RE: Client SSL Authentication .... ARGH !!

Thu, 02 Sep 2004 08:04:52 -0700 

I have accomplished the same thing using very similar code.  I did
notice one kind of strange thing; I had to put the SSL System properties
in the Stub where the call was being made or it would fail. 

Here is my code for reference (from my Axis Generated Stub.

System.setProperty("java.protocol.handler.pkgs",
                       "com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

System.setProperty("javax.net.ssl.trustStore",
ApplicationProperties.getProperty("javax.net.ssl.trustStore"));
    
System.setProperty("javax.net.ssl.trustStorePassword",
ApplicationProperties.getProperty("javax.net.ssl.trustStorePassword"));

System.setProperty("javax.net.ssl.keyStore",
ApplicationProperties.getProperty("javax.net.ssl.keyStore"));
    
System.setProperty("javax.net.ssl.keyStorePassword",
ApplicationProperties.getProperty("javax.net.ssl.keyStorePassword"));

-----Original Message-----
From: Hugo Giguere [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 02, 2004 7:52 AM
To: [EMAIL PROTECTED]
Subject: Re: Client SSL Authentication .... ARGH !!

Use the Commons HttpClients and It will works.



On Thu, 02 Sep 2004 10:08:35 +0100, Steve Webbo <[EMAIL PROTECTED]>
wrote:
> Hi All,
> 
> This is driving me insane....I have a java web-service based on Axis
running
> under Websphere v4 and IBM HTTP Server (aka Apache).
> 
> I have configured SSL on the web server and this works fine.  I now
want to
> go one step further and configure the web-server for client
certification
> based authentication.  I have confuigured the web-server to require a
client
> certificate and proven this to be working by querying my web-service
via my
> browser, passing the appropriate certificate.
> 
> Now I want to code my java client application to do the same thing.  I
> started out the same way, got the Axis client working under plain old
SSL -
> No problem.  But I cannot get the client to pass the certificate to
the
> web-server.  This means I keep getting 403 forbidden errors.  To
further
> prove this I can see "Client did not supply a certificate" in the web
server
> error log.
> 
> I have read lots of posts around setting System properties to define
> keystores and passwords etc but still cannot get it to work.  Based on
the 2
> examples below I have come to the conclussion that it is the process
of
> telling Axis where to look for the keystore is the problem as I did a
basic
> URL reader application that just uses java.net.URL to read the results
of
> the web-service and that works fine.
> 
> Please help...I really don't have any clues left.
> 
> I'm using the IBM JSSE implementation as to try and overide that with
the
> Sun JSSE within websphere is also near on impossible.
> 
> Thanks in advance,
> 
> WEBBO
> 
> Code snippets:
> 
> ==== THIS WORKS =====
> 
>
System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
>
System.setProperty("javax.net.ssl.keyStorePassword","mypassword");
> 
>
System.setProperty("java.protocol.handler.pkgs",
> "com.ibm.net.ssl.internal.www.protocol");
>                         Security.addProvider(new
com.ibm.jsse.JSSEProvider());
> 
>                         URL url = new
URL("https://myserver.com/servlet/myService?method=test";);
>                         BufferedReader in = new BufferedReader(
>                                                 new InputStreamReader(
>                                                 url.openStream()));
> 
>                         String inputLine;
> 
>                         while ((inputLine = in.readLine()) != null)
>                                 System.out.println(inputLine);
> 
>                         in.close();
> 
> ==== THIS DOESN'T ====
> 
>                         String endpoint =
"https://myserver.com/service/myService?method=test";;
> 
>
System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
>
System.setProperty("javax.net.ssl.keyStorePassword","mypassword");
>
System.setProperty("java.protocol.handler.pkgs",
> "com.ibm.net.ssl.internal.www.protocol");
>                         Security.addProvider(new
com.ibm.jsse.JSSEProvider());
> 
>                         System.out.println("Creating my temp URL
Object");
>                         URL tURL = new URL (endpoint);
>                         System.out.println ("Done");
> 
>                         Service service = new Service();
>                         Call call = (Call) service.createCall();
> 
>                         call.setTargetEndpointAddress(tURL);
> 
>                         QName qn   = new QName( "http://me.com";,
"myType" );
>
call.registerTypeMapping(WebspherePlatform.class, qn,
>                                 new
org.apache.axis.encoding.ser.BeanSerializerFactory
>                                   (WebspherePlatform.class, qn),
>                                 new
org.apache.axis.encoding.ser.BeanDeserializerFactory
>                                   (WebspherePlatform.class, qn));
>                         call.setOperationName("getMyDetails");
> 
>                         myType ty = (myType) call.invoke(new Object[]
{});
> 
> _________________________________________________________________
> Want to block unwanted pop-ups? Download the free MSN Toolbar now!
> http://toolbar.msn.co.uk/
> 
>

Reply via email to