Buenasyesterday I was trying to determine *best price* to get to South America
this year..obrigado Robert for stepping in
public org.apache.commons.ssl.SSLClient client;
public java.security.KeyStore ks =
java.security.KeyStore.getInstance("JKS");public java.security.cert.Certificate
cert = ks.getCertificate(alias);public String
original_keystoreFile="servidor.jks"; //sub in actual location of keystore
filepublic String keystoreFile ="servidor.jks"; //sub in actual location of
keystore filepublic String keystorePass="contrasuena"; //sub in actual password
to keystorepublic String cert_filename="C:\\cacerts"; // sub in actual location
of cacerts filepublic javax.net.ssl.SSLSocket ssl_socket;public
java.util.Properties props = new java.util.Properties();public String
hostURL_for_socket= props.getProperty("HostURL"); //sub in actual HTTP
hostpublic String securePortURL =props.getProperty("SSLHostURL"); //sub in
actual SSL hosttry{ client=new org.apache.commons.ssl.SSLClient(); client =
setup_certificate(client);
System.out.println("SSLClient="+client);}catch(Exception excp){
System.err.println("Cannot setup SSLClient message="+excp.getMessage());
return;}System.out.println("before secure_socket = (SSLSocket)
client.createSocket(hostURL_for_socket,securePortURL )");secure_socket =
(javax.net.ssl.SSLSocket) client.createSocket(hostURL_for_socket,securePortURL
); System.out.println("AFTER client.createSocket
secure_socket="+secure_socket); } catch(UnknownHostException
unknown_host) { System.out.println("UnknownHostException
has been thrown message="+unknown_host.getMessage());
System.out.println("new Socket(hostURL_for_socket="+hostURL_for_socket);
System.out.println("securePortURL="+securePortURL);
System.out.println("client.createSocket(hostURL_for_socket,securePortURL )
throws UnknownHostException has been thrown
message="+unknown_host.getMessage()); }
public org.apache.commons.ssl.SSLClient
setup_certificate(org.apache.commons.ssl.SSLClient client){try{// Let's trust
usual "cacerts" that come with Java. Plus, let's also trust a self-signed
cert// we know of. We may have additional trusted certs inside keystore file.
System.out.println("before client.addTrustMaterial( TrustMaterial.DEFAULT
)"); client.addTrustMaterial( org.apache.commons.ssl.TrustMaterial.DEFAULT
);// client.addTrustMaterial( new org.apache.commons.ssl.TrustMaterial(
"/path/to/self-signed.pem" ) ); try {
System.out.println("before key_material=new
org.apache.commons.ssl.KeyMaterial( keystoreFile,keystorePass.toCharArray()
)");//public org.apache.commons.ssl.KeyMateria(File jksFile,char[] password)
throws GeneralSecurityException,IOException Throws: //GeneralSecurityException
IOException key_material=new
org.apache.commons.ssl.KeyMaterial( new
java.io.File(keystoreFile),(char[])keystorePass.toCharArray() );
} catch(java.security.GeneralSecurityException
general_security_exception) {
System.out.println("key_material=new org.apache.commons.ssl.KeyMaterial( new
java.io.File(keystoreFile),(char[])keystorePass.toCharArray() ) throws
GeneralSecurityException has been thrown
message="+general_security_exception.getMessage());
key_material=null; return null;
}
System.out.println("key_material="+key_material);
System.out.println("addding keystore file ..before
client.addTrustMaterial( key_material )");
if(key_material!=null) client.addTrustMaterial( key_material );
// To be different, let's bypass check the hostname of
the certificate System.out.println("before
client.setCheckHostname( false )"); client.setCheckHostname(
false ); // default setting is "true" for SSLClient
//to be difference lets allow for expired certs (not recommended)
System.out.println("before client.setCheckExpiry( false )");
client.setCheckExpiry( false ); // default setting is "true" for
SSLClient
//lets check against the Certificate Revocation List
System.out.println("before client.setCheckCRL( true )");
client.setCheckCRL( true ); // default setting is "true"
for SSLClient
System.out.println("before key_material=new
org.apache.commons.ssl.KeyMaterial(cert_filename, keystorePass.toCharArray())
where cert_filename="+cert_filename+" keystoreFile="+keystoreFile+"
keystorePass="+keystorePass);
//org.apache.commons.ssl.KeyMaterial(String pathToCerts, String pathToKey,
char[] keystorePass) key_material=new
org.apache.commons.ssl.KeyMaterial(cert_filename, (String)keystoreFile,(char
[])keystorePass.toCharArray());
System.out.println("(Certificate) key_material="+key_material);
// Let's load a client certificate (max: 1 per
SSLClient instance). System.out.println("adding cert to
client ..before client.setKeyMaterial( key_material )");
client.setKeyMaterial( key_material);
cert_filename = "C:\cacerts"; //sub in actual location
of cacerts file original_keystoreFile =
"servidor.jks"; //sub in actual location of server key file
char[] lfstorepass = keystorePass.toCharArray(); //make sure
keystorePass contains actual password for cacerts
char[] lfkeypass = keystorePass.toCharArray(); //make sure keystorePass
contains actual password for key store stored in cacerts (i use //same
password..NOT recommended)
java.security.cert.CertificateFactory cf =
java.security.cert.CertificateFactory.getInstance("X.509");
System.out.println("X.509 CertificateFactory ="+cf);
java.io.FileInputStream cacert_file = new
java.io.FileInputStream(cert_filename);
System.out.println("FileInputStream cacert_file="+cert_filename);
System.out.println("Generating the cert");
java.security.cert.Certificate certificate =
cf.generateCertificate(cacert_file);
System.out.println("closing cacert_file="+cert_filename);
cacert_file.close();
System.out.println("Generating cert chain for
certificate ="+certificate);
java.security.cert.Certificate[] cchain = { certificate };
System.out.println("cchain="+cchain);
System.out.println("loading server key
