After doing some more investigation on this, i've decided to go this route.
http://archive.xfire.codehaus.org/user/07DE814B11E00B4F9EE7CD75AE4573780208BBD4%40superfly.netflix.com
the problem with your approach as i had mentioned earlier is
Protocol.registerProtocol, this will essentially register your custom socket
factory for all https requests. That is something i don't want, i'd ideally
like to provide a factory per host/port or per connections.
Ankur
Arian Rodrigo Pasquali <[EMAIL PROTECTED]> wrote: v\:*
{behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:*
{behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} I
´m getting closer I guess
It´s working!!
Now I can make soap calls under an ssl connection, but I´m not sure if the
solution I found is the best one.
I ´m using not-yet-commons-ssl project from
http://juliusdavies.ca/commons-ssl.
(The soap operation is configured to use ssl with mutual authentication)
Here is my code
[code]
Technique similar to http://juliusdavies.ca/commons-ssl/TrustExample.java.html
HttpSecureProtocol protocolSocketFactory = new HttpSecureProtocol();
protocolSocketFactory.addTrustMaterial(new TrustMaterial(cert.pem));
Protocol trustHttps = new Protocol("https", protocolSocketFactory, 443);
Protocol.registerProtocol("https", trustHttps);
protocolSocketFactory.addTrustMaterial( TrustMaterial.TRUST_ALL );
protocolSocketFactory.addTrustMaterial( new TrustMaterial( "cert.cer",
"changeit".toCharArray() ) );
protocolSocketFactory.addTrustMaterial( new KeyMaterial( "cert.pfx",
"changeit".toCharArray() ) );
// here's where we start trusting server´s cert:
protocolSocketFactory.addTrustMaterial(new TrustMaterial( pemCert ));
protocolSocketFactory.setKeyMaterial( new KeyMaterial( "cert.pfx",
"changeit".toCharArray() ) );
Protocol.registerProtocol("https", trustHttps);
HttpClient httpclient = new HttpClient();
GetMethod httpget = new
GetMethod("https://the.server.com/ws/theservice/TheService.asmx?WSDL";);
httpclient.executeMethod(httpget);
String s = httpget.getStatusLine().toString();
System.out.println( "HTTPClient: " + s );
System.out.println("Response : " + new
String(httpget.getResponseBody())); // I can see the wsdl
//creating service definition with InputStream
InputSource src = new InputSource(httpget.getResponseBodyAsStream());
Definition def =
WSDLFactory.newInstance().newWSDLReader().readWSDL(null, src);
Client client = new Client(def,null); //there is no problem if I don´t
inform the serviceClass, its only a service info here, right?...
[/code]
As I said before, its working, but I believe there is a more elegant way...
What do you think?
Ref links :
http://juliusdavies.ca/commons-ssl/ssl.html
http://juliusdavies.ca/commons-ssl/TrustExample.java.html
http://docs.codehaus.org/display/XFIRE/HTTP+Transport
Arian
---------------------------------
De: Ankur Shah [mailto:[EMAIL PROTECTED]
Enviada em: quarta-feira, 13 de junho de 2007 23:58
Para: [email protected]
Assunto: Re: [xfire-user] Configuring Two-Way SSL For a Client Application
Yogesh,
I have similar problem and have seen your solution too. The problem I have is
the Protocol.registerProtocol part, i don't want to associate every https
request to use my protocolSocketFactory as the factory that i have (it's not
using the not yet commons libaries), uses an SSLContext that I supply and
creates sockets based on that. Each SSLContext contains keystore and password
information which contains information specific to the target server.
I understand that the other alternative is to create a custom protocol with
host port combination and register that but the problem with that is that all
my requests now have to contain the custom protocol scheme which is something i
don't want.
What i'd like to ideally do is something that's suggested here
http://jakarta.apache.org/commons/httpclient/sslguide.html
For this to happen though, i'd have to create my own http client and supply
that to the xFire proxy client. The problem there is that i'd be replicating
the code present in createClient method of the CommonsHttpMessageSender
(basically setting up the client with multithreaded connection manager and
bunch of other good stuff that the commons class already does).
