RES: Axis 2 - SSL with Client Authentication

Fernando Cesar Silva Wed, 27 Aug 2008 06:21:37 -0700

Hi Stefan,

I will assume that your server configuration is OK (that I don't know very
well) and I will focus on the client part.


Here, I had to call a secure webservice from the Brazilian government that
requires client authentication.

Before I call the secure webservice, I only set in my client the necessary
system properties that JSSE will consider to do the SSL.

final Properties props = System.getProperties();
props.setProperty("javax.net.ssl.trustStore", "C:/Certificados
/sefazrssef.jks");
props.setProperty("javax.net.ssl.trustStorePassword", "xxxxxxx");
props.setProperty("javax.net.ssl.trustStoreType", "JKS");

props.setProperty("javax.net.ssl.keyStore",
"C:/Certificados/transpamericana.jks");
props.setProperty("javax.net.ssl.keyStorePassword", "xxxxxxx");
props.setProperty("javax.net.ssl.keyStoreType", "JKS");
                
System.setProperties(props);

Your truststore have to contain the server certificate (public key) and his
certificate chain.

Your keystore have to contain the client private key (issued by a trusted
CA).

You can work with another key and truststore's types as well, changing "JKS"
for another type (e.g. "PKCS12").

You can turn on the SSL debug passing the parameter:
props.setProperty("javax.net.debug", "ssl");

For more information take a look at:
http://wiki.apache.org/ws/FrontPage/Axis/AxisClientConfiguration/Ssl

http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Cu
stomization

Hope this helps.

Fernando Cesar


-----Mensagem original-----
De: StrongSteve [mailto:[EMAIL PROTECTED] 
Enviada em: quarta-feira, 27 de agosto de 2008 09:39
Para: [email protected]
Assunto: Axis 2 - SSL with Client Authentication


Hi Everybody!

I am really stuck with the problem below, but I am looking forward that
someone can help me! ;)
(Or give me at least a useful hint on were to search for more
information...)

Basically I have a running webservice based on AXIS 2. 

Now I have to make it secure. Be secure I mean the following to things:
   - Transport via SSL (Https)
   - Client Authentication using a Client Certificate

Basically all messages have to be transferred over https and only "trusted"
clients - whoses certificates reside in the server's .truststore - shall be
worked with.

After one and a half day of browsing the internet, I have no really come
across a solution.

What I did till now is the following:
   - Enable https in Tomcat 6 after generating a server key
   - If I import this server key into the client's .truststore I can call me
webservice by passing a https in the existing endpointreference

The problem I am really stuck with is the part with the client certificates
and I have nearly no clue on which steps are to be performed... :(

I already tried uncommenting the following block in the Axis2.xml, as I
think that this is the part that I need, but I just results in a
NullPointerException when starting my tomcat.

 <!-- the non blocking https transport based on HttpCore + SSL-NIO
extensions -->
    <!--<transportReceiver name="https"
class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
        <parameter name="port" locked="false">9002</parameter>
        <parameter name="non-blocking" locked="false">true</parameter>
        <parameter name="keystore" locked="false">
            <KeyStore>
                <Location>D:/Apache Tomcat 6.0.18/.keystore</Location>
                <Type>JKS</Type>
                <Password>password</Password>
                <KeyPassword>password</KeyPassword>
            </KeyStore>
        </parameter>
        <parameter name="truststore" locked="false">
            <TrustStore>
                <Location>trust.jks</Location>
                <Type>JKS</Type>
                <Password>password</Password>
            </TrustStore>
        </parameter>-->
        <!-- <parameter name="SSLVerifyClient">require</parameter> -->
         <!-- supports optional|require or defaults to none -->
    <!--</transportReceiver> -->

[INFO]
java.lang.NullPointerException
        at
org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener.getSSLContext(HttpCo
reNIOSSLListener.java:9
6)
        at
org.apache.axis2.transport.nhttp.HttpCoreNIOListener.init(HttpCoreNIOListene
r.java:151)
        at
org.apache.axis2.engine.ListenerManager.start(ListenerManager.java:125)
        at
org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:442)
        at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:11
72)
        at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:992)
        at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:
4058)
        at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4371)
        at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:7
91)
        at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
        at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
        at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889
)
        at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
        at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
        at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor
t.java:117)
        at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
        at
org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
        at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at
org.apache.catalina.core.StandardService.start(StandardService.java:516)
        at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Thanks in Advance for both your time and your knowledge!

Greetings
Stefan
-- 
View this message in context:
http://www.nabble.com/Axis-2---SSL-with-Client-Authentication-tp19180080p191
80080.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RES: Axis 2 - SSL with Client Authentication

Reply via email to