public GPSSL() {
String URLs = "https://myserver.doamin.kz";;
URL url = new URL(URLs);
con = (HttpsURLConnection) url.openConnection();
con.setSSLSocketFactory(getFactory(new File("key/keys.p12"),
"1234"));
Authenticator.setDefault(new MyAuthenticator());
con.setAllowUserInteraction(true);
con.setUseCaches(false);
con.setAllowUserInteraction(false);
con.setDoOutput(true);
con.setDoInput(true);
//con.setRequestProperty("Content-Type","application/xml; charset=utf-8");
con.connect();
System.out.println(con.getResponseCode());
}
class MyAuthenticator extends Authenticator {
protected PasswordAuthentication getPasswordAuthentication() {
PasswordAuthentication passwordAuthentication = new
PasswordAuthentication("domain\\Grigoriy.Polyakov", "12345".toCharArray());
con.getRequestProperties();
return passwordAuthentication;
}
}
private SSLSocketFactory getFactory(File pKeyFile, String
pKeyPassword) throws NoSuchAlgorithmException, KeyStoreException,
IOException, CertificateException, UnrecoverableKeyException,
KeyManagementException {
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream keyInput = new FileInputStream(pKeyFile);
keyStore.load(keyInput, pKeyPassword.toCharArray());
keyInput.close();
keyManagerFactory.init(keyStore, pKeyPassword.toCharArray());
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[]
x509Certificates, String s) throws CertificateException {
//To change body of implemented methods use File |
Settings | File Templates.
}
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[]
certs, String authType) {
}
}
};
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), trustAllCerts,
new SecureRandom());
return context.getSocketFactory();
}
28.11.13, 15:23 пользователь "Oleg Kalnichevski" <[email protected]>
написал:
>On Wed, 2013-11-27 at 19:24 +0100, Joan Balagueró wrote:
>> Hello,
>>
>>
>>
>> I have an application (servlet running on tomcat) that must send a https
>> request to a server that requires client authentication.
>>
>>
>>
>> Tomcat has correctly installed the truststore and keystore. But I
>>understand
>> that when our app sends the https request, I have to attach the client
>> authentication required by the server.
>>
>>
>>
>> Can anyone address to any doc where I can see how to do this?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> J.
>>
>
>There is enough good material on SSL fundamentals on the web. Just
>google it out.
>
>As far as HC APIs are concerned SSLContextBuilder should help you set up
>the correct SSL context for your application. Most likely you will need
>to load the private key and add it to the context using this method [1].
>
>Oleg
>
>[1]
>http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/apidocs/org/ap
>ache/http/conn/ssl/SSLContextBuilder.html#loadKeyMaterial%28java.security.
>KeyStore,%20char[],%20org.apache.http.conn.ssl.PrivateKeyStrategy%29
>
>>
>>
>>
>>
>>
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [email protected]
>For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
