Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-- 
Weinan Li

On Wednesday, September 4, 2013 at 3:16 AM, Mukul Panwar wrote:

> Hi Wenian
> 
> I also tried now the similar approach by using a Http apache client library whic is handling some internally and reusing the handshake.
> 
> But I want to user resteasy client library only and some how i want to reuse that Ssl handshake.
> 
> Plz suggest something about resteasy api to handle it .

Hi Mukul, I haven't looked into details of the JAX-RS 2.0 Client API . I'll do some research and give you my findings soon.
> 
> Thanks
> Mukul
> 
> 
> 
> On Sep 3, 2013, at 6:44 PM, "Weinan Li" <l.w...@gm... (mailto:l.w...@gm...)> wrote:
> 
> > 
> > 
> > -- 
> > Weinan Li
> > 
> > 
> > On Tuesday, September 3, 2013 at 2:42 PM, Mukul Panwar wrote:
> > 
> > > 
> > > Hi 
> > > 
> > > Sorry for late reply, I am using JBoss AS provided SSL connector and my configuration as: 
> > > 
> > > <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
> > > <ssl name="ssl" key-alias="jbosskey" password="changeit" certificate-key-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore" verify-client="want" ca-certificate-file="D:/Software/server/jboss-as-7.1.1.Final/standalone/configuration/server.keystore"/>
> > 
> > 
> > 
> > 
> > Server side config looks fine. 
> > > </connector> and when I am calling from client code look like as:
> > > 
> > > void initializedCredential(){
> > > 
> > > System.setProperty("javax.net.ssl.trustStore", "D:/temp/client.jks"); 
> > > System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); 
> > > // keystore has the certificates presented to the server when a server 
> > > // requests one to authenticate this application to the server 
> > > System.setProperty("javax.net.ssl.keyStore", "D:/temp/client.jks"); 
> > > System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); 
> > > }
> > 
> > 
> > 
> > 
> > I believe the problem is that you haven't stored the SSLContext in client so that it creates a new one(with SSL handshake) each time.
> > 
> > Here are some codes that I have used before that holding the context in client side:
> > 
> > private Socket clientWithCert() throws Exception { 
> > SSLContext context = SSLContext.getInstance("TLS"); 
> > KeyStore ks = KeyStore.getInstance("jceks"); 
> > 
> > ks.load(new FileInputStream(CLIENT_KEY_STORE), null); 
> > KeyManagerFactory kf = KeyManagerFactory.getInstance("SunX509"); 
> > kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray()); 
> > context.init(kf.getKeyManagers(), null, null); 
> > 
> > SocketFactory factory = context.getSocketFactory(); 
> > Socket s = factory.createSocket("localhost", 8443); 
> > return s; 
> > }
> > 
> > With above method you have to use Socket intend of RESTEasy client api. If you reuse the context then you don't have to do a new SSL handshake with Server each time.
> > 
> > I haven't looked into JAX-RS 2.0 Client API throughly so I'm not sure how it could be setup to use SSL. I'll do more research on it and give you feedback soon.
> > 
> > > public <T> Object post (String url, Map obj, Class<T> class1) {initializedCredential();
> > > url = webServiceUrlUtil.getSearchClaimantURL() + url;
> > > clientRequest = new ClientRequest(url);
> > > ClientResponse<T> res = null;
> > > try {
> > > res = clientRequest.post(class1);
> > > if (res == null) {
> > > return null;
> > > }
> > > if (res != null && res.getStatus() != 200) {
> > > logger.debug("GET Response not getting correct , Status Code: "
> > > + res.getStatus());
> > > throw new RuntimeException("Failed : HTTP Webservice error : "
> > > + res.serverError());
> > > }
> > > 
> > > } catch (Exception e) {
> > > // TODO Auto-generated catch block
> > > e.printStackTrace();
> > > }
> > > return res.getEntity();
> > > }
> > > 
> > > Thanks
> > > Mukul
> > > 
> > > -----Original Message-----
> > > From: Weinan Li [mailto:l.w...@gm...] 
> > > Sent: Friday, August 30, 2013 8:12 AM
> > > To: Mukul Panwar
> > > Cc: Bill Burke; res...@li... (mailto:res...@li...)
> > > Subject: Re: [Resteasy-users] Fwd: Regarding Ssl handshake during certificate authentication on jboss
> > > 
> > > 
> > > 
> > > -- 
> > > Weinan Li
> > > 
> > > 
> > > On Friday, August 30, 2013 at 12:20 AM, Mukul Panwar wrote:
> > > 
> > > > Hi Bill
> > > > 
> > > > I also tried successfully to implement certificate authentication but SsL handshake doing every time of request. Which should reuse the first handshake session. Please suggest about it.
> > > 
> > > Hi Mukul, are you using the RESTEasy provided security solution (like skeleton and resteasy-crypto) or JBoss AS provided SSL connector?
> > > 
> > > If you are using the SSL connection provided by JBoss AS, it could be a configuration problem. Could you please provide the configs you've used so that I could check it for you?
> > > > 
> > > > Thanks
> > > > Mukul 
> > > > 
> > > > On Aug 29, 2013, at 7:11 PM, "Bill Burke" <bb...@re... (mailto:bb...@re...)> wrote:
> > > > 
> > > > > I have used certs successfully before.
> > > > > 
> > > > > On 8/29/2013 9:31 AM, Mukul Panwar wrote:
