Re: HTTPS client configuration using JaxWsProxyFactoryBean

Wed, 11 Jun 2014 15:59:23 -0700 

Wanted to post the solution I found to this here so that it will live on the
Internet for others to find with Google....
For whatever reason...Java would not send my client certificate no matter
all the advice I managed to find on Google.

I had my JaxWsProxyFactoryBean already setup in an xml file with a
WSS4JOutInterceptor that handles encryption and signing of the message
parts, plus a custom OutInterceptor that injects a custom XML header into
every SOAP message.  All that was working fine and then the server switched
to mutual authentication mode required, and I started getting SSL handshake
failures.

What I was able to do was leave the XML alone, and configure the CXF
Client's HTTPConduit using only Java code...

[CODE]
                Client cxfClient = ClientProxy.getClient(service);
                
                HTTPConduit conduit = (HTTPConduit) cxfClient.getConduit();

                //trust any server, quick and easy, not the focus of this 
problem
                TrustManager[] simpleTrustManager = new TrustManager[]{new
X509TrustManager() {
                        public java.security.cert.X509Certificate[] 
getAcceptedIssuers() {
                                return null;
                        }
                        public void 
checkClientTrusted(java.security.cert.X509Certificate[]
certs, String authType) {
                        }
                        public void 
checkServerTrusted(java.security.cert.X509Certificate[]
certs, String authType) {
                        }
                }};

                KeyStore ks = KeyStore.getInstance("PKCS12"); 
                FileInputStream in = new 
FileInputStream("/*KEYSTORE_FILENAME*/"); //.pfx
file exported from IE with private key
                ks.load(in, "/*KEYSTORE_PASSWORD*/".toCharArray());
                in.close();
                KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(ks, 
"/*KEYSTORE_PASSWORD*/".toCharArray());
                KeyManager[] keyManagers = new
KeyManager[]{keyManagerFactory.getKeyManagers()[0]};

                TLSClientParameters tlsParams = new TLSClientParameters();
                tlsParams.setTrustManagers(simpleTrustManager);
                tlsParams.setKeyManagers(keyManagers);
                tlsParams.setSecureSocketProtocol("TLSv1");
                tlsParams.setCertAlias(/*CERT_ALIAS_MATCHING_IN_KEYSTORE*/);
                conduit.setTlsClientParameters(tlsParams);
[/CODE]

Hope this helps someone else who runs into this problem...




--
View this message in context: 
http://cxf.547215.n5.nabble.com/HTTPS-client-configuration-using-JaxWsProxyFactoryBean-tp4914087p5745032.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to