Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
Hi Sorry for late reply, I am using JBoss AS provided SSL connector and my configuration as: connector name=https protocol=HTTP/1.1 scheme=https socket-binding=https secure=true ssl name=ssl key-alias=jbosskey password=changeit certificate-key-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore verify-client=want ca-certificate-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore/ /connector and when I am calling from client code look like as: void initializedCredential(){ System.setProperty(javax.net.ssl.trustStore, D:/temp/client.jks); System.setProperty(javax.net.ssl.trustStorePassword, changeit); // keystore has the certificates presented to the server when a server // requests one to authenticate this application to the server System.setProperty(javax.net.ssl.keyStore, D:/temp/client.jks); System.setProperty(javax.net.ssl.keyStorePassword, changeit); } public T Object post (String url, Map obj, ClassT class1) { initializedCredential(); url = webServiceUrlUtil.getSearchClaimantURL() + url; clientRequest = new ClientRequest(url); ClientResponseT res = null; try { res = clientRequest.post(class1); if (res == null) { return null; } if (res != null res.getStatus() != 200) { logger.debug(GET Response not getting correct , Status Code: + res.getStatus()); throw new RuntimeException(Failed : HTTP Webservice error : + res.serverError()); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return res.getEntity(); } Thanks Mukul -Original Message- From: Weinan Li [mailto:l.wei...@gmail.com] Sent: Friday, August 30, 2013 8:12 AM To: Mukul Panwar Cc: Bill Burke; resteasy-users@lists.sourceforge.net Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss -- Weinan Li On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote: Hi Bill I also tried successfully to implement certificate authentication but SsL handshake doing every time of request. Which should reuse the first handshake session. Please suggest about it. Hi Mukul, are you using the RESTEasy provided security solution (like skeleton and resteasy-crypto) or JBoss AS provided SSL connector? If you are using the SSL connection provided by JBoss AS, it could be a configuration problem. Could you please provide the configs you've used so that I could check it for you? Thanks Mukul On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com (mailto:bbu...@redhat.com) wrote: I have used certs successfully before. On 8/29/2013 9:31 AM, Mukul Panwar wrote: Sent from my iPhone Begin forwarded message: *From:* muku...@hcl.com mailto:muku...@hcl.com *Date:* August 29, 2013, 7:00:06 AM GMT+05:30 *To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com *Cc:* resteasy-users@lists.sourceforge.net (mailto:resteasy-users@lists.sourceforge.net) mailto:resteasy-users@lists.sourceforge.net *Subject:* *Regarding Ssl handshake during certificate authentication on jboss* Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key in their keystore certificate. Means we are doing Two way mutual certificate authentication . The client and server doing handshake successfully . But for each request there is a new handshake where as they should use the session of first Ssl handshake. Please suggest about or give any reference for this. Thanks Mukul ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
Hi Wenian I also tried now the similar approach by using a Http apache client library whic is handling some internally and reusing the handshake. But I want to user resteasy client library only and some how i want to reuse that Ssl handshake. Plz suggest something about resteasy api to handle it . Thanks Mukul On Sep 3, 2013, at 6:44 PM, Weinan Li l.wei...@gmail.com wrote: -- Weinan Li On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote: Hi Sorry for late reply, I am using JBoss AS provided SSL connector and my configuration as: connector name=https protocol=HTTP/1.1 scheme=https socket-binding=https secure=true ssl name=ssl key-alias=jbosskey password=changeit certificate-key-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore verify-client=want ca-certificate-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore/ Server side config looks fine. /connector and when I am calling from client code look like as: void initializedCredential(){ System.setProperty(javax.net.ssl.trustStore, D:/temp/client.jks); System.setProperty(javax.net.ssl.trustStorePassword, changeit); // keystore has the certificates presented to the server when a server // requests one to authenticate this application to the server System.setProperty(javax.net.ssl.keyStore, D:/temp/client.jks); System.setProperty(javax.net.ssl.keyStorePassword, changeit); } I believe the problem is that you haven't stored the SSLContext in client so that it creates a new one(with SSL handshake) each time. Here are some codes that I have used before that holding the context in client side: private Socket clientWithCert() throws Exception { SSLContext context = SSLContext.getInstance(TLS); KeyStore ks = KeyStore.getInstance(jceks); ks.load(new FileInputStream(CLIENT_KEY_STORE), null); KeyManagerFactory kf = KeyManagerFactory.getInstance(SunX509); kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray()); context.init(kf.getKeyManagers(), null, null); SocketFactory