Hi,
I'm trying to access a WS which requires authentication with a certificate.
I generated the client code from the wsdl and wrote following test code:
##
SomeService service = new SomeService();
service.addPort(new QName({urn:someService}Some),
SOAPBinding.SOAP11HTTP_BINDING,
https://a.b.c/d;);
Some sei = service.getSome();
Client client = ClientProxy.getClient(sei);
HTTPConduit cond = (HTTPConduit)client.getConduit();
TLSClientParameters tls = new TLSClientParameters();
tls.setSecureSocketProtocol(SSL);
KeyStore ks = KeyStore.getInstance(pkcs12);
ks.load(getClass().getResourceAsStream(/client-certificates.p12),
xxx.toCharArray());
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, xxx.toCharArray());
tls.setKeyManagers(kmf.getKeyManagers());
KeyStore ks2 = KeyStore.getInstance(JCEKS);
ks2.load(getClass().getResourceAsStream(/server-truststore.jks),
yyy.toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks2);
tls.setTrustManagers(tmf.getTrustManagers());
cond.setTlsClientParameters(tls);
MessageTrustDecider mtd = new MessageTrustDecider(){
@Override
public void establishTrust(String conduitName, URLConnectionInfo
connectionInfo, Message message)
throws UntrustedURLConnectionIOException {
if (connectionInfo instanceof HttpsURLConnectionInfo){
System.out.println(Local certs: +
((HttpsURLConnectionInfo)connectionInfo).getLocalCertificates());
System.out.println(Server certs: +
((HttpsURLConnectionInfo)connectionInfo).getServerCertificates());
}
}
};
cond.setTrustDecider(mtd);
HTTPClientPolicy pol = new HTTPClientPolicy();
pol.setAllowChunking(false);
cond.setClient(pol);
sei.getXYZ(new SomeRequestType());
##
The result:
Local certs: null
The KeyStore contains exactly one key, but apparently it does not get
transferred.
The remote service tells me (via SOAPFault) that no keys have been
transferred.
Am I missing anything?
Thanks and Regards,
Marko
PS: I'm using v 2.0.5
--
View this message in context:
http://www.nabble.com/SSL-KeyManager-Authentication-tp16718625p16718625.html
Sent from the cxf-user mailing list archive at Nabble.com.