Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
Hi
Sorry for late reply, I am using JBoss AS provided SSL connector and my
configuration as:
connector name=https protocol=HTTP/1.1 scheme=https
socket-binding=https secure=true
ssl name=ssl key-alias=jbosskey password=changeit
certificate-key-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore
verify-client=want
ca-certificate-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore/
/connector and when I am calling from client code look like as:
void initializedCredential(){
System.setProperty(javax.net.ssl.trustStore,
D:/temp/client.jks);
System.setProperty(javax.net.ssl.trustStorePassword,
changeit);
// keystore has the certificates presented to the server when a
server
// requests one to authenticate this application to the server
System.setProperty(javax.net.ssl.keyStore, D:/temp/client.jks);
System.setProperty(javax.net.ssl.keyStorePassword, changeit);
}
public T Object post (String url, Map obj, ClassT class1) {
initializedCredential();
url = webServiceUrlUtil.getSearchClaimantURL() + url;
clientRequest = new ClientRequest(url);
ClientResponseT res = null;
try {
res = clientRequest.post(class1);
if (res == null) {
return null;
}
if (res != null res.getStatus() != 200) {
logger.debug(GET Response not getting correct
, Status Code:
+ res.getStatus());
throw new RuntimeException(Failed : HTTP
Webservice error :
+ res.serverError());
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getEntity();
}
Thanks
Mukul
-Original Message-
From: Weinan Li [mailto:l.wei...@gmail.com]
Sent: Friday, August 30, 2013 8:12 AM
To: Mukul Panwar
Cc: Bill Burke; resteasy-users@lists.sourceforge.net
Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate
authentication on jboss
--
Weinan Li
On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote:
Hi Bill
I also tried successfully to implement certificate authentication but SsL
handshake doing every time of request. Which should reuse the first handshake
session. Please suggest about it.
Hi Mukul, are you using the RESTEasy provided security solution (like skeleton
and resteasy-crypto) or JBoss AS provided SSL connector?
If you are using the SSL connection provided by JBoss AS, it could be a
configuration problem. Could you please provide the configs you've used so that
I could check it for you?
Thanks
Mukul
On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com
(mailto:bbu...@redhat.com) wrote:
I have used certs successfully before.
On 8/29/2013 9:31 AM, Mukul Panwar wrote:
Sent from my iPhone
Begin forwarded message:
*From:* muku...@hcl.com mailto:muku...@hcl.com
*Date:* August 29, 2013, 7:00:06 AM GMT+05:30
*To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com
*Cc:* resteasy-users@lists.sourceforge.net
(mailto:resteasy-users@lists.sourceforge.net)
mailto:resteasy-users@lists.sourceforge.net
*Subject:* *Regarding Ssl handshake during certificate authentication
on jboss*
Hi Bill
I have a resteasy client and doing post request . I also set the
keystore as trusted and cert key entries before sending the request.
The server also having import the client key in their keystore
certificate.
Means we are doing Two way mutual certificate authentication .
The client and server doing handshake successfully . But for each
request there is a new handshake where as they should use the session
of first Ssl handshake. Please suggest about or give any reference for
this.
Thanks
Mukul
::DISCLAIMER::
The contents of this e-mail and any attachment(s) are confidential and
intended for the named recipient(s) only.
E-mail transmission is not guaranteed to be secure or error-free as
information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or may contain viruses in
transmission. The e mail and its contents
(with or without referred errors) shall therefore not attach any
liability
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
Hi Wenian
I also tried now the similar approach by using a Http apache client library
whic is handling some internally and reusing the handshake.
But I want to user resteasy client library only and some how i want to reuse
that Ssl handshake.
Plz suggest something about resteasy api to handle it .
Thanks
Mukul
On Sep 3, 2013, at 6:44 PM, Weinan Li l.wei...@gmail.com wrote:
--
Weinan Li
On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote:
Hi
Sorry for late reply, I am using JBoss AS provided SSL connector and my
configuration as:
connector name=https protocol=HTTP/1.1 scheme=https
socket-binding=https secure=true
ssl name=ssl key-alias=jbosskey password=changeit
certificate-key-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore
verify-client=want
ca-certificate-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore/
Server side config looks fine.
/connector and when I am calling from client code look like as:
void initializedCredential(){
System.setProperty(javax.net.ssl.trustStore, D:/temp/client.jks);
System.setProperty(javax.net.ssl.trustStorePassword, changeit);
// keystore has the certificates presented to the server when a server
// requests one to authenticate this application to the server
System.setProperty(javax.net.ssl.keyStore, D:/temp/client.jks);
System.setProperty(javax.net.ssl.keyStorePassword, changeit);
}
I believe the problem is that you haven't stored the SSLContext in client so
that it creates a new one(with SSL handshake) each time.
