-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sushil,
Please don't top-post. I've re-formatted your message with your reply
below.
On 5/5/14, 2:38 PM, Sushil Prusty wrote:
> On Mon, May 5, 2014 at 10:32 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> Sushil,
>
> On 5/5/14, 12:51 PM, Sushil Prusty wrote:
>>>> I have below code which will always throws exception while i
>>>> am trying to connect because my ClientAuth is true in
>>>> server.xml of apach/conf.Server.xml. How can i provide
>>>> clientauth info to below code using Apache api.
>>>>
>>>> URL testURL = new URL("https://localhost:
>>>> 443/app/AppAction.do"); HttpURLConnection conn =
>>>> (HttpURLConnection) testURL.openConnection();
>>>> conn.setRequestMethod("HEAD");
>>>> conn.setInstanceFollowRedirects(false); conn.connect();
>>
>> What kind of client auth do you want to provide?
>
> It's a trustore certificate.
So you need to make a connection to a secure server with a client
certificate?
It's a bit verbose, but you have to do the following. I have
copy/pasted this from some code I adapted from Tomcat's sources. I
have removed all of the exception handling and utility methods I used
because otherwise it would be quite long and might not be convenient
to read / understand. It may be missing a few features such as using
non-default crypto providers, etc.
import javax.net.ssl.SSLContext;
...
// Load trust store (which is a KeyStore)
KeyStore trustStore = KeyStore.getInstance(trustStoreType);
InputStream in = new FileInputStream(sturstStoreFilename);
trustStore.load(in, storePassword.toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
if (null == crlFilename) // Certificate Revocation List
{
tmf.init(trustStore);
}
else
{
CertPathParameters params =
getParameters(trustStoreAlgorithm,
crlFilename,
maxCertificatePathLength,
trustStore);
ManagerFactoryParameters mfp =
new CertPathTrustManagerParameters(params);
tmf.init(mfp);
}
SSLContext sc = SSLContext.getInstance(protocol);
sc.init(null,
tmf.getTrustManagers(),
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
Once you've done that, you can make a connection using the code you
already had above.
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTZ+2ZAAoJEBzwKT+lPKRYuNYQALw9W8hR3tCdiqixvIcmsZHm
bPd97Q+FaNSOB0jAf5eqTDSjw4xHuv/u2frLU+q/0NHpUG3s5koBJQVpC7CXrRZX
B8dSykIZCQSP2Qd0KVyb0HeWXs/OJt8G4/aftWM/1Qw5/0xIa0GuHXx3qOSL++io
uZFVHiPKorCF8cmmgwE0iM8YjOX2OpOh+j8kQeNV33vPik0kW7m/3V1T+LNsRbQv
XitvI+mng0twJU3B185jkuNdBJP0B830669horJCsKzKuWmxvtafIYecQ334D9RJ
AGLX0jq6hanNdgBcta9hCiVZhrphz589gwbFV9IZEIRmm4xR//YOMEVssD1kWAK5
xL8N1uJ+kHSCypE8TCvEfyq4bNehsrd7KCZNeut5abD18XhkGn4JnEuKAq1FWVM/
9REf39jC56V7tIINp0pxmeFDIPIYcM5wlpJIO20VgS//QnTL+/kTaa1s4Il+do22
fhwWmC2BzIGg4rUIyQbn9PtFOBwJMUC8errylRAEoUGa65ZkLwilKUE8N0/esZkI
SErE6p99l/qzSxbs24yRQJveJadR67gKpn2uclhivu0q+d9wy7Try6Wvg5tmOe9y
jlh6Gs5zDtie+sMVcR+BucOtxAP/62Nz5tuOIzodiPiDzmDIaFj9UZ0cUFCak+jw
w0TgZ7vlcRAewLAjrjSt
=x7vJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
