing anything
> > here?
> >
> > ************************************************
> >
> > SSLContext context = ..... ; // Create with user provided
> > keystore/truststore
> >
> > AsyncScheme scheme = new AsyncScheme( "https", 9910, new
> > SSLLayeringStrategy(context) );
> >
> > HttpAsyncClient httpClientAsync = new DefaultHttpAsyncClient();
> >
> > PoolingClientAsyncConnectionManager connectionMgr =
> >
> (PoolingClientAsyncConnectionManager)httpClientAsync.getConnectionManager();
> >
> > AsyncSchemeRegistry asyncReg = connectionMgr.getSchemeRegistry();
> >
> > asyncReg.register(scheme);
> > ************************************************
> >
> > My second question is about server authorization for which I need access
> to
> > the server certificate. I need to get the CN value from the certificate
> > which I am later going to use internally. I am basically looking for
> > something similar to java.net.HttpsUrlConnection.getPeerPrincipal or
> > java.net.HttpsUrlConnection.getServerCertificates.
> >
> > Any help will be greatly appreciated.
> >
> > Thanks
> > Sachin
>
> You can get full access to the SSL session details from the local
> execution context:
>
> ---
> final HttpAsyncClient httpclient = new DefaultHttpAsyncClient();
> httpclient.start();
> try {
>     final HttpHost host = new HttpHost("www.verisign.com", -1, "https");
>     final HttpGet request = new HttpGet("/");
>     final BasicAsyncRequestProducer requestProducer = new
> BasicAsyncRequestProducer(host, request);
>     final BasicAsyncResponseConsumer responseConsumer = new
> BasicAsyncResponseConsumer() {
>
>         @Override
>         protected HttpResponse buildResult(final HttpContext context) {
>             final ManagedClientAsyncConnection conn =
> (ManagedClientAsyncConnection) context.getAttribute(
>                     ExecutionContext.HTTP_CONNECTION);
>             final SSLSession sslsession = conn.getSSLSession();
>             if (sslsession != null) {
>                 try {
>                     System.out.println(sslsession.getPeerPrincipal());
>                 } catch (final SSLPeerUnverifiedException e) {
>                 }
>             }
>             return super.buildResult(context);
>         }
>
>     };
>     final Future<HttpResponse> future =
> httpclient.execute(requestProducer, responseConsumer, null);
>     final HttpResponse response = future.get();
>     System.out.println("Response: " + response.getStatusLine());
>     System.out.println("Shutting down");
> } finally {
>     httpclient.shutdown();
> }
> ---
>
> Hope this helps
>
> Oleg
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

--089e012280f277d6be04dca4229c--