Here are some codes that I have used before that holding the context in
client side:
private Socket clientWithCert() throws Exception {
SSLContext context = SSLContext.getInstance(TLS);
KeyStore ks = KeyStore.getInstance(jceks);
ks.load(new FileInputStream(CLIENT_KEY_STORE), null);
KeyManagerFactory kf = KeyManagerFactory.getInstance(SunX509);
kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
context.init(kf.getKeyManagers(), null, null);
SocketFactory factory = context.getSocketFactory();
Socket s = factory.createSocket(localhost, 8443);
return s;
}
With above method you have to use Socket intend of RESTEasy client api. If
you reuse the context then you don't have to do a new SSL handshake with
Server each time.
I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how it
could be setup to use SSL. I'll do more research on it and give you feedback
soon.
public T Object post (String url, Map obj, ClassT class1)
{initializedCredential();
url = webServiceUrlUtil.getSearchClaimantURL() + url;
clientRequest = new ClientRequest(url);
ClientResponseT res = null;
try {
res = clientRequest.post(class1);
if (res == null) {
return null;
}
if (res != null res.getStatus() != 200) {
logger.debug(GET Response not getting correct , Status Code:
+ res.getStatus());
throw new RuntimeException(Failed : HTTP Webservice error :
+ res.serverError());
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getEntity();
}
Thanks
Mukul
-Original Message-
From: Weinan Li [mailto:l.wei...@gmail.com]
Sent: Friday, August 30, 2013 8:12 AM
To: Mukul Panwar
Cc: Bill Burke; resteasy-users@lists.sourceforge.net
(mailto:resteasy-users@lists.sourceforge.net)
Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during
certificate authentication on jboss
--
Weinan Li
On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote:
Hi Bill
I also tried successfully to implement certificate authentication but SsL
handshake doing every time of request. Which should reuse the first
handshake session. Please suggest about it.
Hi Mukul, are you using the RESTEasy provided security solution (like
skeleton and resteasy-crypto) or JBoss AS provided SSL connector?
If you are using the SSL connection provided by JBoss AS, it could be a
configuration problem. Could you please provide the configs you've used so
that I could check it for you?
Thanks
Mukul
On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com
(mailto:bbu...@redhat.com) wrote:
I have used certs successfully before.
On 8/29/2013 9:31 AM, Mukul Panwar wrote:
Sent from my iPhone
Begin forwarded message:
*From:* muku...@hcl.com mailto:muku...@hcl.com
*Date:* August 29, 2013, 7:00:06 AM GMT+05:30
*To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com
*Cc:* resteasy-users@lists.sourceforge.net
(mailto:resteasy-users@lists.sourceforge.net)
mailto:resteasy-users@lists.sourceforge.net
*Subject:* *Regarding Ssl handshake during certificate authentication
on jboss*
Hi Bill
I have a resteasy client and doing post request . I also set the
keystore as trusted and cert key entries before sending the request.
The server also having import the client key
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
--
Weinan Li
On Wednesday, September 4, 2013 at 3:16 AM, Mukul Panwar wrote:
Hi Wenian
I also tried now the similar approach by using a Http apache client library
whic is handling some internally and reusing the handshake.
But I want to user resteasy client library only and some how i want to reuse
that Ssl handshake.
Plz suggest something about resteasy api to handle it .
Hi Mukul, I haven't looked into details of the JAX-RS 2.0 Client API . I'll do
some research and give you my findings soon.
Thanks
Mukul
On Sep 3, 2013, at 6:44 PM, Weinan Li l.wei...@gmail.com
(mailto:l.wei...@gmail.com) wrote:
--
Weinan Li
On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote:
Hi
Sorry for late reply, I am using JBoss AS provided SSL connector and my
configuration as:
connector name=https protocol=HTTP/1.1 scheme=https
socket-binding=https secure=true
ssl name=ssl key-alias=jbosskey password=changeit
certificate-key-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore
verify-client=want
ca-certificate-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore/
Server side config looks fine.
/connector and when I am calling from client code look like as:
void initializedCredential(){
System.setProperty(javax.net.ssl.trustStore, D:/temp/client.jks);
System.setProperty(javax.net.ssl.trustStorePassword, changeit);
// keystore has the certificates presented to the server when a server
// requests one to authenticate this application to the server
System.setProperty(javax.net.ssl.keyStore, D:/temp/client.jks);
System.setProperty(javax.net.ssl.keyStorePassword, changeit);
}
I believe the problem is that you haven't stored the SSLContext in client
so that it creates a new one(with SSL handshake) each time.
