JSS SSLSocket选择客户端证书的问题
这是来自 Mozilla Crypto Dev ML 的交叉帖子。希望 SO 上的人有一些使用 org.mozilla.jss 的经验。 链接:JSS - MDN
我正在尝试使用两个向远程主机发出两个单独的 HTTPS 请求客户端套接字和两个不同的客户端证书(客户端证书 A 和 B)。我的测试程序是 SSLTest 的修改版本.java
从我的主机上,我可以在两个不同的套接字上与远程主机建立两个连接。对于两个单独的连接,我都能从远程 Web 服务器收到 200 OK 回复。
我的问题是客户端证书“A”同时用于连接“A”和“B”。
我一直在使用 这个< /a> 构造函数:
public SSLSocket(java.lang.String host,int port,
java.net.InetAddress localAddr,
int localPort,
SSLCertificateApprovalCallback certApprovalCallback,
SSLClientCertificateSelectionCallback clientCertSelectionCallback)
我还实现了接口 SSLClientCertificateSelectionCallback (源)以便使用上面的构造函数并传递正确的客户端证书。另外,我在实现的 SSLClientCertificateSelectionCallback select() 函数中放置了一行,以在执行回调时进行记录。
运行我的应用程序并检查日志,在创建第一个 SSLSocket(选择客户端证书“A”)期间仅调用一次 select() 方法,并且在指定客户端证书 B 昵称时不会在将来的 SSLSocket 实例化中调用一次。事实上,我必须重新启动我的应用程序才能再次运行 select() 。
当远程服务器请求证书时,有没有办法触发本机回调代码运行 select() ?
谢谢,
公关
This is a cross-post from the Mozilla Crypto Dev ML. Hoping that someone on SO has some experience using org.mozilla.jss. Link: JSS - MDN
I'm trying to make two separate HTTPS requests to a remote host using two client sockets and two different client certificates respectively (client cert A and B). My test program is a modified version of SSLTest.java
From my host, I'm able to make two connections on two different sockets to the remote host. I'm able to receive a 200 OK back from the remote web server for both individual connections.
My problem is that client certificate 'A' is being used for both connections 'A' and 'B'.
I've been using this constructor:
public SSLSocket(java.lang.String host,int port,
java.net.InetAddress localAddr,
int localPort,
SSLCertificateApprovalCallback certApprovalCallback,
SSLClientCertificateSelectionCallback clientCertSelectionCallback)
I've also implemented the interface SSLClientCertificateSelectionCallback (source) in order to use the above constructor and pass the correct client certificate. Also, I placed a line in my implemented SSLClientCertificateSelectionCallback select() function to log when the call back is executed.
Running my app, and checking the log, the select() method is only ever called once during the creation of the first SSLSocket (selecting Client Cert 'A') and never on future SSLSocket instantiations when Client Cert B nickname is specified. In fact, I have to restart my app for select() to be run again.
Is there a way I can trigger the native callback code to run select() when a certificate is requested by the remote server?
Thanks,
PR
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
听起来可能正在进行一些会话缓存。你说你使用SSLSocket。您是否尝试过将会话缓存设置为 false?默认情况下,SSLSocket 启用会话缓存。
例如,在 SSLSocket 类中,有一个方法
public void useCache(boolean b)如果您在创建套接字后设置向其传递一个false参数,希望可以防止服务器缓存您的第一个会话(我假设您正在从一个程序调用两个客户端连接)。这样,它应该提示您从第二个连接请求另一个证书请求,就像您想要的那样。It sounds like there might be some session caching going on. You said that you use SSLSocket. Have you tried setting the session caching to false? By default, SSLSocket enables session caching.
For instance in the SSLSocket class, there's the method
public void useCache(boolean b)If you set pass it a parameter offalseafter you create the socket, hopefully that'll prevent the server from caching your first session (I assume you are calling both client connections from one program). That way, it should prompt you for another certificate request from the second connection like you want.