factory = context.getSocketFactory(); Socket s = factory.createSocket(localhost, 8443); return s; } With above method you have to use Socket intend of RESTEasy client api. If you reuse the context then you don't have to do a new SSL handshake with Server each time. I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how it could be setup to use SSL. I'll do more research on it and give you feedback soon. public T Object post (String url, Map obj, ClassT class1) {initializedCredential(); url = webServiceUrlUtil.getSearchClaimantURL() + url; clientRequest = new ClientRequest(url); ClientResponseT res = null; try { res = clientRequest.post(class1); if (res == null) { return null; } if (res != null res.getStatus() != 200) { logger.debug(GET Response not getting correct , Status Code: + res.getStatus()); throw new RuntimeException(Failed : HTTP Webservice error : + res.serverError()); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return res.getEntity(); } Thanks Mukul -Original Message- From: Weinan Li [mailto:l.wei...@gmail.com] Sent: Friday, August 30, 2013 8:12 AM To: Mukul Panwar Cc: Bill Burke; resteasy-users@lists.sourceforge.net (mailto:resteasy-users@lists.sourceforge.net) Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss -- Weinan Li On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote: Hi Bill I also tried successfully to implement certificate authentication but SsL handshake doing every time of request. Which should reuse the first handshake session. Please suggest about it. Hi Mukul, are you using the RESTEasy provided security solution (like skeleton and resteasy-crypto) or JBoss AS provided SSL connector? If you are using the SSL connection provided by JBoss AS, it could be a configuration problem. Could you please provide the configs you've used so that I could check it for you? Thanks Mukul On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com (mailto:bbu...@redhat.com) wrote: I have used certs successfully before. On 8/29/2013 9:31 AM, Mukul Panwar wrote: Sent from my iPhone Begin forwarded message: *From:* muku...@hcl.com mailto:muku...@hcl.com *Date:* August 29, 2013, 7:00:06 AM GMT+05:30 *To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com *Cc:* resteasy-users@lists.sourceforge.net (mailto:resteasy-users@lists.sourceforge.net) mailto:resteasy-users@lists.sourceforge.net *Subject:* *Regarding Ssl handshake during certificate authentication on jboss* Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
-- Weinan Li On Wednesday, September 4, 2013 at 3:16 AM, Mukul Panwar wrote: Hi Wenian I also tried now the similar approach by using a Http apache client library whic is handling some internally and reusing the handshake. But I want to user resteasy client library only and some how i want to reuse that Ssl handshake. Plz suggest something about resteasy api to handle it . Hi Mukul, I haven't looked into details of the JAX-RS 2.0 Client API . I'll do some research and give you my findings soon. Thanks Mukul On Sep 3, 2013, at 6:44 PM, Weinan Li l.wei...@gmail.com (mailto:l.wei...@gmail.com) wrote: -- Weinan Li On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote: Hi Sorry for late reply, I am using JBoss AS provided SSL connector and my configuration as: connector name=https protocol=HTTP/1.1 scheme=https socket-binding=https secure=true ssl name=ssl key-alias=jbosskey password=changeit certificate-key-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore verify-client=want ca-certificate-file=D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore/ Server side config looks fine. /connector and when I am calling from client code look like as: void initializedCredential(){ System.setProperty(javax.net.ssl.trustStore, D:/temp/client.jks); System.setProperty(javax.net.ssl.trustStorePassword, changeit); // keystore has the certificates presented to the server when a server // requests one to authenticate this application to the server System.setProperty(javax.net.ssl.keyStore, D:/temp/client.jks); System.setProperty(javax.net.ssl.keyStorePassword, changeit); } I believe the problem is that you haven't stored the SSLContext in client so that it creates a new one(with SSL handshake) each time. Here are some codes that I have used before that holding the context in client side: private Socket clientWithCert() throws Exception { SSLContext context = SSLContext.getInstance(TLS); KeyStore ks = KeyStore.getInstance(jceks); ks.load(new FileInputStream(CLIENT_KEY_STORE), null); KeyManagerFactory kf = KeyManagerFactory.getInstance(SunX509); kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray()); context.init(kf.getKeyManagers(), null, null); SocketFactory factory = context.getSocketFactory(); Socket s = factory.createSocket(localhost, 8443); return s; } With above method you have to use Socket intend of RESTEasy client api. If you reuse the context then you don't have to do a new SSL handshake with Server each time. I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how it could be setup to use SSL. I'll do more research on it and give you feedback soon. public T Object post (String url, Map obj, ClassT class1) {initializedCredential(); url = webServiceUrlUtil.getSearchClaimantURL() + url; clientRequest = new ClientRequest(url); ClientResponseT res = null; try { res = clientRequest.post(class1); if (res == null) { return null; } if (res != null res.getStatus() != 200) { logger.debug(GET Response not getting correct , Status Code: + res.getStatus()); throw new RuntimeException(Failed : HTTP Webservice error : + res.serverError()); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return res.getEntity(); } Thanks Mukul -Original Message- From: Weinan Li [mailto:l.wei...