Here are some codes that I have used before that holding the context in
client side:
private Socket clientWithCert() throws Exception {
SSLContext context = SSLContext.getInstance(TLS);
KeyStore ks = KeyStore.getInstance(jceks);
ks.load(new FileInputStream(CLIENT_KEY_STORE), null);
KeyManagerFactory kf = KeyManagerFactory.getInstance(SunX509);
kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
context.init(kf.getKeyManagers(), null, null);
SocketFactory factory = context.getSocketFactory();
Socket s = factory.createSocket(localhost, 8443);
return s;
}
With above method you have to use Socket intend of RESTEasy client api. If
you reuse the context then you don't have to do a new SSL handshake with
Server each time.
I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how
it could be setup to use SSL. I'll do more research on it and give you
feedback soon.
public T Object post (String url, Map obj, ClassT class1)
{initializedCredential();
url = webServiceUrlUtil.getSearchClaimantURL() + url;
clientRequest = new ClientRequest(url);
ClientResponseT res = null;
try {
res = clientRequest.post(class1);
if (res == null) {
return null;
}
if (res != null res.getStatus() != 200) {
logger.debug(GET Response not getting correct , Status Code:
+ res.getStatus());
throw new RuntimeException(Failed : HTTP Webservice error :
+ res.serverError());
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getEntity();
}
Thanks
Mukul
-Original Message-
From: Weinan Li [mailto:l.wei...@gmail.com]
Sent: Friday, August 30, 2013 8:12 AM
To: Mukul Panwar
Cc: Bill Burke; resteasy-users@lists.sourceforge.net
(mailto:resteasy-users@lists.sourceforge.net)
Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during
certificate authentication on jboss
--
Weinan Li
On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote:
Hi Bill
I also tried successfully to implement certificate authentication but
SsL handshake doing every time of request. Which should reuse the first
handshake session. Please suggest about it.
Hi Mukul, are you using the RESTEasy provided security solution (like
skeleton and resteasy-crypto) or JBoss AS provided SSL connector?
If you are using the SSL connection provided by JBoss AS, it could be a
configuration problem. Could you please provide the configs you've used
so that I could check it for you?
Thanks
Mukul
On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com
(mailto:bbu...@redhat.com) wrote:
I have used certs successfully before.
On 8/29/2013 9:31 AM, Mukul Panwar wrote:
Sent from my iPhone
Begin forwarded message:
*From:* muku...@hcl.com mailto:muku
[Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
Sent from my iPhone Begin forwarded message: From: muku...@hcl.com Date: August 29, 2013, 7:00:06 AM GMT05:30 To: Bill Burke bbu...@redhat.com Cc: resteasy-users@lists.sourceforge.net Subject: Regarding Ssl handshake during certificate authentication on jboss Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key in their keystore certificate. Means we are doing Two way mutual certificate authentication . The client and server doing handshake successfully . But for each request there is a new handshake where as they should use the session of first Ssl handshake. Please suggest about or give any reference for this. Thanks Mukul ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
I have used certs successfully before. On 8/29/2013 9:31 AM, Mukul Panwar wrote: Sent from my iPhone Begin forwarded message: *From:* muku...@hcl.com mailto:muku...@hcl.com *Date:* August 29, 2013, 7:00:06 AM GMT+05:30 *To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com *Cc:* resteasy-users@lists.sourceforge.net mailto:resteasy-users@lists.sourceforge.net *Subject:* *Regarding Ssl handshake during certificate authentication on jboss* Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key in their keystore certificate. Means we are doing Two way mutual certificate authentication . The client and server doing handshake successfully . But for each request there is a new handshake where as they should use the session of first Ssl handshake. Please suggest about or give any reference for this. Thanks Mukul ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
-- Weinan Li On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote: Hi Bill I also tried successfully to implement certificate authentication but SsL handshake doing every time of request. Which should reuse the first handshake session. Please suggest about it. Hi Mukul, are you using the RESTEasy provided security solution (like skeleton and resteasy-crypto) or JBoss AS provided SSL connector? If you are using the SSL connection provided by JBoss AS, it could be a configuration problem. Could you please provide the configs you've used so that I could check it for you? Thanks Mukul On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com (mailto:bbu...@redhat.com) wrote: I have used certs successfully before. On 8/29/2013 9:31 AM, Mukul Panwar wrote: Sent from my iPhone Begin forwarded message: *From:* muku...@hcl.com mailto:muku...@hcl.com *Date:* August 29, 2013, 7:00:06 AM GMT+05:30 *To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com *Cc:* resteasy-users@lists.sourceforge.net (mailto:resteasy-users@lists.sourceforge.net) mailto:resteasy-users@lists.sourceforge.net *Subject:* *Regarding Ssl handshake during certificate authentication on jboss* Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key in their keystore certificate. Means we are doing Two way mutual certificate authentication . The client and server doing handshake successfully . But for each request there is a new handshake where as they should use the session of first Ssl handshake. Please suggest about or give any reference for this. Thanks Mukul ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net (mailto:Resteasy-users@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/resteasy-users -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net (mailto:Resteasy-users@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/resteasy-users -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft
