org.apache.commons.httpclient.contrib.ssl
public class AuthSSLProtocolSocketFactory extends HttpSecureProtocol
truststore
file containg one or several trusted certificates.
The client secure socket will reject the connection during the SSL session handshake
if the target HTTPS server attempts to authenticate itself with a non-trusted
certificate.
Use JDK keytool utility to import a trusted certificate and generate a truststore file:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststoreAuthSSLProtocolSocketFactory will enable client authentication when supplied with a
keystore
file containg a private key/public certificate pair.
The client secure socket will use the private key to authenticate itself to the target
HTTPS server during the SSL session handshake if requested to do so by the server.
The target HTTPS server will in its turn verify the certificate presented by the client
in order to establish client's authenticity
Use the following sequence of actions to generate a keystore file
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystoreFor simplicity use the same password for the key as that of the keystore
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
keytool -list -v -keystore my.keystore
Protocol authhttps = new Protocol("https", new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword"), 443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, authhttps); // use relative url only GetMethod httpget = new GetMethod("/"); client.executeMethod(httpget);Example of using custom protocol socket factory per default instead of the standard one:
Protocol authhttps = new Protocol("https", new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword"), 443); Protocol.registerProtocol("https", authhttps); HttpClient client = new HttpClient(); GetMethod httpget = new GetMethod("https://localhost/"); client.executeMethod(httpget);
Constructor and Description |
---|
AuthSSLProtocolSocketFactory(URL keystoreUrl,
String keystorePassword,
URL truststoreUrl,
String truststorePassword)
Constructor for AuthSSLProtocolSocketFactory.
|
createSocket
addAllowedName, addAllowedNames, addTrustMaterial, clearAllowedNames, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, createSocket, getAllowedNames, getAssociatedCertificateChain, getCheckCRL, getCheckExpiry, getCheckHostname, getConnectTimeout, getCurrentServerChain, getDefaultCipherSuites, getDefaultProtocol, getEnabledCiphers, getEnabledProtocols, getHostnameVerifier, getNeedClientAuth, getSoTimeout, getSSLContext, getSSLWrapperFactory, getSupportedCipherSuites, getTrustChain, getUseClientMode, getWantClientAuth, setCheckCRL, setCheckExpiry, setCheckHostname, setConnectTimeout, setDefaultProtocol, setEnabledCiphers, setEnabledProtocols, setHostnameVerifier, setKeyMaterial, setNeedClientAuth, setSoTimeout, setSSLWrapperFactory, setTrustMaterial, setUseClientMode, setWantClientAuth, useDefaultJavaCiphers, useStrongCiphers
getDefault
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
createSocket
createSocket, createSocket
public AuthSSLProtocolSocketFactory(URL keystoreUrl, String keystorePassword, URL truststoreUrl, String truststorePassword) throws GeneralSecurityException, IOException
keystoreUrl
- URL of the keystore file. May be null if HTTPS client
authentication is not to be used.keystorePassword
- Password to unlock the keystore. IMPORTANT: this implementation
assumes that the same password is used to protect the key and the keystore itself.truststoreUrl
- URL of the truststore file. May be null if HTTPS server
authentication is not to be used.truststorePassword
- Password to unlock the truststore.GeneralSecurityException
IOException