You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Massimiliano Masi <ma...@math.unifi.it> on 2007/12/11 10:11:02 UTC
STSClient and TLS
Hello,
I would like to have TLS communication between an STSClient and the STS.
I understand that I've to write my own HttpClient, from here:
http://ws.apache.org/axis2/1_3/http-transport.html
I don't understand exactly where to put my code, I think as options
for the service client.
But how can I access the serviceClient, inside the STSClient?
Thank you,
Massimiliano
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: STSClient and TLS
Posted by Dimuthu Leelarathne <di...@wso2.com>.
Hi,
Sometime back I had to write a customized SSL handshake.
I used code from apache contrib ssl to implement the handshake.
Then I wrote the following classes to plug it into Axis2.
public class CustomizedSSLSender extends AbstractHTTPSender{}
public class CustomizedSSLTransport extends CommonsHTTPTransportSender{}
The code is available here[1].
This is not the exact solution, but it is a similar one.
I hope this will help you to find a solution to your problem.
Thank you,
Dimuthu
[1]
https://wso2.org/repos/wso2/branches/solutions/identity/1.0-beta/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/util/
On Wed, 2007-12-12 at 17:03 +0100, Massimiliano Masi wrote:
> Hi,
>
> Quoting Paul Fremantle <pz...@gmail.com>:
> > Firstly you might want to have this discussion on a Rampart list - it might
> > get more involvement from real sec experts.
>
> Sorry !!! I have both on the same mailbox, and sometimes I forgot to
> post in the right list!!! Sorry!!!
>
> > My question is why do you need to write your own HTTPClient? I thought we
> > already supported SSL/TLS.
>
> And how can I support SSLv3 with hostname verification, with the STSClient?
>
> Thank you,
>
> Massimiliano
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
Re: STSClient and TLS
Posted by Massimiliano Masi <ma...@math.unifi.it>.
Hi,
Quoting Paul Fremantle <pz...@gmail.com>:
> Firstly you might want to have this discussion on a Rampart list - it might
> get more involvement from real sec experts.
Sorry !!! I have both on the same mailbox, and sometimes I forgot to
post in the right list!!! Sorry!!!
> My question is why do you need to write your own HTTPClient? I thought we
> already supported SSL/TLS.
And how can I support SSLv3 with hostname verification, with the STSClient?
Thank you,
Massimiliano
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: STSClient and TLS
Posted by Paul Fremantle <pz...@gmail.com>.
Massimiliano
Firstly you might want to have this discussion on a Rampart list - it might
get more involvement from real sec experts.
My question is why do you need to write your own HTTPClient? I thought we
already supported SSL/TLS.
Paul
On Dec 12, 2007 1:59 PM, Massimiliano Masi <ma...@math.unifi.it>
wrote:
> Hi,
>
> Quoting Massimiliano Masi <ma...@math.unifi.it>:
> > I don't understand exactly where to put my code, I think as options
> > for the service client.
> >
>
> I created MySTSClient, that extends STSClient. Here I did like this:
>
> Protocol myProtocolHandler = new Protocol("https",
> new CustomSSLSocket(new
> File(getIdPKeyStoreFilename()).toURL(),
>
> getSpiritIdPKeyStorePassword(),
> new
> File(getTSKeyStoreFilename()).toURL(),
>
> getTSKeyStorePassword()),
> 443);
>
> client.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
> myProtocolHandler);
>
> And it works.
>
> The customsslsocket is an the AuthSSLProtocolSocketFactory.java.
>
> But here, How can I do hostname verification? I don't understand the
> architecture...
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
paul@wso2.com
"Oxygenating the Web Service Platform", www.wso2.com
Re: STSClient and TLS
Posted by Massimiliano Masi <ma...@math.unifi.it>.
Hi,
Quoting Massimiliano Masi <ma...@math.unifi.it>:
> I don't understand exactly where to put my code, I think as options
> for the service client.
>
I created MySTSClient, that extends STSClient. Here I did like this:
Protocol myProtocolHandler = new Protocol("https",
new CustomSSLSocket(new File(getIdPKeyStoreFilename()).toURL(),
getSpiritIdPKeyStorePassword(),
new File(getTSKeyStoreFilename()).toURL(),
getTSKeyStorePassword()),
443);
client.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
myProtocolHandler);
And it works.
The customsslsocket is an the AuthSSLProtocolSocketFactory.java.
But here, How can I do hostname verification? I don't understand the
architecture...
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org