|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.wso2.solutions.identity.relyingparty.util.AuthSSLProtocolSocketFactory
public class AuthSSLProtocolSocketFactory
AuthSSLProtocolSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
AuthSSLProtocolSocketFactory will enable server authentication when supplied
with a truststore
file containg one or several trusted
certificates. The client secure socket will reject the connection during the
SSL session handshake if the target HTTPS server attempts to authenticate
itself with a non-trusted certificate.
Use JDK keytool utility to import a trusted certificate and generate a truststore file:
keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
AuthSSLProtocolSocketFactory will enable client authentication when supplied
with a keystore
file containg a private key/public
certificate pair. The client secure socket will use the private key to
authenticate itself to the target HTTPS server during the SSL session
handshake if requested to do so by the server. The target HTTPS server will
in its turn verify the certificate presented by the client in order to
establish client's authenticity
Use the following sequence of actions to generate a keystore file
Use JDK keytool utility to generate a new key
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystoreFor simplicity use the same password for the key as that of the keystore
Issue a certificate signing request (CSR)
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.
Import the trusted CA root certificate
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
Import the PKCS#7 file containg the complete certificate chain
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
Verify the content the resultant keystore file
keytool -list -v -keystore my.keystore
Example of using custom protocol socket factory for a specific host:
Protocol authhttps = new Protocol("https", new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword"), 443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, authhttps); // use relative url only GetMethod httpget = new GetMethod("/"); client.executeMethod(httpget);
Example of using custom protocol socket factory per default instead of the standard one:
Protocol authhttps = new Protocol("https", new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword"), 443); Protocol.registerProtocol("https", authhttps); HttpClient client = new HttpClient(); GetMethod httpget = new GetMethod("https://localhost/"); client.executeMethod(httpget);
DISCLAIMER: HttpClient developers DO NOT actively support this component. The component is provided as a reference material, which may be inappropriate for use without additional customization.
Constructor Summary | |
---|---|
AuthSSLProtocolSocketFactory(java.net.URL keystoreUrl,
java.lang.String keystorePassword,
java.net.URL truststoreUrl,
java.lang.String truststorePassword)
Constructor for AuthSSLProtocolSocketFactory. |
Method Summary | |
---|---|
java.net.Socket |
createSocket(java.net.Socket socket,
java.lang.String host,
int port,
boolean autoClose)
|
java.net.Socket |
createSocket(java.lang.String host,
int port)
|
java.net.Socket |
createSocket(java.lang.String host,
int port,
java.net.InetAddress clientHost,
int clientPort)
|
java.net.Socket |
createSocket(java.lang.String host,
int port,
java.net.InetAddress localAddress,
int localPort,
org.apache.commons.httpclient.params.HttpConnectionParams params)
Attempts to get a new socket connection to the given host within the given time limit. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AuthSSLProtocolSocketFactory(java.net.URL keystoreUrl, java.lang.String keystorePassword, java.net.URL truststoreUrl, java.lang.String truststorePassword)
keystoreUrl
- URL of the keystore file. May be null if HTTPS
client authentication is not to be used.keystorePassword
- Password to unlock the keystore. IMPORTANT: this
implementation assumes that the same password is used to
protect the key and the keystore itself.truststoreUrl
- URL of the truststore file. May be null if HTTPS
server authentication is not to be used.truststorePassword
- Password to unlock the truststore.Method Detail |
---|
public java.net.Socket createSocket(java.lang.String host, int port, java.net.InetAddress localAddress, int localPort, org.apache.commons.httpclient.params.HttpConnectionParams params) throws java.io.IOException, java.net.UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException
To circumvent the limitations of older JREs that do not support connect
timeout a controller thread is executed. The controller thread attempts
to create a new socket within the given limit of time. If socket
constructor does not return until the timeout expires, the controller
terminates and throws an ConnectTimeoutException
createSocket
in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
host
- the host name/IPport
- the port on the hostclientHost
- the local host name/IP to bind the socket toclientPort
- the port on the local machineparams
- Http connection parameters
java.io.IOException
- if an I/O error occurs while creating the socket
java.net.UnknownHostException
- if the IP address of the host cannot be determined
org.apache.commons.httpclient.ConnectTimeoutException
public java.net.Socket createSocket(java.lang.String host, int port, java.net.InetAddress clientHost, int clientPort) throws java.io.IOException, java.net.UnknownHostException
createSocket
in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
java.io.IOException
java.net.UnknownHostException
ProtocolSocketFactory.createSocket(java.lang.String,int,java.net.InetAddress,int)
public java.net.Socket createSocket(java.lang.String host, int port) throws java.io.IOException, java.net.UnknownHostException
createSocket
in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
java.io.IOException
java.net.UnknownHostException
ProtocolSocketFactory.createSocket(java.lang.String,int)
public java.net.Socket createSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose) throws java.io.IOException, java.net.UnknownHostException
createSocket
in interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
java.io.IOException
java.net.UnknownHostException
SecureProtocolSocketFactory.createSocket(java.net.Socket,java.lang.String,int,boolean)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |