Forum Discussion

derikgw's avatar
derikgw
Occasional Contributor
9 years ago

Replacing SSLContext with custom SSLContext for SmartCard

Our company is required to use SmartCard technology to communicate with our systems.  I am attempting to provide a custom SSLContext in an Event script (RequestFilter.filterRequest) using a custom Java library.  The SSLContext is good, as I have used it in another Java application that I have written, and I have logged some of its content, and it is configured correctly; however, the certificate select swing dialog (in my custom library) doesn't pop up and no client cert is passed to the server.  It's like I haven't really replaced the default SSLContext.

 

I need to use the Windows-MY and Windows-ROOT keystores.  The user also needs to be able to select a certificate, and unfortunately that piece isn't working when used in ReadyAPI either.  For the client cert selection I override the chooseClientAlias in a custom X509KeyManager, which clearly isn't working.  I am not familiar with apache HttpClient libraries.  Do I need to convert to their X509KeyManager, etc. for it to work?

 

Unfortunately, we are forced to use Ready! API 1.2.2 until we get authorization to install the newest version.  I also noticed that version 1.2.2 uses deprecated classes and methods in the apache http client libraries.  Would that have something to do with it?

 

Here is my script.  I can't show you my MySSLContext source, but it does work just fine in another application (sorry it is so ugly, it won't let me post with a pretty format):

  

HttpClient httpclient = new DefaultHttpClient(); ClientConnectionManager ccm = httpclient.getConnectionManager();

 

SchemeRegistry sr = ccm.getSchemeRegistry();

 

// getSSLContext takes, trust manager factory, trustStore, keyStore, custom HostNameVerifier, algorithm, and "SSL" or

// "TLS".

SSLContext ctx = MySSLContext.getSSLContext(MySSLContext .getTrustManagerFactory(MySSLContext.getWindowsROOT()),MySSLContext.getWindowsROOT(), MySSLContext.getWindowsMY(), new SSLHostnameVerifier(), "SunX509", "SSL");

 

SSLSocketFactory ssf = new SSLSocketFactory(ctx);

 

sr.register( new Scheme( "http", 80, PlainSocketFactory.socketFactory ) );

sr.register( new Scheme( "https", 443, ssf) );

5 Replies

  • derikgw's avatar
    derikgw
    Occasional Contributor

    I just attempted a web service call running the groovy script above (with the added WS call), and there is definitely a disconnect regarding the socket factory.  When I declare a new apache SSLSocketFactory, it is compatible with Scheme but does not work.  However, when I call one of our web services through another library of mine using the ctx.socketFactory (the SSLContext I created in the previous script), I get prompted for the cert and the service is called just fine, all from groovy.  Unfortunately, Sun's SSLSocketFactory is not compatible with Apache's Scheme constructor.  I am going to have to figure out how to create the SSLContext with an Apache SSLSocketFactory in my custom library.

     

    Interesting...

    • derikgw's avatar
      derikgw
      Occasional Contributor

      It just occured to me, I may need to replace the HttpClient...

      • derikgw's avatar
        derikgw
        Occasional Contributor

        I am lost on this. I have been looking through the JavaDocs and I see nothing that will allow me to inject a custom SSLContext, or SSLSocketConnectionFactory, or even an HttpClient.