cancel
Showing results for 
Search instead for 
Did you mean: 

Replacing SSLContext with custom SSLContext for SmartCard

Highlighted
Occasional Contributor

Replacing SSLContext with custom SSLContext for SmartCard

Our company is required to use SmartCard technology to communicate with our systems.  I am attempting to provide a custom SSLContext in an Event script (RequestFilter.filterRequest) using a custom Java library.  The SSLContext is good, as I have used it in another Java application that I have written, and I have logged some of its content, and it is configured correctly; however, the certificate select swing dialog (in my custom library) doesn't pop up and no client cert is passed to the server.  It's like I haven't really replaced the default SSLContext.

 

I need to use the Windows-MY and Windows-ROOT keystores.  The user also needs to be able to select a certificate, and unfortunately that piece isn't working when used in ReadyAPI either.  For the client cert selection I override the chooseClientAlias in a custom X509KeyManager, which clearly isn't working.  I am not familiar with apache HttpClient libraries.  Do I need to convert to their X509KeyManager, etc. for it to work?

 

Unfortunately, we are forced to use Ready! API 1.2.2 until we get authorization to install the newest version.  I also noticed that version 1.2.2 uses deprecated classes and methods in the apache http client libraries.  Would that have something to do with it?

 

Here is my script.  I can't show you my MySSLContext source, but it does work just fine in another application (sorry it is so ugly, it won't let me post with a pretty format):

  

HttpClient httpclient = new DefaultHttpClient(); ClientConnectionManager ccm = httpclient.getConnectionManager();

 

SchemeRegistry sr = ccm.getSchemeRegistry();

 

// getSSLContext takes, trust manager factory, trustStore, keyStore, custom HostNameVerifier, algorithm, and "SSL" or

// "TLS".

SSLContext ctx = MySSLContext.getSSLContext(MySSLContext .getTrustManagerFactory(MySSLContext.getWindowsROOT()),MySSLContext.getWindowsROOT(), MySSLContext.getWindowsMY(), new SSLHostnameVerifier(), "SunX509", "SSL");

 

SSLSocketFactory ssf = new SSLSocketFactory(ctx);

 

sr.register( new Scheme( "http", 80, PlainSocketFactory.socketFactory ) );

sr.register( new Scheme( "https", 443, ssf) );

5 REPLIES 5
Highlighted
Occasional Contributor

Re: Replacing SSLContext with custom SSLContext for SmartCard

I just attempted a web service call running the groovy script above (with the added WS call), and there is definitely a disconnect regarding the socket factory.  When I declare a new apache SSLSocketFactory, it is compatible with Scheme but does not work.  However, when I call one of our web services through another library of mine using the ctx.socketFactory (the SSLContext I created in the previous script), I get prompted for the cert and the service is called just fine, all from groovy.  Unfortunately, Sun's SSLSocketFactory is not compatible with Apache's Scheme constructor.  I am going to have to figure out how to create the SSLContext with an Apache SSLSocketFactory in my custom library.

 

Interesting...

Highlighted
Occasional Contributor

Re: Replacing SSLContext with custom SSLContext for SmartCard

It just occured to me, I may need to replace the HttpClient...

Occasional Contributor

Re: Replacing SSLContext with custom SSLContext for SmartCard

I am lost on this. I have been looking through the JavaDocs and I see nothing that will allow me to inject a custom SSLContext, or SSLSocketConnectionFactory, or even an HttpClient.

Highlighted
Occasional Contributor

Re: Replacing SSLContext with custom SSLContext for SmartCard

Someone marked this as solved.  Not sure why.  It is far from solved!

Highlighted
Occasional Contributor

Re: Replacing SSLContext with custom SSLContext for SmartCard

I received a reply from one of the engineers at SmartBear.  If you google "SoapUI SSL Workaround" you will get this plugin project: https://github.com/joeljons/soapui-ssl-workaround-plugin

 

I am going to try this idea today.

New Here?
Join us and watch the welcome video:
Announcements
Script Wanted
The new challenge is here!

Create a script to сhange an XPath Match assertion to a JSONPath Match assertion for the TechCorner tag!


Scripts created in July:
- A script to generate an email when an assertion fails
- A script to change the request body before sending it to the server
Top Kudoed Authors