Replacing SSLContext with custom SSLContext for SmartCard
Our company is required to use SmartCard technology to communicate with our systems. I am attempting to provide a custom SSLContext in an Event script (RequestFilter.filterRequest) using a custom Java library. The SSLContext is good, as I have used it in another Java application that I have written, and I have logged some of its content, and it is configured correctly; however, the certificate select swing dialog (in my custom library) doesn't pop up and no client cert is passed to the server. It's like I haven't really replaced the default SSLContext.
I need to use the Windows-MY and Windows-ROOT keystores. The user also needs to be able to select a certificate, and unfortunately that piece isn't working when used in ReadyAPI either. For the client cert selection I override the chooseClientAlias in a custom X509KeyManager, which clearly isn't working. I am not familiar with apache HttpClient libraries. Do I need to convert to their X509KeyManager, etc. for it to work?
Unfortunately, we are forced to use Ready! API 1.2.2 until we get authorization to install the newest version. I also noticed that version 1.2.2 uses deprecated classes and methods in the apache http client libraries. Would that have something to do with it?
Here is my script. I can't show you my MySSLContext source, but it does work just fine in another application (sorry it is so ugly, it won't let me post with a pretty format):
HttpClient httpclient = new DefaultHttpClient(); ClientConnectionManager ccm = httpclient.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
// getSSLContext takes, trust manager factory, trustStore, keyStore, custom HostNameVerifier, algorithm, and "SSL" or
// "TLS".
SSLContext ctx = MySSLContext.getSSLContext(MySSLContext .getTrustManagerFactory(MySSLContext.getWindowsROOT()),MySSLContext.getWindowsROOT(), MySSLContext.getWindowsMY(), new SSLHostnameVerifier(), "SunX509", "SSL");
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
sr.register( new Scheme( "http", 80, PlainSocketFactory.socketFactory ) );
sr.register( new Scheme( "https", 443, ssf) );