The Axis framework seems pluggable with respect to SocketFactories, as was
JSSE prior to the JDK 1.4. Now with JDK 1.4, I cannot swap SocketFactory
impls (via java.security file) due to US export regulations.
With the out-of-the-box JSSESocketFactory, I can alter the System properties
'javax.net.ssl.xxx' to point it to my trust/cert stores, and tell it the
passwords. However, what if I need a different cert/trust store for each
client?
If I could tell Java/Axis to use the SunJSSESocketFactory (or my own
version), then I could build a Hashtable of properties
specifying 'keystore' 'keyStorePass', etc. But alas, I cannot with JDK1.4
eg. SecureSocketFactory ssf =
(SecureSocketFactory)SocketFactoryFactory.getFactory("https", myProps);
So I'm left with
System.setProperty("javax.net.ssl.xxx", "xyz");
as the only way to tell Aix which CA's to trust and which client certs it
can use. But I assume these properties are only read once.. the first time
the SocketFactory for HTTPS is created. Even if not, changing them at
run-time is not safe due to multiple clients running at the same time.
Furhtermore, when I use wsdl2java to generate Java stubs, I seem to be
completely insulated from any ability to change SSL environment things such
as trustStore and keyStore. It's all automatic and hidden.
Has someone any idea of how I can do what I'm trying to do?
Can I, for example, alter the SSL connection parameters in the context of
some Stub (ie. access the SecureSocket being used)? Something like this...
SSLContext.getInstance("SSL").init(keyMgrs, trustMgrs, secureRandom);
...only synchronized in a way that prevents other clients from connecting
with these params until i'm done?
Any help is greatly appreciated. I have connections working fine, including
client-auth, but I [seem to] lack the ability to have different settings for
each client in a single VM.
Stuart
