I ´m getting closer I guess... It´s working!!
Now I can make soap calls under an ssl connection, but I´m not sure if the solution I found is the best one. I ´m using "not-yet-commons-ssl project" from http://juliusdavies.ca/commons-ssl. (The soap operation is configured to use ssl with mutual authentication) Here is my code [code] Technique similar to http://juliusdavies.ca/commons-ssl/TrustExample.java.html HttpSecureProtocol protocolSocketFactory = new HttpSecureProtocol(); protocolSocketFactory.addTrustMaterial(new TrustMaterial("cert.pem")); Protocol trustHttps = new Protocol("https", protocolSocketFactory, 443); Protocol.registerProtocol("https", trustHttps); protocolSocketFactory.addTrustMaterial( TrustMaterial.TRUST_ALL ); protocolSocketFactory.addTrustMaterial( new TrustMaterial( "cert.cer", "changeit".toCharArray() ) ); protocolSocketFactory.addTrustMaterial( new KeyMaterial( "cert.pfx", "changeit".toCharArray() ) ); // here's where we start trusting server´s cert: protocolSocketFactory.addTrustMaterial(new TrustMaterial( pemCert )); protocolSocketFactory.setKeyMaterial( new KeyMaterial( "cert.pfx", "changeit".toCharArray() ) ); Protocol.registerProtocol("https", trustHttps); HttpClient httpclient = new HttpClient(); GetMethod httpget = new GetMethod("https://the.server.com/ws/theservice/TheService.asmx?WSDL";); httpclient.executeMethod(httpget); String s = httpget.getStatusLine().toString(); System.out.println( "HTTPClient: " + s ); System.out.println("Response : " + new String(httpget.getResponseBody())); // I can see the wsdl //creating service definition with InputStream InputSource src = new InputSource(httpget.getResponseBodyAsStream()); Definition def = WSDLFactory.newInstance().newWSDLReader().readWSDL(null, src); Client client = new Client(def,null); //there is no problem if I don´t inform the serviceClass, its only a service info here, right?... [/code] As I said before, its working, but I believe there is a more elegant way... What do you think? Ref links : http://juliusdavies.ca/commons-ssl/ssl.html http://juliusdavies.ca/commons-ssl/TrustExample.java.html http://docs.codehaus.org/display/XFIRE/HTTP+Transport Arian ________________________________ De: Ankur Shah [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de junho de 2007 23:58 Para: [email protected] Assunto: Re: [xfire-user] Configuring Two-Way SSL For a Client Application Yogesh, I have similar problem and have seen your solution too. The problem I have is the Protocol.registerProtocol part, i don't want to associate every https request to use my protocolSocketFactory as the factory that i have (it's not using the not yet commons libaries), uses an SSLContext that I supply and creates sockets based on that. Each SSLContext contains keystore and password information which contains information specific to the target server. I understand that the other alternative is to create a custom protocol with host port combination and register that but the problem with that is that all my requests now have to contain the custom protocol scheme which is something i don't want. What i'd like to ideally do is something that's suggested here http://jakarta.apache.org/commons/httpclient/sslguide.html For this to happen though, i'd have to create my own http client and supply that to the xFire proxy client. The problem there is that i'd be replicating the code present in createClient method of the CommonsHttpMessageSender (basically setting up the client with multithreaded connection manager and bunch of other good stuff that the commons class already does). Ankur Yogesh Chawla - PD <[EMAIL PROTECTED]> wrote: Hey, I set up a SSL client that used x509 certs with Xfire using the Not Yet Commons SSL project. Details are here: http://docs.codehaus.org/display/XFIRE/HTTP+Transport --- Arian Rodrigo Pasquali wrote: > My dynamic client must present a certificate to > another server that host a web service within ssl. > > My url : > https://homologacao.nfe.sefaz.rs.gov.br/ws/nferecepcao/NfeRecepcao.asmx?WSDL > > > > > > > But I´ve got this exception when I create the Client > > > > Thread-8, SEND TLSv1 ALERT: fatal, description = > certificate_unknown > > Thread-8, WRITE: TLSv1 Alert, length = 2 > > [Raw write]: length = 7 > > 0000: 15 03 01 00 02 02 2E > ....... > > Thread-8, called closeSocket() > > Thread-8, handling exception: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path > building failed: sun.security. > > provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested > target > > 18:44:09,510 ERROR [WSSender] > sun.security.validator.ValidatorException: PKIX path > building failed: > sun.security.provider.certpath.SunCertPathBuilderE > > xception: unable to find valid certification path to > requested target > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path > building failed: > sun.security.provider.certpath.SunCertPathB > > uilderException: unable to find valid certification > path to requested target > > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) > > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) > > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) > > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) > > at > com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) > > at java.net.URL.openStream(URL.java:1007) > > at > org.codehaus.xfire.client.Client.(Client.java:246) > > at > com.neogrid.integrator.components.ws.WSSender.sendMessage(WSSender.java:169) > > at > com.neogrid.integrator.jbi.SenderLegacyComponent.transform(SenderLegacyComponent.java:61) > > at > org.apache.servicemix.components.util.TransformComponentSupport.onMessageExchange(TransformComponentSupport.java:66) > > at > org.apache.servicemix.jbi.messaging.DeliveryChannelImpl.processInBound(DeliveryChannelImpl.java:624) > > at > org.apache.servicemix.jbi.nmr.flow.AbstractFlow.doRouting(AbstractFlow.java:170) > > at > org.apache.servicemix.jbi.nmr.flow.seda.SedaFlow.doRouting(SedaFlow.java:177) > > at > org.apache.servicemix.jbi.nmr.flow.seda.SedaQueue$1.run(SedaQueue.java:227) > > at > org.apache.geronimo.connector.work.WorkerContext.run(WorkerContext.java:291) > > at > EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(Unknown > Source) > > at java.lang.Thread.run(Thread.java:595) > > > > code > > > > System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol"); > > > System.setProperty("javax.net.debug","all"); > > > System.setProperty("java.security.debug","all"); > > > > > System.setProperty("javax.net.ssl.keyStore", > "D:/work/ncp/integrator/5.0/modules/integrator-components/integrator-component-binding-ws/src/main/java/com/neogrid/integrator/components/ws/security/datasul.jks"); > > > System.setProperty("javax.net.ssl.keyStorePassword", > "datasul"); > > > System.setProperty("javax.net.ssl.trustStore", > "D:/work/ncp/integrator/5.0/modules/integrator-components/integrator-component-binding-ws/src/main/java/com/neogrid/integrator/components/ws/security/datasul.jks"); > > > System.setProperty("javax.net.ssl.trustStorePassword", > "datasul"); > > > > Security.addProvider(new > com.sun.net.ssl.internal.ssl.Provider()); > > > > URL urlEndPoint = new URL(url); > > Client client = new Client(urlEndPoint); <- > exception here > > > > > > I had implement a handler to manipulate the > OutMessages as I saw at xfire samples, but the error > occurs before xfire call my handler. > > > > Any ideia? > > > > Arian Rodrigo Pasquali > Desenvolvimento > [EMAIL PROTECTED] > Tel. +55 (47) 3802-8446 > www.neogrid.com.br > > > > --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
