HTTPS web services

Sun, 07 May 2006 23:29:38 -0700

I have deployed a sample web service in Axis 1.2.1 in Tomcat 5.5.
The HTTPS configuration of Tomcat 5.5 is already in place. The client cert is already imported into the server's trust store, and the server cert is already imported into the client's truststore.
 
As long as I set
 
   // currently run the client and server on the same machine.
   // currently both client and server share the same keystore.  
   System.setProperty("javax.net.ssl.keyStore",
     "D:\\software\\Tomcat5.5\\conf\\keystore.jks");
   System.setProperty("javax.net.ssl.keyStorePassword ", "changeit");
   System.setProperty("javax.net.ssl.keyStoreType", "jks");
   // client uses the standard trust store in JRE.
   System.setProperty("javax.net.ssl.trustStore",
     "C:\\j2sdk1.4.2_11\\jre\\lib\\security\\cacerts");
   System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
 
The client will work without any fault.
 
However, I am not allowed the set system property because there are other clients share the same JVM which may use those system properties concurrently.
 
So I tried to change the default SSLSocketFactory using the following code snippet.
 

/******************* SSL configuration in the client ************/

   String keystorePath = "D:\\software\\Tomcat5.5\\conf\\keystore.jks";
   String keystorePass = "changeit";
   String truststorePath = "C:\\j2sdk1.4.2_11\\jre\\lib\\security\\cacerts";
   String truststorePass = "changeit";

   SSLSocketFactory factory = null;
   SSLContext ctx = null;
   KeyManagerFactory kmf = null;
   TrustManagerFactory tmf = null;
   KeyStore ks = null;
   KeyStore ts = null;
   try {
    char[] pass = keystorePass.toCharArray();
    ctx = SSLContext.getInstance("TLS");
    kmf = KeyManagerFactory.getInstance("SunX509");

    ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(keystorePath), pass);
    kmf.init(ks, pass);

    ts = KeyStore.getInstance("JKS");
    ts.load(new FileInputStream(truststorePath), pass);
    // tmf = TrustManagerFactory.getInstance ("SunX509", "SunJSSE");
    // tmf.init(ts);
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
     public java.security.cert.X509Certificate[] getAcceptedIssuers() {
      return null;
     }

     public void checkClientTrusted(
       java.security.cert.X509Certificate[] certs,
       String authType) {
     }

     public void checkServerTrusted(
       java.security.cert.X509Certificate[] certs,
       String authType) {
     }
    } };

    ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
    factory = ctx.getSocketFactory();

   } catch (Exception e) {
    log.error(e.getMessage());
   }
   
   HttpsURLConnection.setDefaultSSLSocketFactory(factory);

 

/*******************END of SSL configuration in the client ************/

 

String url = "" href="https://sg0137a-xinjun:8443/axis/services/SampleService1DocSSL">https://sg0137a-xinjun:8443/axis/services/SampleService1DocSSL ";                     

SampleService1ServiceLocator locator = new SampleService1ServiceLocator();

SampleService1_PortType stub = locator.getSampleService1(new URL(url));

String ret = stub.echo("AxisClientRequest");

System.out.println("Return: " + ret);

 

 

I get the following error message:

 

AxisFault

faultCode: { http://schemas.xmlsoap.org/soap/envelope/}Server.userException

faultSubcode:

faultString: java.net.SocketException : Software caused connection abort: recv failed

faultActor:

faultNode:

faultDetail:

{ http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Software caused connection abort: recv failed

at java.net.SocketInputStream.socketRead0( Native Method)

at java.net.SocketInputStream.read( SocketInputStream.java:129)

at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA12275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA12275)

at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA12275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)

at org.apache.axis.components.net.JSSESocketFactory.create( JSSESocketFactory.java:186)

at org.apache.axis.transport.http.HTTPSender.getSocket( HTTPSender.java:191)

at org.apache.axis.transport.http.HTTPSender.writeToSocket( HTTPSender.java:404)

at org.apache.axis.transport.http.HTTPSender.invoke( HTTPSender.java:138)

at org.apache.axis.strategies.InvocationStrategy.visit( InvocationStrategy.java:32)

at org.apache.axis.SimpleChain.doVisiting( SimpleChain.java:118)

at org.apache.axis.SimpleChain.invoke( SimpleChain.java:83)

at org.apache.axis.client.AxisClient.invoke( AxisClient.java:165)

at org.apache.axis.client.Call.invokeEngine( Call.java:2765)

at org.apache.axis.client.Call.invoke( Call.java:2748)

at org.apache.axis.client.Call.invoke( Call.java:2424)

at org.apache.axis.client.Call.invoke( Call.java:2347)

at org.apache.axis.client.Call.invoke( Call.java:1804)

at wsg.sample.service1docssl.SampleService1SoapBindingStub.echo( SampleService1SoapBindingStub.java:106)

at wsg.sample.service1.testClient.Service1AxisClient.main( Service1AxisClient.java:178)

{http://xml.apache.org/axis/}hostname:SG0137A-XinJun

 

 

Could anyone suggest me how to fix this problem?

 

Thank you very much.

 

 

Regards,

Xinjun

Reply via email to