stackoom
  简体   繁体   中英

Java SOAP service over SSL with client certificates

 原文  2011-11-30 21:42:47       java/ php/ soap/ ssl/ jax-ws

Question

So I've been trying to setup a Java SOAP servlet with JAX-WS and SSL. I got the actual service running over SSL, but I need it to authenticate based on the client certificate, and right now it's accepting all connections against it.

Here's my code so far: 

TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
                String authType)
                throws CertificateException {
    System.out.println("yay1");
}



public void checkServerTrusted(X509Certificate[] chain,
                String authType)
                throws CertificateException {
    System.out.println("yay2");
}

public X509Certificate[] getAcceptedIssuers() {
    throw new UnsupportedOperationException("Not supported yet.");
}
};


String uri = "http://127.0.0.1:8083/SoapContext/SoapPort";
Object implementor = new Main();

Endpoint endpoint = Endpoint.create(implementor);

SSLContext ssl = SSLContext.getInstance("TLS");

KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance("JKS");

store.load(new FileInputStream("serverkeystore"),"123456".toCharArray());

keyFactory.init(store, "123456".toCharArray());


TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

trustFactory.init(store);


ssl.init(keyFactory.getKeyManagers(),
new TrustManager[] { tm }, null);

HttpsConfigurator configurator = new HttpsConfigurator(ssl);

HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress(8083), 8083);

httpsServer.setHttpsConfigurator(configurator);

HttpContext httpContext = httpsServer.createContext("/SoapContext/SoapPort");

httpsServer.start();

endpoint.publish(httpContext);

And I'm testing it with this PHP code: 

$soapClient = new SoapClient("https://localhost:8083/SoapContext/SoapPort?wsdl", array('local_cert' => "newcert.pem"));
$soapClient->add(array('i' => '1', 'j' => '2'));

Unfortunately, it errors out with this when I include the local_cert: 

SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://localhost:8083/SoapContext/SoapPort?wsdl' : failed to load external entity "https://localhost:8083/SoapContext/SoapPort?wsdl"

It does connect successfully if I don't include local_cert, but it never calls my custom TrustManager, so it accepts all incoming connections.

What am I doing wrong? Thanks!

1 answers

solution1
 0  2011-11-30 22:14:44

I do not know PHP but your TrustManager in the web service is not doing any authentication.
So the connection should not be rejected due to client authentication issues.

Does the new_cert.pem you are referencing in your client, contain the private key?
If not then this could be the problem.

I suggest you take a wireshark and see the communication.
I suspect you will not see a rejection coming from your server.

The failure should be local on your client

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java client certificates over HTTPS/SSL java ssl multiple client certificates Java SOAP web service over SSL with basic authentication, connection refused Java webservice (soap) client - use certificates SOAP java client HTTPS/SSL Java SOAP Client with SSL authentication : bad certificate CXF SSL secured Web Service client with multiple certificates Client SSL Certificates in Java: PKIX path building failed Using multiple SSL client certificates in Java with the same host Amazon S3 client fails when invoked within SOAP over HTTP web service in Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM