Examples of org.simpleframework.transport.CertificateChallenge

• org.simpleframework.transport.CertificateChallenge
  The CertificateChallenge object is used to challenge a client for their x509 certificate. Notification of a successful challenge for the certificate is done using a completion task. The task is executed when the SSL renegotiation completes with a client certificate.

  For HTTPS the SSL renegotiation workflow used to challenge the client for their X509 certificate is rather bizzare. It starts with an initial challenge, where an SSL handshake is performed. This initial handshake typically completes but results in the TCP connection being closed by the client. Then a second handshake is performed by the client on a new TCP connection, this second handshake does not contain the certificate either. When the handshake is finished on this new connection the client will resubmit the original HTTP request. Again the server will have to challenge for the certificate, which should succeed and result in execution of the task provided.

  An important point to note here, is that if the client closes the TCP connection on the first challenge, the completion task will not be executed, it will be ignored. Only a successful completion of a HTTPS renegotiation will result in execution of the provided task. @author Niall Gallagher

       */
      public Future<Certificate> challenge(Runnable completion) throws Exception {
         if(certificate == null) {
            throw new IOException("Challenging must be done on a secure connection");
         }
         CertificateChallenge challenge = certificate.getChallenge();

         if(certificate.isChainPresent()) {
            throw new IOException("Certificate is already present");
         }
         if(monitor.isCommitted()) {
            throw new IOException("Response has already been committed");
         }
         return challenge.challenge(completion);
      }