Load the certs into two separate key stores (client and server, obviously).
Server side “logs in” with the server side certificate, using the server’s key store. Client side “logs in” with the client side certificate against the client key store. I believe (but you’ll have to test it) that on the server side, in the service, you can then use ServerContext.getServerContextElement(ClientSubject.class) to retrieve the client’s Subject, which you can then verify. You might also find this link useful: http://jan.newmarch.name/java/jini/tutorial/AdvancedSecurity.html Cheers, Greg Trasuk. On Jun 20, 2014, at 9:18 AM, Enrico Olivelli - Diennea <[email protected]> wrote: > Thank you for your reply > but I have a specific request from IT guys to use a specific PKCS12 > certificate on the server endpoint > and we would like to validate from the application the client certificate > > Should I have to subclass or modify SSLEndpoint directly ? > > > Enrico Olivelli > Software Development Manager @Diennea > Tel.: (+39) 0546 667432 - Int. 925 > Viale G.Marconi 30/14 - 48018 Faenza (RA) > > MagNews - E-mail Marketing Solutions > http://www.magnews.it > Diennea - Digital Marketing Solutions > http://www.diennea.com > > > > -----Messaggio originale----- > Da: Greg Trasuk [mailto:[email protected]] > Inviato: venerdì 20 giugno 2014 15:01 > A: [email protected] > Oggetto: Re: SSL Mutual Autentication using JERI > > Hi Enrico: > > It’s been a while since I’ve used the SSL providers, but if I remember > correctly, you don’t setup the endpoints with the certs directly. Rather, > you use JAAS to create a login module that you “login” to, so the > appropriate certs get loaded into the Subject’s private credentials. Then you > use Subject.doAs(..) using the Subject that is authenticated in the login > module. > > Have a look in the source distribution at > ‘com.sun.jini.reggie.RegistrarImpl’, method ‘loginAndRun(…)’. > > Cheers, > > Greg Trasuk. > > On Jun 19, 2014, at 10:45 AM, Enrico Olivelli - Diennea > <[email protected]> wrote: > >> Hi, >> I would like to implement SSL mutual auth using >> net.jini.jeri.ssl.SslEndpoint and net.jini.jeri.ssl.SslServerEndpoint. >> I'm using these classes directly from Java Code and not using >> configuration files >> >> My project is a fork of >> http://sourceforge.net/p/inkcdi/code/HEAD/tree/trunk/ >> Which is a library which plumbs River and Weld (CDI) >> >> This is the class which creates the endpoinds >> http://sourceforge.net/p/inkcdi/code/HEAD/tree/trunk/ink.core/src/main >> /java/ink/rmi/EndpointUtils.java >> >> I cannot find any method in those classes in order to set the >> SSLCertificate (I would like to use PKCS12 at least) and the other >> SSL-related options (such as truststore, certificate chain....) >> >> Thank you very much >> I love River >> >> >> Enrico Olivelli >> Software Development Manager @Diennea >> Tel.: (+39) 0546 620466 - Int. 925 >> Viale G.Marconi 30/14 - 48018 Faenza (RA) >> >> MagNews - E-mail Marketing Solutions >> http://www.magnews.it<http://www.magnews.it/> >> Diennea - Digital Marketing Solutions >> http://www.diennea.com<http://www.diennea.com/> >> >> >> >> >> ________________________________ >> Rimani aggiornato sul mondo dell'email marketing e del digital >> marketing: visita il nostro blog! http://blog.magnews.it > > > Rimani aggiornato sul mondo dell’email marketing e del digital marketing: > visita il nostro blog! http://blog.magnews.it
