I'd like to understand better what's happening here and I think I can help.
Can you please explain the first few paragraphs in baby steps so that I can understand the exact problem? Is the problem that you can't specify the socket factory that Axis will use? Have you looked at the properties axis.SocketFactory and axis.socketSecureFactory? If you could take just a few minutes, it would be great. Thanks, Gary > -----Original Message----- > From: Stuart Miller [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 17, 2003 2:21 AM > To: '[EMAIL PROTECTED]' > Subject: SecureSocketFactory pluggability? > > > The Axis framework seems pluggable with respect to > SocketFactories, as was JSSE prior to the JDK 1.4. Now with > JDK 1.4, I cannot swap SocketFactory impls (via java.security > file) due to US export regulations. > > With the out-of-the-box JSSESocketFactory, I can alter the > System properties 'javax.net.ssl.xxx' to point it to my > trust/cert stores, and tell it the passwords. However, what > if I need a different cert/trust store for each client? > > If I could tell Java/Axis to use the SunJSSESocketFactory (or > my own version), then I could build a Hashtable of properties > specifying 'keystore' 'keyStorePass', etc. But alas, I > cannot with JDK1.4 > > eg. SecureSocketFactory ssf = > (SecureSocketFactory)SocketFactoryFactory.getFactory("https", > myProps); > > So I'm left with > System.setProperty("javax.net.ssl.xxx", "xyz"); > > as the only way to tell Aix which CA's to trust and which > client certs it can use. But I assume these properties are > only read once.. the first time the SocketFactory for HTTPS > is created. Even if not, changing them at run-time is not > safe due to multiple clients running at the same time. > > Furhtermore, when I use wsdl2java to generate Java stubs, I > seem to be completely insulated from any ability to change > SSL environment things such as trustStore and keyStore. It's > all automatic and hidden. > > Has someone any idea of how I can do what I'm trying to do? > > Can I, for example, alter the SSL connection parameters in > the context of some Stub (ie. access the SecureSocket being > used)? Something like this... > > SSLContext.getInstance("SSL").init(keyMgrs, trustMgrs, secureRandom); > > ...only synchronized in a way that prevents other clients > from connecting with these params until i'm done? > > Any help is greatly appreciated. I have connections working > fine, including client-auth, but I [seem to] lack the ability > to have different settings for each client in a single VM. > > Stuart >
