+ Start a Discussion
Timofey KhomichukTimofey Khomichuk 

Web Service Connector with two-way SSL enabled

In our java application we use Web Service Connector framework (WSC) to communicate with Salesforce (https://github.com/forcedotcom/wsc). We successfuly connected with one-way authentication (server-only auth). However we need to implement two-way SSL with mutual authentication enabled, so that our application as a client to Salesforce must provide client certificate for successful handshake. Could anyone advise how to extend SSL parameters in WSC required for client authentication on Salesforce side like keystore, certificate alias etc. All needed actions on Salesforce side are carried out (user permissions, Mutual Authentication feature etc).
Timofey
Steven LawranceSteven Lawrance

Thanks for asking about that. You'll generally need to set the TransportFactory in the ConnectorConfig object that you use to create the PartnerConnection (or EnterpriseConnection, etc), though another option is to set the Transport.

It's possible to create a Transport implementation that is based off of the com.sforce.ws.transport.JdkHttpTransport class while having the JdkHttpTransport create the connection with its static createConnection method. Your Transport implementation can then set up the SSLSocketFactory (casting the connection to HttpsURLConnection is required to do that), and your SSLSocketFactory can be created from creating an SSLContext that is initialized to include your client certificate.
Timofey KhomichukTimofey Khomichuk
Thanks Steven for the answer. So far we postponed the deliveryof this functionality. So we will try your recommendations later and let you know the results.