|

»

»

»

Trying to use client certificate file to connect to a Subversion repository

View: New views

3 Messages — Rating Filter: Alert me

	Trying to use client certificate file to connect to a Subversion repository by pitcher :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I am trying to use a client certificate file to connect to a Subversion repository. I have been trying to use the SVNSSLAuthentication class to create an SVNAuthentication instance by passing the certificate file in the constructor. I am using the DefaultSVNAuthenticationManager and trying to set the Authentication of the SSLManager used by the AuthenticationManager to this instance. However, this doesn't seem to work. Essentially: ISVNAuthenticationManager authManager = SVNWCUtil.createDefaultAuthenticationManager(); authManager.getSSLManager(SVNURL.parseURIDecoded(SVN_URL)).setClientAuthentication(new SVNSSLAuthentication(certFile, null, false)); repository.setAuthenticationManager(authManager); repository.testConnection(); Is there any other API I should be using? Any pointers would be helpful. Thanks
	Re: Trying to use client certificate file to connect to a Subversion repository by Alexander Kitaev-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello, When using default authentication manager, client SSL certificate should be specified in "servers" configuration file: #ssl-client-cert-file PKCS#12 format client certificate file #ssl-client-cert-password Client Key password, if needed. Default Subversion configuration directory is ~/.subversion on Linux and OSX, and %APP_DATA%\Subversion on Windows. When using SSL client certificates, please try to use latest available JDK (SVNKit relies on JDK SSL support) and "unlimited-strength" chipher suite (see http://java.sun.com/products/jce/javase.html). You may also consider extending BasicAuthenticationManager - in that case you'll have to implement getSSLManager(...) method of it (you may create DefaultSVNSSLManager there). > set the Authentication of the SSLManager used by the AuthenticationManager > to this instance. However, this doesn't seem to work. Essentially: Did you get any particular exception or error message? Alexander Kitaev, TMate Software, http://svnkit.com/ - Java [Sub]Versioning Library! pitcher wrote: > I am trying to use a client certificate file to connect to a Subversion > repository. I have been trying to use the SVNSSLAuthentication class to > create an SVNAuthentication instance by passing the certificate file in the > constructor. I am using the DefaultSVNAuthenticationManager and trying to > set the Authentication of the SSLManager used by the AuthenticationManager > to this instance. However, this doesn't seem to work. Essentially: > > ISVNAuthenticationManager authManager = > SVNWCUtil.createDefaultAuthenticationManager(); > > authManager.getSSLManager(SVNURL.parseURIDecoded(SVN_URL)).setClientAuthentication(new > SVNSSLAuthentication(certFile, null, false)); > > repository.setAuthenticationManager(authManager); > repository.testConnection(); > > Is there any other API I should be using? Any pointers would be helpful. > > Thanks
	Re: Trying to use client certificate file to connect to a Subversion repository by pitcher :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Alexander, Thanks for the quick response. Turns out that I needed to have a password on my certificate file for the certificates to work . I extended the DefaultSVNAuthenticationManager and overrode the getSSLManager to get this to work. In the overridden method, I set the client authentication for the SSLManager to an SVNSSLAuthentication instance. This instance contains the certificate as well as the password file. Since the instance has this information anyway, do we need this information in the 'servers' file as well? Alexander Kitaev-3 wrote: Hello, When using default authentication manager, client SSL certificate should be specified in "servers" configuration file: #ssl-client-cert-file PKCS#12 format client certificate file #ssl-client-cert-password Client Key password, if needed. Default Subversion configuration directory is ~/.subversion on Linux and OSX, and %APP_DATA%\Subversion on Windows. When using SSL client certificates, please try to use latest available JDK (SVNKit relies on JDK SSL support) and "unlimited-strength" chipher suite (see http://java.sun.com/products/jce/javase.html). You may also consider extending BasicAuthenticationManager - in that case you'll have to implement getSSLManager(...) method of it (you may create DefaultSVNSSLManager there). > set the Authentication of the SSLManager used by the AuthenticationManager > to this instance. However, this doesn't seem to work. Essentially: Did you get any particular exception or error message? Alexander Kitaev, TMate Software, http://svnkit.com/ - Java [Sub]Versioning Library! pitcher wrote: > I am trying to use a client certificate file to connect to a Subversion > repository. I have been trying to use the SVNSSLAuthentication class to > create an SVNAuthentication instance by passing the certificate file in the > constructor. I am using the DefaultSVNAuthenticationManager and trying to > set the Authentication of the SSLManager used by the AuthenticationManager > to this instance. However, this doesn't seem to work. Essentially: > > ISVNAuthenticationManager authManager = > SVNWCUtil.createDefaultAuthenticationManager(); > > authManager.getSSLManager(SVNURL.parseURIDecoded(SVN_URL)).setClientAuthentication(new > SVNSSLAuthentication(certFile, null, false)); > > repository.setAuthenticationManager(authManager); > repository.testConnection(); > > Is there any other API I should be using? Any pointers would be helpful. > > Thanks