SSL KeyManager Authentication

mmocnik Wed, 16 Apr 2008 01:16:04 -0700

Hi,

I'm trying to access a WS which requires authentication with a certificate.
I generated the client code from the wsdl and wrote following test code:


##########################################################
SomeService service = new SomeService();
service.addPort(new QName("{urn:someService}Some"),
                        SOAPBinding.SOAP11HTTP_BINDING,
                        "https://a.b.c/d";);
Some sei = service.getSome();
        
Client client = ClientProxy.getClient(sei);
HTTPConduit cond = (HTTPConduit)client.getConduit();
TLSClientParameters tls = new TLSClientParameters();
tls.setSecureSocketProtocol("SSL");

KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(getClass().getResourceAsStream("/client-certificates.p12"),
"xxx".toCharArray());
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "xxx".toCharArray());
tls.setKeyManagers(kmf.getKeyManagers());
        
KeyStore ks2 = KeyStore.getInstance("JCEKS");
ks2.load(getClass().getResourceAsStream("/server-truststore.jks"),
"yyy".toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks2);
tls.setTrustManagers(tmf.getTrustManagers());
                
cond.setTlsClientParameters(tls);

MessageTrustDecider mtd = new MessageTrustDecider(){
        @Override
    public void establishTrust(String conduitName, URLConnectionInfo
connectionInfo, Message message)
                        throws UntrustedURLConnectionIOException {
                if (connectionInfo instanceof HttpsURLConnectionInfo){
                System.out.println("Local certs: " +
((HttpsURLConnectionInfo)connectionInfo).getLocalCertificates());
                System.out.println("Server certs: " +
((HttpsURLConnectionInfo)connectionInfo).getServerCertificates());
                }
    }
};
cond.setTrustDecider(mtd);
        
HTTPClientPolicy pol = new HTTPClientPolicy();
pol.setAllowChunking(false);
cond.setClient(pol);
                
sei.getXYZ(new SomeRequestType());
##########################################################

The result:
Local certs: null

The KeyStore contains exactly one key, but apparently it does not get
transferred.
The remote service tells me (via SOAPFault) that no keys have been
transferred.

Am I missing anything?

Thanks and Regards,
Marko

PS: I'm using v 2.0.5
-- 
View this message in context: 
http://www.nabble.com/SSL-KeyManager-Authentication-tp16718625p16718625.html
Sent from the cxf-user mailing list archive at Nabble.com.

SSL KeyManager Authentication

Reply via email to