Re: [JSSESupport] SSL Error getting client Certs

Wed, 08 Oct 2008 17:03:04 -0700 

I have an update, possibly with a solution that I found and works for me.
After googling for a few more hours and trying various things, I found out
that I can eliminate the error and get the method invocation working by:
1. properly (but oddly) setting the id of the HTTP conduit (see below)
2. adding the secureSocketProtocol="SSL" attribute to the
tlsClientParameters element in the xml

About #1, here are my findings, which are a bit odd. If anyone would care to
explain this, maybe I'm misusing the xml... or maybe it's sth for JIRA?

When using a <jaxws:client> element along with the appropriate code to use
it, both of the following conduit IDs work for me:
    <http:conduit name="*.http-conduit">
    <http:conduit name="{http://cxf/}HelloPort.http-conduit";>

BUT: when I don't use a jaxws:client element, and create my service without
Spring, only the first id works, i.e. "*.http-conduit". The other does not
work.

Here is all my code and config:

Let's start with the jaxws client that is created with Spring:

config:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xmlns:sec="http://cxf.apache.org/configuration/security";
       xmlns:http="http://cxf.apache.org/transports/http/configuration";
       xmlns:jaxws="http://cxf.apache.org/jaxws";
       xmlns:soap="http://cxf.apache.org/bindings/soap"; 
       xsi:schemaLocation="
       http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
       http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
       http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
       http://cxf.apache.org/bindings/soap
http://cxf.apache.org/schemas/configuration/soap.xsd
       http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";
>
    <http:conduit name="{http://cxf/}HelloPort.http-conduit";>
    <!-- also works:
    <http:conduit name="*.http-conduit">
    -->
        
        <http:tlsClientParameters disableCNCheck="false"
secureSocketProtocol="SSL">
            <sec:trustManagers>
                <sec:keyStore type="JKS" password="changeit"
                              file="v:/tmp/clienttrust.jks"/>
            </sec:trustManagers>
            <sec:keyManagers keyPassword="changeit">
                <sec:keyStore type="JKS" password="changeit" 
                              file="v:/tmp/clientkey.jks"/>
            </sec:keyManagers>
            <sec:cipherSuitesFilter>
                <sec:include>.*_EXPORT_.*</sec:include>
                <sec:include>.*_EXPORT1024_.*</sec:include>
                <sec:include>.*_WITH_DES_.*</sec:include>
                <sec:include>.*_WITH_NULL_.*</sec:include>
                <sec:exclude>.*_DH_anon_.*</sec:exclude>
            </sec:cipherSuitesFilter>
        </http:tlsClientParameters>
    </http:conduit>
    <jaxws:client id="client1" 
                  serviceClass="cxf.client.Hello" 
                  address="https://mann2:8443/cxf-web-ws/services/hello";
    /> 
    
</beans> 

code:

        ClassPathXmlApplicationContext context = new
ClassPathXmlApplicationContext(
                new String[]{"JaxwsSecureClient.xml"});
        
        Hello port = (Hello)context.getBean("client1");
        // invoke methods here...


 Now the other client:

config:

<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xmlns:sec="http://cxf.apache.org/configuration/security";
       xmlns:http="http://cxf.apache.org/transports/http/configuration";
       xmlns:jaxws="http://java.sun.com/xml/ns/jaxws";
       xsi:schemaLocation="
       http://cxf.apache.org/configuration/security
       http://cxf.apache.org/schemas/configuration/security.xsd
       http://cxf.apache.org/transports/http/configuration
       http://cxf.apache.org/schemas/configuration/http-conf.xsd
       http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
    
    <http:conduit name="*.http-conduit">
    <!-- DOES NOT WORK:
    <http:conduit name="{http://cxf/}HelloPort.http-conduit";>
    -->
      
        <http:tlsClientParameters disableCNCheck="false"
secureSocketProtocol="SSL">
            <sec:trustManagers>
                <sec:keyStore type="JKS" password="changeit"
                              file="v:/tmp/clienttrust.jks"/>
            </sec:trustManagers>
            <sec:keyManagers keyPassword="changeit">
                <sec:keyStore type="JKS" password="changeit" 
                              file="v:/tmp/clientkey.jks"/>
            </sec:keyManagers>
            <sec:cipherSuitesFilter>
                <sec:include>.*_EXPORT_.*</sec:include>
                <sec:include>.*_EXPORT1024_.*</sec:include>
                <sec:include>.*_WITH_DES_.*</sec:include>
                <sec:include>.*_WITH_NULL_.*</sec:include>
                <sec:exclude>.*_DH_anon_.*</sec:exclude>
            </sec:cipherSuitesFilter>
        </http:tlsClientParameters>
    </http:conduit>
</beans> 

code:

        SpringBusFactory bf = new SpringBusFactory();
        URL busFile = null;
        busFile =
Hello_HelloImplPort_Client.class.getResource("/WibbleClient.xml");
        Bus bus = bf.createBus(busFile.toString());
        bf.setDefaultBus(bus);
        cxf.client.HelloService ss = new HelloService(wsdlURL,
SERVICE_NAME);
        cxf.client.Hello port = ss.getHelloImplPort();
        // invoke methods here...

-- 
View this message in context: 
http://www.nabble.com/-JSSESupport--SSL-Error-getting-client-Certs-tp19863789p19889913.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to