You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "KARR, DAVID" <dk...@att.com> on 2017/04/06 17:00:11 UTC
How to set a keystore into ClientBuilder that was created in memory
from a cert file?
I need to make a REST service call using ClientBuilder. We're using 2-way auth. I don't have a truststore and keystore on disk, but I do have cert files. It looks like I can create both the truststore and keystore in memory, but there are two issues that seem like they are going to be a problem:
First, this isn't really specific to CXF, but I don't know what alias names to use for the cert and key. It might not matter, but I just don't know.
Second, although I can create both the truststore and keystore in memory, both without setting a password for them, and I can set the truststore into the ClientBuilder, I don't appear to have an option to set the keystore into the builder, because I don't have a password for it (it won't allow a null value for the password).
I would set passwords for either of those stores, but I don't know how to set the password for a keystore in memory. I see how to set it when writing it to disk, but do I really need to write the store to disk in order to set a password for it?
Much of this is independent of CXF, but I don't know if there are any shortcuts available in CXF for this.
Re: How to set a keystore into ClientBuilder that was created in
memory from a cert file?
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi David
There must be a way to express all of it with the relevant ClientBuilder
setters, the CXF specific way is about working with HttpConduit but I'm
not sure it makes much sense to try to write a portable code while using
CXF specific way of setting the key/trust stores... If you have no
password then I guess you may need to provide an empty char array.
Have a look at that test I linked you to, I believe the code where
SSLContext is set does prepare a 2-way TLS
Sergey
Cheers, Sergey
On 06/04/17 18:00, KARR, DAVID wrote:
> I need to make a REST service call using ClientBuilder. We're using 2-way auth. I don't have a truststore and keystore on disk, but I do have cert files. It looks like I can create both the truststore and keystore in memory, but there are two issues that seem like they are going to be a problem:
>
> First, this isn't really specific to CXF, but I don't know what alias names to use for the cert and key. It might not matter, but I just don't know.
>
> Second, although I can create both the truststore and keystore in memory, both without setting a password for them, and I can set the truststore into the ClientBuilder, I don't appear to have an option to set the keystore into the builder, because I don't have a password for it (it won't allow a null value for the password).
>
> I would set passwords for either of those stores, but I don't know how to set the password for a keystore in memory. I see how to set it when writing it to disk, but do I really need to write the store to disk in order to set a password for it?
>
> Much of this is independent of CXF, but I don't know if there are any shortcuts available in CXF for this.
>