Re: HTTPS connections using different certifcate with single client instance

[srihari na <na...@gmail.com>]

Thanks for answering our query. However we will not be able to migrate to
4.3 since we recently migrated to 4.2.5 from 3.1 . Since your response did
not completely answer our questions let me rephrase my queryUsing http
client 3.1
We set the certificate name to the HTTP request itself, however the same is
not available in http client API 4.2.5It is working fine when we use the
the single client, single connection manager connecting to various
endpoints with different certificates.
Here is the sample code we used in 3.1
SSLInterfaceInfo sslInterfaceInfo = new SSLInterfaceInfo();//setting the
certificate name to the SSLInterfaceInfo object
sslInterfaceInfo.setIdentityName(certificateName);//Create/get new
SSLContext for the protocol
SSLContext sslContext =
SSLContext.getInstance("SSL_TLSv2");ProtocolSocketFactory
authSSL = new AuthSSLProtocolSocketFactory(sslcontxt,
sslInfo.isVerifyHostname(), sslInfo.getCipherStrength()):
Protocol secureSSL = new Protocol("https", authSSL, 443);
_hostConfig.setHost(url.getHost(),url.getPort(),sslProtocol);
Here hostConfig can be passed at every execute call on the client.

Once we migrated to HTTP client API v4.2.5, we do setting of Certificate at
connection managerIn 4.2.5 version, we have replaced the hostConfig with
HttpHost, as there is no possibility to pass the ssl protocol as parameter
in HttpHost. Hense we are registering the protocol and passing the protocol
name in HttpHost.
Here is the sample codeSSLInterfaceInfo sslInterfaceInfo = new
SSLInterfaceInfo();
//setting the certificate name to the SSLInterfaceInfo object
sslInterfaceInfo.setIdentityName(certificateName);//Create/get new
SSLContext for the protocol
SSLContext sslContext = SSLContext.getInstance("SSL_TLSv2");//Creating new
SchemeSocketFactory. here we use the Implementation class
AuthSSLProtocolsocketfactory
SchemeSocketFactory authSSL = new AuthSSLProtocolSocketFactory(sslcontxt,
sslInfo.isVerifyHostname(), sslInfo.getCipherStrength());//Creating new
Scheme for https protocol with port 443 and SchemeSocketFactory
Scheme secureSSL = new Scheme("https", 443, authSSL);//Registering the
scheme in to Connectionmanager's SchemeRegistry
ConnectionManager.getSchemeRegistry().register(secureSSL);Here we are
registering at connectionManager level which cannot be modified at every
execute call.
As we have only one client, when two reqests with two different
certificates were run,
-first request, registers with Certificate1 and is working fine till the
second request started-second request, registers(overwrites the previous)
with certificate2 and is working fine nowhowever due to new certificate
registration the first request execution now fails (as it needs
certificate1 but getting certificate2)
------------
1. Is there a way we can set certificate for every execute request
individually with 4.2.5 client APi?2. Is there a way we can register
multiple certificates(different socket factory instances) per protocol in
the scheme object?for query 2, we tried the following. We need confirmation
if this is proper way to use
We tried to register the scheme with "certificate name" instead of "https"and
passing the certificate name in HttpHost.Scheme secureSSL = new
Scheme("certificatename", 443, authSSL);
ConnectionManager.getSchemeRegistry().register(secureSSL);HttpHost(url.getHost(),
url.getPort(), sslProtocol.getName());