|
Chris,
I would try calling both methods
without specifying the keystore just to see what happens. The
IndiscriminateTrustManager doesn't require that there even be a certificate in
the keystore. Maybe because one is there, the Axis stub call is trying to
pass it anyway and not encoding it properly or maybe making space for it in the
stream but not inserting it. By not specifying the keystore, the JRE will
default to using $JAVA_HOME\jre\lib\security\cacerts so, under the direct socket
call, you should fail with a SSLHandshakeException but the Axis stub
call should either succeed or give you the same unauthorized certificate
exception. If you get the exception, find out if the server you're
hitting requires trusted client certificate authentication. The ones
I work with do not, they only require clients to accept the server's
certificate for the session. That might be a sticking point for you.
It would also be worth your while to use a utility like TCPMON to get a
snapshot of the actual TCP messages being sent. Then you can diff them to
see what the difference is.
Hth,
Jim
From: Chris Hall [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 3:45 PM To: [email protected] Subject: RE: WSDL2Java and SSL Thanks again for your help Jim. I tried your suggestion of
creating an IndiscriminateTrustManager and using it in
org.apache.axis.components.net.JSSESocketFactory to create a SSLSocketFactory
that will trust anything. Unfortunately I’m still getting the same error
that I saw before.
Let me try to explain better what I am
doing.
1) I’m
running WSDL2Java with a remote url to generate some java
code:
java -Djavax.net.ssl.keyStore=keystore.p12
-Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=password
org.apache.axis.wsdl.WSDL2Java
https://remoteurl.com/foo?WSDL
2) I’m
creating simple main() method that will feed some variables into the Purchase
class that has been created and calls the WSDL2Java generated code to create the
SOAP and send the https request.
3) I’m
running my program:
java -Djavax.net.ssl.keyStore=keystore.p12
-Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=password
my.main.Method
When I run my program I see the https connection being
successfully created (handshaking and all that). Then I send my
application data and the server sends its response. That response is an
error message saying my client’s SSL certificate is not authorized to
connect.
From this is seems like the WSDL2Java generated code is handing
the SSL connection correctly, but it is not giving my keystore cert to the
server.
For contrast, this works:
1) Generate a main method with predefined (non-dynamicly generated) SOAP
message, manually create a SSLSocketFactory, and manually send the message to
that socket (not using WSDL2Java here at
all)
2) Run
my program like:
java -Djavax.net.ssl.keyStore=keystore.p12
-Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=password
my.main.Method2
Here I again see the https connection being successfully
created. I send my application data and the server sends its
response. But in this case the response is a successful message saying the
payment was processed correctly.
Any idea why these two cases should be different and what I need
to do to get the WSDL2Java code to work
correctly?
Thanks,
--Chris
-----------------------
What I showed you runs on the client, not the
server.
Jim Tootell
System Design, Development,
& Integration
Department
Anteon Corporation
(619) 542-0240 x123
mailto:[EMAIL PROTECTED]
|
- RE: WSDL2Java and SSL Tootell, James
- RE: WSDL2Java and SSL Chris Hall
- RE: WSDL2Java and SSL Chris Hall
- RE: WSDL2Java and SSL Tootell, James
- Error while deploying Web Service Prashant Bhalesain
