JSS SSLSocket problem choosing Client Certificate
https://stackoverflow.com/questions/7338529
-
27-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
This is a cross-post from the Mozilla Crypto Dev ML. Hoping that someone on SO has some experience using org.mozilla.jss. Link: JSS - MDN
I'm trying to make two separate HTTPS requests to a remote host using two client sockets and two different client certificates respectively (client cert A and B). My test program is a modified version of SSLTest.java
From my host, I'm able to make two connections on two different sockets to the remote host. I'm able to receive a 200 OK back from the remote web server for both individual connections.
My problem is that client certificate 'A' is being used for both connections 'A' and 'B'.
I've been using this constructor:
public SSLSocket(java.lang.String host,int port,
java.net.InetAddress localAddr,
int localPort,
SSLCertificateApprovalCallback certApprovalCallback,
SSLClientCertificateSelectionCallback clientCertSelectionCallback)
I've also implemented the interface SSLClientCertificateSelectionCallback (source) in order to use the above constructor and pass the correct client certificate. Also, I placed a line in my implemented SSLClientCertificateSelectionCallback select() function to log when the call back is executed.
Running my app, and checking the log, the select() method is only ever called once during the creation of the first SSLSocket (selecting Client Cert 'A') and never on future SSLSocket instantiations when Client Cert B nickname is specified. In fact, I have to restart my app for select() to be run again.
Is there a way I can trigger the native callback code to run select() when a certificate is requested by the remote server?
Thanks,
PR
Solution
It sounds like there might be some session caching going on. You said that you use SSLSocket. Have you tried setting the session caching to false? By default, SSLSocket enables session caching.
For instance in the SSLSocket class, there's the method public void useCache(boolean b) If you set pass it a parameter of false after you create the socket, hopefully that'll prevent the server from caching your first session (I assume you are calling both client connections from one program). That way, it should prompt you for another certificate request from the second connection like you want.
