Interface CertificateChallenge

All Known Implementing Classes:
NegotiationState.Challenge, RequestCertificate.Challenge

public interface CertificateChallenge
The CertificateChallenge object is used to challenge a client for their x509 certificate. Notification of a successful challenge for the certificate is done using a completion task. The task is executed when the SSL renegotiation completes with a client certificate.

For HTTPS the SSL renegotiation workflow used to challenge the client for their X509 certificate is rather bizzare. It starts with an initial challenge, where an SSL handshake is performed. This initial handshake typically completes but results in the TCP connection being closed by the client. Then a second handshake is performed by the client on a new TCP connection, this second handshake does not contain the certificate either. When the handshake is finished on this new connection the client will resubmit the original HTTP request. Again the server will have to challenge for the certificate, which should succeed and result in execution of the task provided.

An important point to note here, is that if the client closes the TCP connection on the first challenge, the completion task will not be executed, it will be ignored. Only a successful completion of a HTTPS renegotiation will result in execution of the provided task.

  • Method Summary

    Modifier and Type
    Method
    Description
    This method will challenge the client for their certificate.
    challenge(Runnable completion)
    This method will challenge the client for their certificate.
  • Method Details

    • challenge

      Future<Certificate> challenge() throws Exception
      This method will challenge the client for their certificate. It does so by performing an SSL renegotiation. Successful completion of the SSL renegotiation results in the client providing their certificate, and execution of the task.
      Returns:
      this future containing the original certificate
      Throws:
      Exception
    • challenge

      Future<Certificate> challenge(Runnable completion) throws Exception
      This method will challenge the client for their certificate. It does so by performing an SSL renegotiation. Successful completion of the SSL renegotiation results in the client providing their certificate, and execution of the task.
      Parameters:
      completion - task to be run on successful challenge
      Returns:
      this future containing the original certificate
      Throws:
      Exception