[jira] [Commented] (CXF-8104) Can't assign keystore and truststore before connecting

[Colm O hEigeartaigh (Jira)]

    [ 
https://issues.apache.org/jira/browse/CXF-8104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16928035#comment-16928035
 ] 

Colm O hEigeartaigh commented on CXF-8104:
------------------------------------------

OK the issue here is when Service.create() is called, it needs to know what TLS 
configuration to use to get the WSDL over https. CXF has a special namespace 
for this called "\{http://cxf.apache.org}TransportURIResolver.http-conduit";. 
You need to set something like the following up before the service is created 
(I tested this with Service.create() in a CXF system test):

 
{code:java}

HTTPConduitConfigurer myHttpConduitConfig = new HTTPConduitConfigurer() {
            public void configure(String name, String address, HTTPConduit c) {
                if 
("{http://cxf.apache.org}TransportURIResolver.http-conduit".equals(name)) {
                    c.setTlsClientParameters(tlsParams); // Here tlsParams is 
the TLSClientParameters object as above
                }
            }
        };        
BusFactory busFactory = BusFactory.newInstance();
Bus bus = busFactory.createBus();
bus.setExtension(myHttpConduitConfig, HTTPConduitConfigurer.class);
BusFactory.setThreadDefaultBus(bus);
{code}
 

> Can't assign keystore and truststore before connecting
> ------------------------------------------------------
>
>                 Key: CXF-8104
>                 URL: https://issues.apache.org/jira/browse/CXF-8104
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.3.11
>            Reporter: Daniel Schielzeth
>            Assignee: Colm O hEigeartaigh
>            Priority: Critical
>
> I want to use a SOAP Provider with my java client. The Provider requires a 
> Certificate (keystore and truststore). We have tried many ways to make sure 
> the certificate is used for the client but it doesn't seem to work. I guess, 
> the certificate is set too late. The best we could come up with is
> {code:java}
> KeyStore keyStore = KeyStore.getInstance(cert.getKeystore_type());
> keyStore.load(new FileInputStream(cert.getKeystore_file()), 
> cert.getKeystore_password().toCharArray());
> KeyStore trustStore = KeyStore.getInstance(cert.getTruststore_type());
> trustStore.load(new FileInputStream(cert.getTruststore_file()), 
> cert.getTruststore_password().toCharArray());
> SSLContext context = initSecurityContext(keyStore, trustStore, 
> cert.getKeystore_password());
> SOAPService client = (ListBuyerRequestsReadServicePortType) 
> ClientBuilder.newBuilder().register(SOAPService.class).sslContext(context).build();
> {code}
> We get a _javax.net.ssl.SSLHandshakeException: Received fatal alert: 
> handshake_failure_  when assigning the client in the last line. 
> Do you know how to do it?



--
This message was sent by Atlassian Jira
(v8.3.2#803003)