You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomee.apache.org by renz <re...@areasante.com> on 2013/10/29 15:51:19 UTC

Remote EJB Client With Multiple Certificates

Hello,

I'm trying to connect my application from a remote EJB Client which can use
multiple client certificates at the same time from different threads.
My problem is that the client KeyStore should be set using System Properties
:
- javax.net.ssl.keyStore
- javax.net.ssl.keyStoreType
- javax.net.ssl.keyStoreProvider

My certificates are on Smart Card and loaded using PKCS11 keystore, so i
could have multiple KeyStoreProvider at the same time.

Is there a different way to set client certificate so I can use more than
one certificate at the same time?

Thanks



--
View this message in context: http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: Remote EJB Client With Multiple Certificates

Posted by renz <re...@areasante.com>.

Hi,

Sorry I've not replied earlier but I was working on an other part of my
project.
I've tried it and it works great.
The only thing a bit weird is that the trustore and keystore arguments are
kept in the URL and received by the server.

Here is an extract of my localhost_access_log on the server side (TomEE
1.6.0) :



Is there a way to reset the URL parameters before sending it to the server?

Thank you,

Renald



--
View this message in context: http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780p4667061.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: Remote EJB Client With Multiple Certificates

Posted by Romain Manni-Bucau <rm...@gmail.com>.

Right
Le 5 nov. 2013 18:49, "renz" <re...@areasante.com> a écrit :

> So with this patch I could call my remote EJB with something like :
>
>
>
> Is that right?
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780p4665982.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>

Re: Remote EJB Client With Multiple Certificates

Posted by renz <re...@areasante.com>.

So with this patch I could call my remote EJB with something like :



Is that right?



--
View this message in context: http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780p4665982.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: Remote EJB Client With Multiple Certificates

Posted by Romain Manni-Bucau <rm...@gmail.com>.

Commited + added license headers.

Thanks Loïc!
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau



2013/11/5 Loïc Rodier <lo...@gmail.com>:
> Hi,
>
> Is it what you expected ?
> https://issues.apache.org/jira/browse/TOMEE-1070
>
> Loïc
>
>
> 2013/10/30 renz <re...@areasante.com>
>
>> Thanks for your answer, I'll check your code later.
>> The client application is a JSE application calling Remote EJB over HTTPS.
>>
>>
>>
>> --
>> View this message in context:
>> http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780p4665806.html
>> Sent from the OpenEJB User mailing list archive at Nabble.com.
>>

Re: Remote EJB Client With Multiple Certificates

Posted by Loïc Rodier <lo...@gmail.com>.

Hi,

Is it what you expected ?
https://issues.apache.org/jira/browse/TOMEE-1070

Loïc


2013/10/30 renz <re...@areasante.com>

> Thanks for your answer, I'll check your code later.
> The client application is a JSE application calling Remote EJB over HTTPS.
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780p4665806.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>

Re: Remote EJB Client With Multiple Certificates

Posted by renz <re...@areasante.com>.

Thanks for your answer, I'll check your code later.
The client application is a JSE application calling Remote EJB over HTTPS.



--
View this message in context: http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780p4665806.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: Remote EJB Client With Multiple Certificates

Posted by Romain Manni-Bucau <rm...@gmail.com>.

Hi

A client for tomee, I mean you use http?

Well you can write you own connection factory like
http://svn.apache.org/repos/asf/tomee/tomee/trunk/server/openejb-client/src/main/java/org/apache/openejb/client/HttpConnectionFactory.javaand
then register it to
http://svn.apache.org/repos/asf/tomee/tomee/trunk/server/openejb-client/src/main/java/org/apache/openejb/client/ConnectionManager.java

Then as you see in the factory you get yourconfig fron the provider url you
passed to the client.

Note: if you want to send us a patch well be happy to enhance our factories
Le 30 oct. 2013 06:00, "renz" <re...@areasante.com> a écrit :

> Hello,
>
> I'm trying to connect my application from a remote EJB Client which can use
> multiple client certificates at the same time from different threads.
> My problem is that the client KeyStore should be set using System
> Properties
> :
> - javax.net.ssl.keyStore
> - javax.net.ssl.keyStoreType
> - javax.net.ssl.keyStoreProvider
>
> My certificates are on Smart Card and loaded using PKCS11 keystore, so i
> could have multiple KeyStoreProvider at the same time.
>
> Is there a different way to set client certificate so I can use more than
> one certificate at the same time?
>
> Thanks
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Remote-EJB-Client-With-Multiple-Certificates-tp4665780.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>