You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Rubin <ne...@gmail.com> on 2016/02/17 15:39:29 UTC
how to set Keep-Alive , client using ssl
hi,
I'm creating a client with ssl certificate.
using this code:
((BindingProvider)
port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
interfaceParameters.getUrl());
Client client =
ClientProxy.getClient(port);
HTTPConduit httpConduit = (HTTPConduit)
((org.apache.cxf.endpoint.Client) client).getConduit();
SSLClientParameters sParams = new SSLClientParameters();
sParams.setTrustpass("test");//set keystore password
sParams.setfileName("test.jks");
httpConduit.setTlsClientParameters(sParams.getTLSClientParameters());
/*sParams is :*/
public TLSClientParameters getTLSClientParameters() {
TLSClientParameters tlsParams = new TLSClientParameters();
SSLContext context = getSSlContext();
tlsParams.setSSLSocketFactory(context.getSocketFactory());
return tlsParams;
}
private SSLContext getSSlContext() {
SSLContext sslContext = null;
try {
String filePath = "c:/temp/";
filePath = filePath + fileName;
File pKeyFile = new File(filePath);
String pKeyPassword = trustpass;
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance("SunX509");
// Depends on the format that the keystore was created (currently
// JKS format)
KeyStore keyStore = KeyStore.getInstance("JKS");
// Loading the keystore from disk to object
InputStream keyInput = new FileInputStream(pKeyFile);
keyStore.load(keyInput, pKeyPassword.toCharArray());
keyInput.close();
keyManagerFactory.init(keyStore, pKeyPassword.toCharArray());
TrustManager[] trustManagers = null;
trustManagers = getTrustedManagers();
sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagers, new
SecureRandom());
}
catch (Exception e) {
e.printStackTrace();
}
System.out.println("> sslContext: " + sslContext);
return sslContext;
}
when I'm running this client it works fine for the first call, but the other
calls failed with read time out.
when I'm waiting -stopping the code (by breakpoint), if I'm waiting till I
see this :
Keep-Alive-Timer, called close()
Keep-Alive-Timer, called closeInternal(true)
Keep-Alive-Timer, SEND TLSv1 ALERT: warning, description = close_notify
Keep-Alive-Timer, WRITE: TLSv1 Alert, length = 32
Keep-Alive-Timer, called closeSocket(selfInitiated)
and then go on, the next call again works fine:).
it's look like that I have to increase the time out for this.
any idea about it?
thanks in advance!
--
View this message in context: http://cxf.547215.n5.nabble.com/how-to-set-Keep-Alive-client-using-ssl-tp5765983.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: how to set Keep-Alive , client using ssl
Posted by Rubin <ne...@gmail.com>.
hi,
thanks for your response,
the problem is that I don't want to use spring.
in addition, now I see that the server got my request.
can I ignore this exception?
thanks!
--
View this message in context: http://cxf.547215.n5.nabble.com/how-to-set-Keep-Alive-client-using-ssl-tp5765983p5766084.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: how to set Keep-Alive , client using ssl
Posted by Colm O hEigeartaigh <co...@apache.org>.
Any reason why you are explicitly setting up the SSLContext in this way?
CXF will take care of this for you. See the following test for an example:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSConduitTest.java;h=2f6844971dfc78854dc76870b267391e2be087ac;hb=HEAD
You can create a TLSClientParameters Object to hold your
keystore/truststore files, and just set that on the HTTPConduit:
Client client = ClientProxy.getClient(proxy);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsClientParameters);
Colm.
On Wed, Feb 17, 2016 at 2:39 PM, Rubin <ne...@gmail.com> wrote:
> hi,
> I'm creating a client with ssl certificate.
> using this code:
> ((BindingProvider)
> port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> interfaceParameters.getUrl());
> Client client =
> ClientProxy.getClient(port);
>
> HTTPConduit httpConduit = (HTTPConduit)
> ((org.apache.cxf.endpoint.Client) client).getConduit();
>
> SSLClientParameters sParams = new SSLClientParameters();
>
> sParams.setTrustpass("test");//set keystore password
> sParams.setfileName("test.jks");
>
> httpConduit.setTlsClientParameters(sParams.getTLSClientParameters());
>
> /*sParams is :*/
>
> public TLSClientParameters getTLSClientParameters() {
> TLSClientParameters tlsParams = new TLSClientParameters();
> SSLContext context = getSSlContext();
> tlsParams.setSSLSocketFactory(context.getSocketFactory());
> return tlsParams;
> }
>
> private SSLContext getSSlContext() {
> SSLContext sslContext = null;
> try {
> String filePath = "c:/temp/";
> filePath = filePath + fileName;
> File pKeyFile = new File(filePath);
> String pKeyPassword = trustpass;
> KeyManagerFactory keyManagerFactory =
> KeyManagerFactory.getInstance("SunX509");
> // Depends on the format that the keystore was
> created (currently
> // JKS format)
> KeyStore keyStore = KeyStore.getInstance("JKS");
> // Loading the keystore from disk to object
> InputStream keyInput = new
> FileInputStream(pKeyFile);
> keyStore.load(keyInput,
> pKeyPassword.toCharArray());
> keyInput.close();
> keyManagerFactory.init(keyStore,
> pKeyPassword.toCharArray());
>
> TrustManager[] trustManagers = null;
>
> trustManagers = getTrustedManagers();
>
> sslContext = SSLContext.getInstance("TLS");
>
> sslContext.init(keyManagerFactory.getKeyManagers(), trustManagers, new
> SecureRandom());
> }
> catch (Exception e) {
> e.printStackTrace();
> }
> System.out.println("> sslContext: " + sslContext);
>
> return sslContext;
> }
>
>
> when I'm running this client it works fine for the first call, but the
> other
> calls failed with read time out.
> when I'm waiting -stopping the code (by breakpoint), if I'm waiting till I
> see this :
> Keep-Alive-Timer, called close()
> Keep-Alive-Timer, called closeInternal(true)
> Keep-Alive-Timer, SEND TLSv1 ALERT: warning, description = close_notify
> Keep-Alive-Timer, WRITE: TLSv1 Alert, length = 32
> Keep-Alive-Timer, called closeSocket(selfInitiated)
>
> and then go on, the next call again works fine:).
>
> it's look like that I have to increase the time out for this.
>
> any idea about it?
>
> thanks in advance!
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/how-to-set-Keep-Alive-client-using-ssl-tp5765983.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com