Hi, I'm trying to access a WS which requires authentication with a certificate. I generated the client code from the wsdl and wrote following test code:
########################################################## SomeService service = new SomeService(); service.addPort(new QName("{urn:someService}Some"), SOAPBinding.SOAP11HTTP_BINDING, "https://a.b.c/d"); Some sei = service.getSome(); Client client = ClientProxy.getClient(sei); HTTPConduit cond = (HTTPConduit)client.getConduit(); TLSClientParameters tls = new TLSClientParameters(); tls.setSecureSocketProtocol("SSL"); KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(getClass().getResourceAsStream("/client-certificates.p12"), "xxx".toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, "xxx".toCharArray()); tls.setKeyManagers(kmf.getKeyManagers()); KeyStore ks2 = KeyStore.getInstance("JCEKS"); ks2.load(getClass().getResourceAsStream("/server-truststore.jks"), "yyy".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks2); tls.setTrustManagers(tmf.getTrustManagers()); cond.setTlsClientParameters(tls); MessageTrustDecider mtd = new MessageTrustDecider(){ @Override public void establishTrust(String conduitName, URLConnectionInfo connectionInfo, Message message) throws UntrustedURLConnectionIOException { if (connectionInfo instanceof HttpsURLConnectionInfo){ System.out.println("Local certs: " + ((HttpsURLConnectionInfo)connectionInfo).getLocalCertificates()); System.out.println("Server certs: " + ((HttpsURLConnectionInfo)connectionInfo).getServerCertificates()); } } }; cond.setTrustDecider(mtd); HTTPClientPolicy pol = new HTTPClientPolicy(); pol.setAllowChunking(false); cond.setClient(pol); sei.getXYZ(new SomeRequestType()); ########################################################## The result: Local certs: null The KeyStore contains exactly one key, but apparently it does not get transferred. The remote service tells me (via SOAPFault) that no keys have been transferred. Am I missing anything? Thanks and Regards, Marko PS: I'm using v 2.0.5 -- View this message in context: http://www.nabble.com/SSL-KeyManager-Authentication-tp16718625p16718625.html Sent from the cxf-user mailing list archive at Nabble.com.