Ankur
Yogesh Chawla - PD <[EMAIL PROTECTED]> wrote:
Hey,
I set up a SSL client that used x509 certs with Xfire
using the Not Yet Commons SSL project. Details are
here:
http://docs.codehaus.org/display/XFIRE/HTTP+Transport
--- Arian Rodrigo Pasquali
wrote:
> My dynamic client must present a certificate to
> another server that host a web service within ssl.
>
> My url :
>
https://homologacao.nfe.sefaz.rs.gov.br/ws/nferecepcao/NfeRecepcao.asmx?WSDL
>
>
>
>
>
>
> But I´ve got this exception when I create the Client
>
>
>
> Thread-8, SEND TLSv1 ALERT: fatal, description =
> certificate_unknown
>
> Thread-8, WRITE: TLSv1 Alert, length = 2
>
> [Raw write]: length = 7
>
> 0000: 15 03 01 00 02 02 2E
> .......
>
> Thread-8, called closeSocket()
>
> Thread-8, handling exception:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path
> building failed: sun.security.
>
> provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested
> target
>
> 18:44:09,510 ERROR [WSSender]
> sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderE
>
> xception: unable to find valid certification path to
> requested target
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathB
>
> uilderException: unable to find valid certification
> path to requested target
>
> at
>
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>
> at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
>
> at
>
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
>
> at
>
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
>
> at
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
>
> at
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>
> at
>
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>
> at
>
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
>
> at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
>
> at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
>
> at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
>
> at
>
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
>
> at
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
>
> at
>
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
>
> at
>
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
>
> at java.net.URL.openStream(URL.java:1007)
>
> at
>
org.codehaus.xfire.client.Client.(Client.java:246)
>
> at
>
com.neogrid.integrator.components.ws.WSSender.sendMessage(WSSender.java:169)
>
> at
>
com.neogrid.integrator.jbi.SenderLegacyComponent.transform(SenderLegacyComponent.java:61)
>
> at
>
org.apache.servicemix.components.util.TransformComponentSupport.onMessageExchange(TransformComponentSupport.java:66)
>
> at
>
org.apache.servicemix.jbi.messaging.DeliveryChannelImpl.processInBound(DeliveryChannelImpl.java:624)
>
> at
>
org.apache.servicemix.jbi.nmr.flow.AbstractFlow.doRouting(AbstractFlow.java:170)
>
> at
>
org.apache.servicemix.jbi.nmr.flow.seda.SedaFlow.doRouting(SedaFlow.java:177)
>
> at
>
org.apache.servicemix.jbi.nmr.flow.seda.SedaQueue$1.run(SedaQueue.java:227)
>
> at
>
org.apache.geronimo.connector.work.WorkerContext.run(WorkerContext.java:291)
>
> at
>
EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(Unknown
> Source)
>
> at java.lang.Thread.run(Thread.java:595)
>
>
>
> code
>
>
>
>
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
>
>
> System.setProperty("javax.net.debug","all");
>
>
> System.setProperty("java.security.debug","all");
>
>
>
>
> System.setProperty("javax.net.ssl.keyStore",
>
"D:/work/ncp/integrator/5.0/modules/integrator-components/integrator-component-binding-ws/src/main/java/com/neogrid/integrator/components/ws/security/datasul.jks");
>
>
> System.setProperty("javax.net.ssl.keyStorePassword",
> "datasul");
>
>
> System.setProperty("javax.net.ssl.trustStore",
>
"D:/work/ncp/integrator/5.0/modules/integrator-components/integrator-component-binding-ws/src/main/java/com/neogrid/integrator/components/ws/security/datasul.jks");
>
>
>
System.setProperty("javax.net.ssl.trustStorePassword",
> "datasul");
>
>
>
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>
>
>
> URL urlEndPoint = new URL(url);
>
> Client client = new Client(urlEndPoint); <-
> exception here
>
>
>
>
>
> I had implement a handler to manipulate the
> OutMessages as I saw at xfire samples, but the error
> occurs before xfire call my handler.
>
>
>
> Any ideia?
>
>
>
> Arian Rodrigo Pasquali
> Desenvolvimento
> [EMAIL PROTECTED]
> Tel. +55 (47) 3802-8446
> www.neogrid.com.br
>
>
>
>
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