@gmail.com] Sent: Friday, August 30, 2013 8:12 AM To: Mukul Panwar Cc: Bill Burke; resteasy-users@lists.sourceforge.net (mailto:resteasy-users@lists.sourceforge.net) Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss -- Weinan Li On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote: Hi Bill I also tried successfully to implement certificate authentication but SsL handshake doing every time of request. Which should reuse the first handshake session. Please suggest about it. Hi Mukul, are you using the RESTEasy provided security solution (like skeleton and resteasy-crypto) or JBoss AS provided SSL connector? If you are using the SSL connection provided by JBoss AS, it could be a configuration problem. Could you please provide the configs you've used so that I could check it for you? Thanks Mukul On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com (mailto:bbu...@redhat.com) wrote: I have used certs successfully before. On 8/29/2013 9:31 AM, Mukul Panwar wrote: Sent from my iPhone Begin forwarded message: *From:* muku...@hcl.com mailto:muku
[Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
Sent from my iPhone Begin forwarded message: From: muku...@hcl.com Date: August 29, 2013, 7:00:06 AM GMT05:30 To: Bill Burke bbu...@redhat.com Cc: resteasy-users@lists.sourceforge.net Subject: Regarding Ssl handshake during certificate authentication on jboss Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key in their keystore certificate. Means we are doing Two way mutual certificate authentication . The client and server doing handshake successfully . But for each request there is a new handshake where as they should use the session of first Ssl handshake. Please suggest about or give any reference for this. Thanks Mukul ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
I have used certs successfully before. On 8/29/2013 9:31 AM, Mukul Panwar wrote: Sent from my iPhone Begin forwarded message: *From:* muku...@hcl.com mailto:muku...@hcl.com *Date:* August 29, 2013, 7:00:06 AM GMT+05:30 *To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com *Cc:* resteasy-users@lists.sourceforge.net mailto:resteasy-users@lists.sourceforge.net *Subject:* *Regarding Ssl handshake during certificate authentication on jboss* Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key in their keystore certificate. Means we are doing Two way mutual certificate authentication . The client and server doing handshake successfully . But for each request there is a new handshake where as they should use the session of first Ssl handshake. Please suggest about or give any reference for this. Thanks Mukul ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
-- Weinan Li On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote: Hi Bill I also tried successfully to implement certificate authentication but SsL handshake doing every time of request. Which should reuse the first handshake session. Please suggest about it. Hi Mukul, are you using the RESTEasy provided security solution (like skeleton and resteasy-crypto) or JBoss AS provided SSL connector? If you are using the SSL connection provided by JBoss AS, it could be a configuration problem. Could you please provide the configs you've used so that I could check it for you? Thanks Mukul On Aug 29, 2013, at 7:11 PM, Bill Burke bbu...@redhat.com (mailto:bbu...@redhat.com) wrote: I have used certs successfully before. On 8/29/2013 9:31 AM, Mukul Panwar wrote: Sent from my iPhone Begin forwarded message: *From:* muku...@hcl.com mailto:muku...@hcl.com *Date:* August 29, 2013, 7:00:06 AM GMT+05:30 *To:* Bill Burke bbu...@redhat.com mailto:bbu...@redhat.com *Cc:* resteasy-users@lists.sourceforge.net (mailto:resteasy-users@lists.sourceforge.net) mailto:resteasy-users@lists.sourceforge.net *Subject:* *Regarding Ssl handshake during certificate authentication on jboss* Hi Bill I have a resteasy client and doing post request . I also set the keystore as trusted and cert key entries before sending the request. The server also having import the client key in their keystore certificate. Means we are doing Two way mutual certificate authentication . The client and server doing handshake successfully . But for each request there is a new handshake where as they should use the session of first Ssl handshake. Please suggest about or give any reference for this. Thanks Mukul ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net (mailto:Resteasy-users@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/resteasy-users -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net (mailto:Resteasy-users@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/resteasy-users -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft