Menu
▾
▴
Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
|
From: Mukul P. <mu...@hc...> - 2013-09-03 19:17:00
|
Hi Wenian
I also tried now the similar approach by using a Http apache client library whic is handling some internally and reusing the handshake.
But I want to user resteasy client library only and some how i want to reuse that Ssl handshake.
Plz suggest something about resteasy api to handle it .
Thanks
Mukul
On Sep 3, 2013, at 6:44 PM, "Weinan Li" <l.w...@gm...> wrote:
>
>
> --
> Weinan Li
>
>
> On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote:
>
>>
>> Hi
>>
>> Sorry for late reply, I am using JBoss AS provided SSL connector and my configuration as:
>>
>> <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
>> <ssl name="ssl" key-alias="jbosskey" password="changeit" certificate-key-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore" verify-client="want" ca-certificate-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore"/>
>
>
> Server side config looks fine.
>> </connector> and when I am calling from client code look like as:
>>
>> void initializedCredential(){
>>
>> System.setProperty("javax.net.ssl.trustStore", "D:/temp/client.jks");
>> System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
>> // keystore has the certificates presented to the server when a server
>> // requests one to authenticate this application to the server
>> System.setProperty("javax.net.ssl.keyStore", "D:/temp/client.jks");
>> System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
>> }
>
>
> I believe the problem is that you haven't stored the SSLContext in client so that it creates a new one(with SSL handshake) each time.
>
> Here are some codes that I have used before that holding the context in client side:
>
> private Socket clientWithCert() throws Exception {
> SSLContext context = SSLContext.getInstance("TLS");
> KeyStore ks = KeyStore.getInstance("jceks");
>
> ks.load(new FileInputStream(CLIENT_KEY_STORE), null);
> KeyManagerFactory kf = KeyManagerFactory.getInstance("SunX509");
> kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
> context.init(kf.getKeyManagers(), null, null);
>
> SocketFactory factory = context.getSocketFactory();
> Socket s = factory.createSocket("localhost", 8443);
> return s;
> }
>
> With above method you have to use Socket intend of RESTEasy client api. If you reuse the context then you don't have to do a new SSL handshake with Server each time.
>
> I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how it could be setup to use SSL. I'll do more research on it and give you feedback soon.
>
>> public <T> Object post (String url, Map obj, Class<T> class1) {initializedCredential();
>> url = webServiceUrlUtil.getSearchClaimantURL() + url;
>> clientRequest = new ClientRequest(url);
>> ClientResponse<T> res = null;
>> try {
>> res = clientRequest.post(class1);
>> if (res == null) {
>> return null;
>> }
>> if (res != null && res.getStatus() != 200) {
>> logger.debug("GET Response not getting correct , Status Code: "
>> + res.getStatus());
>> throw new RuntimeException("Failed : HTTP Webservice error : "
>> + res.serverError());
>> }
>>
>> } catch (Exception e) {
>> // TODO Auto-generated catch block
>> e.printStackTrace();
>> }
>> return res.getEntity();
>> }
>>
>> Thanks
>> Mukul
>>
>> -----Original Message-----
>> From: Weinan Li [mailto:l.w...@gm...]
>> Sent: Friday, August 30, 2013 8:12 AM
>> To: Mukul Panwar
>> Cc: Bill Burke; res...@li... (mailto:res...@li...)
>> Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
>>
>>
>>
>> --
>> Weinan Li
>>
>>
>> On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote:
>>
>>> Hi Bill
>>>
>>> I also tried successfully to implement certificate authentication but SsL handshake doing every time of request. Which should reuse the first handshake session. Please suggest about it.
>>
>> Hi Mukul, are you using the RESTEasy provided security solution (like skeleton and resteasy-crypto) or JBoss AS provided SSL connector?
>>
>> If you are using the SSL connection provided by JBoss AS, it could be a configuration problem. Could you please provide the configs you've used so that I could check it for you?
>>>
>>> Thanks
>>> Mukul
>>>
>>> On Aug 29, 2013, at 7:11 PM, "Bill Burke" <bb...@re... (mailto:bb...@re...)> wrote:
>>>
>>>> I have used certs successfully before.
>>>>
>>>> On 8/29/2013 9:31 AM, Mukul Panwar wrote:
>>>>>
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> *From:* <mu...@hc... <mailto:mu...@hc...>>
>>>>>> *Date:* August 29, 2013, 7:00:06 AM GMT+05:30
>>>>>> *To:* Bill Burke <bb...@re... <mailto:bb...@re...>>
>>>>>> *Cc:* <res...@li... (mailto:res...@li...)
>>>>>> <mailto:res...@li...>>
>>>>>> *Subject:* *Regarding Ssl handshake during certificate authentication
>>>>>> on jboss*
>>>>>>
>>>>>> Hi Bill
>>>>>>
>>>>>> I have a resteasy client and doing post request . I also set the
>>>>>> keystore as trusted and cert key entries before sending the request.
>>>>>>
>>>>>> The server also having import the client key in their keystore
>>>>>> certificate.
>>>>>>
>>>>>> Means we are doing Two way mutual certificate authentication .
>>>>>>
>>>>>> The client and server doing handshake successfully . But for each
>>>>>> request there is a new handshake where as they should use the session
>>>>>> of first Ssl handshake. Please suggest about or give any reference for
>>>>>> this.
>>>>>>
>>>>>> Thanks
>>>>>> Mukul
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ::DISCLAIMER::
>>>>> ----------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> The contents of this e-mail and any attachment(s) are confidential and
>>>>> intended for the named recipient(s) only.
>>>>> E-mail transmission is not guaranteed to be secure or error-free as
>>>>> information could be intercepted, corrupted,
>>>>> lost, destroyed, arrive late or incomplete, or may contain viruses in
>>>>> transmission. The e mail and its contents
>>>>> (with or without referred errors) shall therefore not attach any
>>>>> liability on the originator or HCL or its affiliates.
>>>>> Views or opinions, if any, presented in this email are solely those of
>>>>> the author and may not necessarily reflect the
>>>>> views or opinions of HCL or its affiliates. Any form of reproduction,
>>>>> dissemination, copying, disclosure, modification,
>>>>> distribution and / or publication of this message without the prior
>>>>> written consent of authorized representative of
>>>>> HCL is strictly prohibited. If you have received this email in error
>>>>> please delete it and notify the sender immediately.
>>>>> Before opening any email and/or attachments, please check them for
>>>>> viruses and other defects.
>>>>>
>>>>> ----------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>>>>> Discover the easy way to master current and previous Microsoft technologies
>>>>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>>>>> tutorial videos with LearnDevNow. Subscribe today and save!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Resteasy-users mailing list
>>>>> Res...@li... (mailto:Res...@li...)
>>>>> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>>>> Discover the easy way to master current and previous Microsoft technologies
>>>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>>>> tutorial videos with LearnDevNow. Subscribe today and save!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> Resteasy-users mailing list
>>>> Res...@li... (mailto:Res...@li...)
>>>> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
>>> Discover the easy way to master current and previous Microsoft technologies
>>> and advance your career. Get an incredible 1,500+ hours of step-by-step
>>> tutorial videos with LearnDevNow. Subscribe today and save!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Resteasy-users mailing list
>>> Res...@li... (mailto:Res...@li...)
>>> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>
>
>
|