> > > > > > 
> > > > > > 
> > > > > > Sent from my iPhone
> > > > > > 
> > > > > > Begin forwarded message:
> > > > > > 
> > > > > > > *From:* <mu...@hc... <mailto:mu...@hc...>>
> > > > > > > *Date:* August 29, 2013, 7:00:06 AM GMT+05:30
> > > > > > > *To:* Bill Burke <bb...@re... <mailto:bb...@re...>>
> > > > > > > *Cc:* <res...@li... (mailto:res...@li...)
> > > > > > > <mailto:res...@li...>>
> > > > > > > *Subject:* *Regarding Ssl handshake during certificate authentication
> > > > > > > on jboss*
> > > > > > > 
> > > > > > > Hi Bill
> > > > > > > 
> > > > > > > I have a resteasy client and doing post request . I also set the
> > > > > > > keystore as trusted and cert key entries before sending the request.
> > > > > > > 
> > > > > > > The server also having import the client key in their keystore
> > > > > > > certificate.
> > > > > > > 
> > > > > > > Means we are doing Two way mutual certificate authentication .
> > > > > > > 
> > > > > > > The client and server doing handshake successfully . But for each
> > > > > > > request there is a new handshake where as they should use the session
> > > > > > > of first Ssl handshake. Please suggest about or give any reference for
> > > > > > > this.
> > > > > > > 
> > > > > > > Thanks
> > > > > > > Mukul
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > ::DISCLAIMER::
> > > > > > ----------------------------------------------------------------------------------------------------------------------------------------------------
> > > > > > 
> > > > > > The contents of this e-mail and any attachment(s) are confidential and
> > > > > > intended for the named recipient(s) only.
> > > > > > E-mail transmission is not guaranteed to be secure or error-free as
> > > > > > information could be intercepted, corrupted,
> > > > > > lost, destroyed, arrive late or incomplete, or may contain viruses in
> > > > > > transmission. The e mail and its contents
> > > > > > (with or without referred errors) shall therefore not attach any
> > > > > > liability on the originator or HCL or its affiliates.
> > > > > > Views or opinions, if any, presented in this email are solely those of
> > > > > > the author and may not necessarily reflect the
> > > > > > views or opinions of HCL or its affiliates. Any form of reproduction,
> > > > > > dissemination, copying, disclosure, modification,
> > > > > > distribution and / or publication of this message without the prior
> > > > > > written consent of authorized representative of
> > > > > > HCL is strictly prohibited. If you have received this email in error
> > > > > > please delete it and notify the sender immediately.
> > > > > > Before opening any email and/or attachments, please check them for
> > > > > > viruses and other defects.
> > > > > > 
> > > > > > ----------------------------------------------------------------------------------------------------------------------------------------------------
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > ------------------------------------------------------------------------------
> > > > > > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > > > > > Discover the easy way to master current and previous Microsoft technologies
> > > > > > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > > > > > tutorial videos with LearnDevNow. Subscribe today and save!
> > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > _______________________________________________
> > > > > > Resteasy-users mailing list
> > > > > > Res...@li... (mailto:Res...@li...)
> > > > > > https://lists.sourceforge.net/lists/listinfo/resteasy-users
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > -- 
> > > > > Bill Burke
> > > > > JBoss, a division of Red Hat
> > > > > http://bill.burkecentral.com
> > > > > 
> > > > > ------------------------------------------------------------------------------
> > > > > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > > > > Discover the easy way to master current and previous Microsoft technologies
> > > > > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > > > > tutorial videos with LearnDevNow. Subscribe today and save!
> > > > > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> > > > > _______________________________________________
> > > > > Resteasy-users mailing list
> > > > > Res...@li... (mailto:Res...@li...)
> > > > > https://lists.sourceforge.net/lists/listinfo/resteasy-users
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > ------------------------------------------------------------------------------
> > > > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > > > Discover the easy way to master current and previous Microsoft technologies
> > > > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > > > tutorial videos with LearnDevNow. Subscribe today and save!
> > > > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> > > > _______________________________________________
> > > > Resteasy-users mailing list
> > > > Res...@li... (mailto:Res...@li...)
> > > > https://lists.sourceforge.net/lists/listinfo/resteasy-users
> > > 
> > 
> 