web service client authorization(.cer and .p12) under Https\SSL CXF SOAP

Wed, 20 Mar 2013 09:41:55 -0700 

Dears,

I used the following steps to connect my code to secure web service through
https with client certificate with apache-cxf-2.6.1,
1- Convert the .p12 file to key store by using this command :-
       keytool -importkeystore -srckeystore /u01/cap01.p12 -srcstoretype
PKCS12 -deststoretype JKS 
       -destkeystore /u01/keystorep12.jks
       Enter destination keystore password:changeit
       Re-enter new password:changeit
       Enter source keystore password:123
    Note :-  The changeit default password for cacerts and 123 is the
private password for cap01.p12
2- Register the root.cer and client.cer into cacerts using the following
commands:-
       keytool -import -trustcacerts -file /u01/cap01.cer -alias client
       -keystore /usr/java/jdk1.7.0_17/jre/lib/security/cacerts
       Enter keystore password:changeit
       keytool -import -trustcacerts -file /u01/root.cer -alias root    
       -keystore /usr/java/jdk1.7.0_17/jre/lib/security/cacerts
       Enter keystore password:changeit

3- Add the client-bean.xml as below

<?xml version="1.0" encoding="UTF-8"?>  
<beans xmlns="http://www.springframework.org/schema/beans";  
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";  
  xmlns:sec="http://cxf.apache.org/configuration/security";  
  xmlns:http-conf="http://cxf.apache.org/transports/http/configuration";  
  xmlns:jaxws="http://cxf.apache.org/jaxws";  
  xsi:schemaLocation="   
           http://cxf.apache.org/configuration/security   
           http://cxf.apache.org/schemas/configuration/security.xsd   
           http://cxf.apache.org/transports/http/configuration   
           http://cxf.apache.org/schemas/configuration/http-conf.xsd   
                   http://cxf.apache.org/jaxws 
                   http://cxf.apache.org/schemas/jaxws.xsd
           http://www.springframework.org/schema/beans   
           http://www.springframework.org/schema/beans/spring-beans.xsd";>  
        
        <jaxws:client id="integrationClient" serviceClass="com.araqa.Palestine"
address="https://10.0.1.101:8443/orderappssl/Palestine"; />
         
        <http-conf:conduit name="*.http-conduit">  
                <http-conf:tlsClientParameters secureSocketProtocol="SSL"
disableCNCheck="true">  
                  <sec:trustManagers>  
                            <sec:keyStore type="JKS" password="changeit"
file="/usr/java/jdk1.7.0_17/jre/lib/security/cacerts" />
                  </sec:trustManagers>                          
                  <sec:keyManagers keyPassword="123">                     
                          <sec:keyStore type="JKS" password="changeit" 
file="u01/keystorep12.jks"
/>  
                  </sec:keyManagers>              
                <sec:cipherSuitesFilter>
                
                        <sec:include>.*_EXPORT_.*</sec:include>
                        <sec:include>.*_EXPORT1024_.*</sec:include>
                        <sec:include>.*_WITH_DES_.*</sec:include>
                        <sec:include>.*_WITH_AES_.*</sec:include>
                        <sec:include>.*_WITH_NULL_.*</sec:include>
                        <sec:exclude>.*_DH_anon_.*</sec:exclude>
                </sec:cipherSuitesFilter>
                </http-conf:tlsClientParameters>  
        </http-conf:conduit>  
        
</beans>  

4- The code I call the client-bean.xml and invoke the certain class and
method at runtime

logger.debug("Begin send message");
ClassPathXmlApplicationContext context = new
ClassPathXmlApplicationContext("/config/client-bean.xml");
char SEP = File.separatorChar;
System.setProperty("javax.net.ssl.keyStore", System.getProperty("java.home")
+ SEP + "lib" + SEP + "security" + SEP + "cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.debug", "ssl, handshake");
Palestine client = (Palestine) context.getBean("integrationClient");            
        
{
    logger.debug("requetMsg :" + request);
    Method method =
client.getClass().getDeclaredMethod(getInterfaceMethod(),
                                new Class[] { Class.forName(getFactoryName()) 
});
    ((BindingProvider)
client).getRequestContext().put(CONNECTION_ESTABLISHED, getTimeOut());
    Response resposne = method.invoke(client, request);
}

but I face this exception :-

%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
http-bio-8081-exec-5, WRITE: SSLv3 Application Data, length = 416
http-bio-8081-exec-5, WRITE: SSLv3 Application Data, length = 32
http-bio-8081-exec-5, WRITE: SSLv3 Application Data, length = 1184
http-bio-8081-exec-5, READ: SSLv3 Application Data, length = 128
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)

        Caused by: javax.xml.stream.XMLStreamException: ParseError at
[row,col]:[1,1]
Message: Premature end of file.
        at
com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.next(XMLStreamReaderImpl.java:598)
        at
com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.nextTag(XMLStreamReaderImpl.java:1238)
        at
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:139)
        at
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:61)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1667)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1520)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1428)
        at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
        at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658)
        at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        ... 42 more
Keep-Alive-Timer, called close()
Keep-Alive-Timer, called closeInternal(true)
Keep-Alive-Timer, SEND SSLv3 ALERT:  warning, description = close_notify
Keep-Alive-Timer, WRITE: SSLv3 Alert, length = 32
Keep-Alive-Timer, called closeSocket(selfInitiated)
Finalizer, called close()
Finalizer, called closeInternal(true)


Regards,







--
View this message in context: 
http://cxf.547215.n5.nabble.com/web-service-client-authorization-cer-and-p12-under-Https-SSL-CXF-SOAP-tp5724876.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to