Re: how to do client authentication

Thu, 29 Nov 2007 09:47:51 -0800

I don't want to omit keystore and truststore; I'm doing bidirectional (client and server) SSL authentication, that's the whole point.
Do you know why I get the SocketException? In general, has anyone successfully done both client and server SSL authentication with HttpClient without using the javax.net.ssl.keyStore and trustStore properties? 

Raul

On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:



On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:

Is there a way to do client authentication with HttpClient without
setting javax.net.ssl.keyStore?

I tried the following code after building the contrib files:

    HttpClient httpClient = new HttpClient();
    URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
    URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
    AuthSSLProtocolSocketFactory socketFactory =
        new AuthSSLProtocolSocketFactory(

                keyStoreURL, "keyStorePassword", trustStoreURL,  
"trustStorePassword");
    Protocol httpsProtocol = new Protocol(url.getProtocol(),  
socketFactory, url.getPort());
    httpClient.getHostConfiguration().setHost(url.getHost(),  
url.getPort(), httpsProtocol);


But this fails with:

    java.net.SocketException: Default SSL context init failed: null

Thanks,

Raul Acevedo
http://www.cantara.com



Paul,

(1) Keystore is optional. You can safely omit it.

(2) Implement a custom trust manager that trusts anything. This way  
you

will not need a truststore.

(3) Implement your own protocol socket factory that initializes the  
SSL

context with your own trust-anything trust manager. You can use
EasySSLProtocolSocketFactory as a starting point.

Hope this helps,

Oleg




---------------------------------------------------------------------

To unsubscribe, e-mail: httpclient-user- 
[EMAIL PROTECTED]
For additional commands, e-mail: httpclient-user- 
[EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]

For additional commands, e-mail: httpclient-user- 
[EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to