stackoom
  简体   繁体   中英

Java SOAP Client JAX-WS: How to use a certificate

 原文  2012-04-02 11:23:09       java/ soap/ client/ certificate/ jax-ws

Question

Im using NetBeans 7.0.1 to develope an application, thats able to communicate with a server/webservice through secured (HTTPS/SSL) SOAP. In NetBeans i simply click on "New" -> "Web Service Client...", select a wsdl-file and then click finish. This will generate sourcecode for the SOAP-Client. After that, i have many new java-files in an own Folder: 

Generated Sources (jax-ws)

I changed the wsdl-file to connect to myself/localhost without HTTPS/SSL to test the SOAP-Client and it seems to work well, but now i need to use a specific certificate for the SOAP/HTTP-connection, wich i got as a .p12 file.

I dont know how to use a certificate in combination with the generated sources. I use the generated SOAP-Client like this: 

SoapServiceExample SSA = new ClassSoapServiceExample();
Object Response = SSA.getServicePort().doSomething(Authentification, Data);

If i try to use the SOAP-Client with the unchanged/correct wsdl-file, i get this error: 

com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

[com.sun.xml.internal.ws.transport.http.client.HttpClientTransport] [getOutput] [-1]
[com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe] [process] [-1]
[com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe] [processRequest] [-1]
[com.sun.xml.internal.ws.transport.DeferredTransportPipe] [processRequest] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [__doRun] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [_doRun] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [doRun] [-1]
[com.sun.xml.internal.ws.api.pipe.Fiber] [runSync] [-1]
[com.sun.xml.internal.ws.client.Stub] [process] [-1]
[com.sun.xml.internal.ws.client.sei.SEIStub] [doProcess] [-1]
[com.sun.xml.internal.ws.client.sei.SyncMethodHandler] [invoke] [-1]
[com.sun.xml.internal.ws.client.sei.SyncMethodHandler] [invoke] [-1]
[com.sun.xml.internal.ws.client.sei.SEIStub] [invoke] [-1]
[$Proxy31] [doSomething] [-1]

Im already able to load a .p12 certificate to use it for a socket. 

public static TrustManager[] createTrustManagerWhoTrustAllways()
{
    return new TrustManager[]
    {
        new X509TrustManager()
        {
            @Override
            public X509Certificate[] getAcceptedIssuers()
            {
                return null;
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType)
            {
                return;
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType)
            {
                return;
            }
        }
    };
}

public static SSLContext loadPkcs12CertificateAndGetSslContext(String FileName, String Password) throws Exception
{
    KeyStore KS = KeyStore.getInstance("PKCS12");
    KS.load(new FileInputStream(FileName), Password.toCharArray());

    KeyManagerFactory KMF = KeyManagerFactory.getInstance("SunX509");
    KMF.init(KS, Password.toCharArray());

    SSLContext SSLC = SSLContext.getInstance("TLS");
    SSLC.init(KMF.getKeyManagers(), createTrustManagerWhoTrustAllways(), new SecureRandom());

    return SSLC;
}

public void connect() throws Exception
{
    if(true == m_Secure)
    {
        SSLContext SSLC = loadPkcs12CertificateAndGetSslContext(m_CertificateFileName, m_CertificatePassword);

        m_Socket = SSLC.getSocketFactory().createSocket(m_ServerName, m_ServerPort);
    }
    else
    {
        m_Socket = new Socket(m_ServerName, m_ServerPort);
    }
}

I know/guess this is not well written source and i believe its terrible practice to use stuff like createTrustManagerWhoTrustAllways(), but im new to java and my first goal is to produce a working client, if i have taken this hurdle i will concentrate on more secure sourcecode.

Can anybody tell me, how i use a certificate for the generated SOAP-Client?

1 answers

solution1
 1  2012-06-12 15:59:38

You can declare a system-wide keystore by providing the keystore and truststore configuration through system properties on the command line of your program: 

-Djavax.net.ssl.trustStore=<yourtruststore>
-Djavax.net.ssl.trustStorePassword=<pwd>
-Djavax.net.ssl.keyStore=<your-keystore>
-Djavax.net.ssl.keyStorePassword=<pwd>

JAX-WS will pick up this keystore to configure the SSL client connection. Just make sure you have the right certificates in place in your keystore.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java - ssl certificate with JAX-WS client How to use GetLineReq in AXL Java Client using JAX-WS how to imlement a SOAP handler in JAX-WS client How to add SOAP Headers to Spring Jax-WS Client? JAX-WS + SOAP: How to parse HTTP Client Error How to authenticate a Web Service Client with JAX-WS / SOAP JAX-WS SOAP Client Authentication How to disable certificate validation in JAX-WS Client? Parsing Soap dates in Jax-WS Client Java SOAP/JAX-WS: How to set timeouts?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM