Re: SSL KeyManager Authentication

2008-04-17 Thread mmocnik 

Solved.

I misspelled the filename of the KeyManager TrustStore.
For some reason I did not get an Exception...

Regards,
Marko
-- 
View this message in context: 
http://www.nabble.com/SSL-KeyManager-Authentication-tp16718625p16741940.html
Sent from the cxf-user mailing list archive at Nabble.com.

SSL KeyManager Authentication

2008-04-16 Thread mmocnik 

Hi,

I'm trying to access a WS which requires authentication with a certificate.
I generated the client code from the wsdl and wrote following test code:

##
SomeService service = new SomeService();
service.addPort(new QName({urn:someService}Some),
SOAPBinding.SOAP11HTTP_BINDING,
https://a.b.c/d;);
Some sei = service.getSome();

Client client = ClientProxy.getClient(sei);
HTTPConduit cond = (HTTPConduit)client.getConduit();
TLSClientParameters tls = new TLSClientParameters();
tls.setSecureSocketProtocol(SSL);

KeyStore ks = KeyStore.getInstance(pkcs12);
ks.load(getClass().getResourceAsStream(/client-certificates.p12),
xxx.toCharArray());
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, xxx.toCharArray());
tls.setKeyManagers(kmf.getKeyManagers());

KeyStore ks2 = KeyStore.getInstance(JCEKS);
ks2.load(getClass().getResourceAsStream(/server-truststore.jks),
yyy.toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks2);
tls.setTrustManagers(tmf.getTrustManagers());

cond.setTlsClientParameters(tls);

MessageTrustDecider mtd = new MessageTrustDecider(){
@Override
public void establishTrust(String conduitName, URLConnectionInfo
connectionInfo, Message message)
throws UntrustedURLConnectionIOException {
if (connectionInfo instanceof HttpsURLConnectionInfo){
System.out.println(Local certs:  +
((HttpsURLConnectionInfo)connectionInfo).getLocalCertificates());
System.out.println(Server certs:  +
((HttpsURLConnectionInfo)connectionInfo).getServerCertificates());
}
}
};
cond.setTrustDecider(mtd);

HTTPClientPolicy pol = new HTTPClientPolicy();
pol.setAllowChunking(false);
cond.setClient(pol);

sei.getXYZ(new SomeRequestType());
##

The result:
Local certs: null

The KeyStore contains exactly one key, but apparently it does not get
transferred.
The remote service tells me (via SOAPFault) that no keys have been
transferred.

Am I missing anything?

Thanks and Regards,
Marko

PS: I'm using v 2.0.5
-- 
View this message in context: 
http://www.nabble.com/SSL-KeyManager-Authentication-tp16718625p16718625.html
Sent from the cxf-user mailing list archive at Nabble.com.