In this case, it is helpful to investigate the access to the service and the required input data before you start the development. When you are developing an application that addresses a RESTful web service. When you are developing a RESTful web service and want to make sure it works as expected, is accessible in compliance with the specification, and responds correctly. There are two main use cases when you need to compose and run HTTP requests: SSLContext sslcontext = SSLContext.With the HTTP Client plugin, you can create, edit, and execute HTTP requests directly in the IntelliJ IDEA code editor. KeyManager km = kmfactory.getKeyManagers() KeyManagerFactory.getDefaultAlgorithm()) KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( TrustManager tm = tmf.getTrustManagers() TrustManagerFactory.getDefaultAlgorithm()) TrustManagerFactory tmf = TrustManagerFactory.getInstance( KeyStore keystore = KeyStore.getInstance("jks") URL url = cl.getResource("test.keystore") I put together this test app to reproduce the issue using the HTTP testing framework from the Apache HttpClient package: ClassLoader cl = () HttpGet = new HttpGet(" HttpResponse httpResponse = client.execute(httpGet) Scheme scheme = new Scheme("https", sf, 443) Ĭlient.getConnectionManager().getSchemeRegistry().register(scheme) Sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) SSLSocketFactory sf = new SSLSocketFactory(sslContext) SslContext.init(null, tmf.getTrustManagers(),null) Ks.load(new FileInputStream(trustFile), null) KeyStore ks = KeyStore.getInstance("JKS") įile trustFile = new File("clientTrustStore.jks") TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) SSLContext sslContext = SSLContext.getInstance("TLS") UPDATE2: As you see in the code bellow I specify my keystore.My expectation is that only this should be used (not this and cacert as well) HttpClient client = new DefaultHttpClient() I thought that I should see 2 trust managers, since 2 keystores (mine and java's default appear to be used).īut the result was only 1 trust manager! TMF No:1Ĭlass is .509TrustManagerImpl ("Class is " tmf.getTrustManagers().getClass().getName()) I tried the following: ("TMF No:" tmf.getTrustManagers().length) It seems that both my truststore and java's default is being used. In my code I specify explicitly a specific trust-store to use (via truststoremanagers). It seems that it also uses the default java trust store! My question is why does this happen? Issuer: CN=, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network Subject: CN=, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CHĪlgorithm: RSA Serial number: 0x4eb200670c035d4f Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH ![]() Here is the part from debugging traces I do not get: trustStore is: C:\Program Files\Java\jre6\lib\security\cacerts My certificate is displayed and is added to truststore (as I see). ![]() Issuer: CN=Me, OU=MyHouse, O=Home, L=X, ST=X, C=BBĪlgorithm: RSA Serial number: 0x4d72356b Subject: CN=Me, OU=MyHouse, O=Home, L=X, ST=X, C=BB I saw the following which I can not understand at all: *** To see what is going on I enabled debugging: tProperty("", "ssl") The http client can connect with server no problem. I have set a trust manager loading the server certificate. I have created an http client using Apache httpClient. I have enabled https in tomcat and have a self-signed certificate for server auth.
0 Comments
Leave a Reply. |