How can I configure Simple Framework to require SSL client authentication?

StackOverflow https://stackoverflow.com/questions/16927938

Pregunta

I am writing an HTTP server using the Simple Framework and would like to require clients to present a valid certificate signed by my certificate authority in order to establish a connection.

I have the following bare-bones server written. How can I modify this code to require client certificate authentication for all SSL connections?

public static void main(String[] args) throws Exception {
    Container container = createContainer();

    Server server = new ContainerServer(container);
    Connection connection = new SocketConnection(server);
    SocketAddress address = new InetSocketAddress(8443);

    KeyManagerFactory km = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    KeyStore serverKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
    try(InputStream keystoreFile = new FileInputStream(SERVER_KEYSTORE_PATH)) {
        serverKeystore.load(keystoreFile, "asdfgh".toCharArray());
    }
    km.init(serverKeystore, SERVER_KS_PASSWORD.toCharArray());

    TrustManagerFactory tm = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore caKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
    try(InputStream caCertFile = new FileInputStream(CA_CERT_PATH)) {
        caKeystore.load(caCertFile, CA_KS_PASSWORD.toCharArray());
    }
    tm.init(caKeystore);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(km.getKeyManagers(), tm.getTrustManagers(), null);

    connection.connect(address, sslContext);
}
¿Fue útil?

Solución

Try this

public class MyServer implements org.simpleframework.transport.Server {

   private Server delegateServer;

   public MyServer(Server delegateServer){
      this.delegateServer = delegateServer;
   }

   public void process(Socket socket){
     socket.getEngine().setNeedClientAuth(true);
     delegateServer.process(socket);
   }
}
Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top