[
https://issues.apache.org/jira/browse/CXF-8104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16921432#comment-16921432
]
Daniel Schielzeth edited comment on CXF-8104 at 9/3/19 1:37 PM:
----------------------------------------------------------------
As the error appears in the last line (_client = ..._), it does not help much
to add more lines after that. The only thing that changes is that I remove
_properties.put(TLSClientParameters.class.getName(), tlsParams);_ which does
not prevent the _handshake_failure_
As for ksl - it is pur custom KeystoreLoader:
{code:java}
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
public class KeystoreLoader {
public KeyManager[] getKeyManagers(Certficate certficate) throws
IOException, GeneralSecurityException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
FileInputStream fis = new
FileInputStream(certficate.getKeystore_file());
KeyStore ks = KeyStore.getInstance(certficate.getKeystore_type());
ks.load(fis, certficate.getKeystore_password().toCharArray());
fis.close();
kmFact.init(ks, certficate.getKeystore_password().toCharArray());
KeyManager[] kms = kmFact.getKeyManagers();
return kms;
}
public TrustManager[] getTrustManagers(Certficate certficate) throws
IOException, GeneralSecurityException {
String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);
FileInputStream fis = new
FileInputStream(certficate.getTruststore_file());
KeyStore ks = KeyStore.getInstance(certficate.getTruststore_type());
ks.load(fis, certficate.getTruststore_password().toCharArray());
fis.close();
tmFact.init(ks);
TrustManager[] tms = tmFact.getTrustManagers();
return tms;
}
}
{code}
was (Author: daniel.schielzeth):
As the error appears in the last line (_client = ..._), it does not help much
to add more lines after that. The only thing that changes ist that I remove
_properties.put(TLSClientParameters.class.getName(), tlsParams);_ which does
not prevent the _handshake_failure_
As for ksl - it is pur custom KeystoreLoader:
{code:java}
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
public class KeystoreLoader {
public KeyManager[] getKeyManagers(Certficate certficate) throws
IOException, GeneralSecurityException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
FileInputStream fis = new
FileInputStream(certficate.getKeystore_file());
KeyStore ks = KeyStore.getInstance(certficate.getKeystore_type());
ks.load(fis, certficate.getKeystore_password().toCharArray());
fis.close();
kmFact.init(ks, certficate.getKeystore_password().toCharArray());
KeyManager[] kms = kmFact.getKeyManagers();
return kms;
}
public TrustManager[] getTrustManagers(Certficate certficate) throws
IOException, GeneralSecurityException {
String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);
FileInputStream fis = new
FileInputStream(certficate.getTruststore_file());
KeyStore ks = KeyStore.getInstance(certficate.getTruststore_type());
ks.load(fis, certficate.getTruststore_password().toCharArray());
fis.close();
tmFact.init(ks);
TrustManager[] tms = tmFact.getTrustManagers();
return tms;
}
}
{code}
> Can't assign keystore and truststore before connecting
> ------------------------------------------------------
>
> Key: CXF-8104
> URL: https://issues.apache.org/jira/browse/CXF-8104
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.3.11
> Reporter: Daniel Schielzeth
> Priority: Critical
>
> I want to use a SOAP Provider with my java client. The Provider requires a
> Certificate (keystore and truststore). We have tried many ways to make sure
> the certificate is used for the client but it doesn't seem to work. I guess,
> the certificate is set too late. The best we could come up with is
> {code:java}
> KeyStore keyStore = KeyStore.getInstance(cert.getKeystore_type());
> keyStore.load(new FileInputStream(cert.getKeystore_file()),
> cert.getKeystore_password().toCharArray());
> KeyStore trustStore = KeyStore.getInstance(cert.getTruststore_type());
> trustStore.load(new FileInputStream(cert.getTruststore_file()),
> cert.getTruststore_password().toCharArray());
> SSLContext context = initSecurityContext(keyStore, trustStore,
> cert.getKeystore_password());
> SOAPService client = (ListBuyerRequestsReadServicePortType)
> ClientBuilder.newBuilder().register(SOAPService.class).sslContext(context).build();
> {code}
> We get a _javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure_ when assigning the client in the last line.
> Do you know how to do it?
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