"+original_keystoreFile); java.io.FileInputStream
original_keystoreFile_file = new
java.io.FileInputStream(original_keystoreFile);
System.out.println("original_keystoreFile_file="+original_keystoreFile_file);
System.out.println("about to load KeyStore ks =
java.security.KeyStore.getInstance(JKS");
java.security.KeyStore ks = java.security.KeyStore.getInstance("JKS");
System.out.println("ks="+ks);
System.out.println("load keystore from
original_keystoreFile_file="+original_keystoreFile_file+"
lfstorepass="+lfstorepass);
ks.load(original_keystoreFile_file, lfstorepass);
//for asymmetric encryption (server and client keys are different) we need to
dig out the private key System.out.println("before
java.security.PrivateKey prk = (java.security.PrivateKey) ks.getKey(lf,
lfkeypass)"); java.security.PrivateKey prk =
(java.security.PrivateKey) ks.getKey(alias, lfkeypass);
System.out.println("private key="+prk);
System.out.println("setting signed key for keystore
ks.setKeyEntry(lf_signed, prk, lfstorepass, cchain)");
ks.setKeyEntry("lf_signed", prk, lfstorepass, cchain);
System.out.println("Store keystore to file");
java.io.FileOutputStream server_key_file = new
java.io.FileOutputStream(original_keystoreFile);
ks.store(server_key_file, keystorePass.toCharArray());
server_key_file.close(); }
catch(java.security.GeneralSecurityException security_exception) {
System.out.println("************************************************************************************************************");
System.out.println("* GeneralSecurityException has been
thrown message="+security_exception.getMessage());
System.out.println("************************************************************************************************************");
} catch(java.io.IOException ioe) {
System.out.println("************************************************************************************************************");
System.out.println("* IOException has been thrown
message="+ioe.getMessage());
System.out.println("************************************************************************************************************");
} catch(java.lang.SecurityException security_excp)
{
System.out.println("************************************************************************************************************");
System.out.println("* SecurityException has been thrown
message="+security_excp.getMessage());
System.out.println("************************************************************************************************************");
} System.out.println("returning SSLClient
client="+client); return client; }
¡Saludos Cordiales desde las Americas!Martín
From: [email protected]
To: [email protected]
Subject: RE: Relative path keystore Axis2
Date: Thu, 28 Apr 2016 13:05:22 +0200
Hi Robert:
Thank you very much for pointing me.
I have performed the following code:
KeyStore theKeystore = null;
try {
InputStream theKeystoreInputStream =
ClassLoader.getSystemResourceAsStream("keysdata.jks");
theKeystore = KeyStore.getInstance("JKS");
theKeystore.load(theKeystoreInputStream, null);
theKeystoreInputStream.close();
} catch (KeyStoreException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE,
null, ex);
} catch (IOException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE,
null, ex);
} catch (NoSuchAlgorithmException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE,
null, ex);
} catch (CertificateException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE,
null, ex);
}
And as far as I have debugged it, theKeystore is not null.
Reaching this point, I have been trying to perform code to use theKeystore but
unfortunately I didn´t reach the solution.
I have surfing on google, and I found some examples using a SecureSocketFactory.
I have done my own SecureSocketFactory and I have told Axis like this
AxisProperties.setProperty("axis.socketSecureFactory","solvenciacenter.webservice.impl.MyCustomSSLSocketFactory");
My call to the web service looks like:
IcTransactionServiceServiceStub service = new
IcTransactionServiceServiceStub(axisContext, endpointURL);
org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties
HTTPProxyProperties = new
org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties();
HTTPProxyProperties.setProxyName(IberdrolaConfigurationManager.getProperty("ws.proxy.host"));
HTTPProxyProperties.setProxyPort(Integer.parseInt(IberdrolaConfigurationManager.getProperty("ws.proxy.port")));
HTTPProxyProperties.setUserName(proxyUser);
HTTPProxyProperties.setPassWord(proxyPassword);
org.apache.axis2.client.Options options =
service._getServiceClient().getOptions();
options.setProperty("PROXY", HTTPProxyProperties);
respuesta = service.submit(peticionA);
And I´m still getting the same error about not finding the certificate.
Could you please point me what I´m understanding wrong?
Thank you very much
Kind regards
> Date: Wed, 27 Apr 2016 12:54:36 -0300
> Subject: Re: Relative path keystore Axis2
> From: [email protected]
> To: [email protected]
>
> On Wed, Apr 27, 2016 at 12:25 PM, Oscar Rugama <[email protected]> wrote:
> > Hi all:
> >
> > I'm developing a web service using axis2 & tomcat .
> >
> <snip>
> > My project could be like that, so at first glance my keystore is placed at
> > the what I thought is the root level, so just writing
> >
> > System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");
> >
> >
> > I thought it should look in the root level. But nothing works (I mean an
> > absolute path yes it works)
> >
>
> I would try to use some form of getResourceAsSteam() . Lots of ways to
> do that. At the axis2 level, you should be able to do something like:
>
> MessageContext.getCurrentMessageContext().getAxisService().getClassLoader().getResourceAsSteam("keysdata.jks");
>
> - R
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
