Re: how to enable ssl programmatically on the client

[Arul Dhesiaseelan]

Can you try this?

     TLSClientParameters tlsParams = new TLSClientParameters();
     tlsParams.setDisableCNCheck(true);
    
     KeyStore keyStore = KeyStore.getInstance("JKS");
     String trustpass = "password";//provide trust pass
     File truststore = new File("truststore.jks");//provide your truststore
     keyStore.load(new FileInputStream(truststore), 
trustpass.toCharArray());
     TrustManagerFactory trustFactory = 
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
     trustFactory.init(keyStore);
     TrustManager[] tm = trustFactory.getTrustManagers();
     tlsParams.setTrustManagers(tm);

     truststore = new File("client.jks");//provide you client store
     keyStore.load(new FileInputStream(truststore), 
trustpass.toCharArray());
     KeyManagerFactory keyFactory = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
     keyFactory.init(keyStore, trustpass.toCharArray());
     KeyManager[] km = keyFactory.getKeyManagers();
     tlsParams.setKeyManagers(km);

     FiltersType filter = new FiltersType();
     filter.getInclude().add(".*_EXPORT_.*");
     filter.getInclude().add(".*_EXPORT1024_.*");
     filter.getInclude().add(".*_WITH_DES_.*");
     filter.getInclude().add(".*_WITH_NULL_.*");
     filter.getExclude().add(".*_DH_anon_.*");
     tlsParams.setCipherSuitesFilter(filter);//set all the needed 
include and exclude filters.

     httpConduit.setTlsClientParameters(tlsParams);

Cheers,
Arul


Tedman Leung wrote:
So I'm still stuck with no leads what so ever, 

So far I've managed to check that my server seems to be OK, both my http 
and https ports are running when I check it with a browser, and my https 
webservice is running and I can run the method with a web browser so 
everything on the server appears to be fine.

The client however, appears to be configured the same way all the other 
examples I've seen posted but it just doesn't work. It appears that none 
of the configuration changes I make have any affect what so ever on the 
error message.

My current test client is as follows :

        public static void main(String... argv) throws Exception
        {
                System.setProperty("javax.net.debug", "ALL");
                System.setProperty("javax.net.ssl.trustStore", 
"/tmp/truststore");

                HelloWorldWsService service = new HelloWorldWsService();

                HelloWorldWs helloWorld = service.getHelloWorldWsPort();
                System.err.println("ENDPOINT: 
"+((BindingProvider)helloWorld).getRequestContext().get(BindingProvider.ENDPOINT_ADDRESS_PROPERTY));
                
                Client cxfClient = ClientProxy.getClient(helloWorld);
                HTTPConduit httpConduit = (HTTPConduit)cxfClient.getConduit();

                TLSClientParameters tslClientParameters = 
httpConduit.getTlsClientParameters();
                if (tslClientParameters == null) tslClientParameters = new 
TLSClientParameters();
                TrustAllManager[] tam = { new TrustAllManager() };
                tslClientParameters.setTrustManagers(tam);
                tslClientParameters.setSecureSocketProtocol("SSL");
                httpConduit.setTlsClientParameters(tslClientParameters);

                System.err.println(helloWorld.helloWorld());
                System.err.println(helloWorld.helloWorld2("foo"));
        }

When I run it, I can see my trusted certificate is loaded. I also tested 
my truststore by using apache/HttpClient and I can connect to the server 
fine and get raw output from the server.

I've also added a "trust everything" manager in there and it seems to have 
no effect. As a matter of fact, I can remove all the HTTPConduit and 
TLSClientParameters configuration lines and I still get the exact same 
"Unconnected sockets not implemented" error. There's nothing pointing to 
what exactly is wrong...

anyone have any luck programmatically configuring the client or ssl?


  
So based on what you previously said, I had to reconfigure my server, so both HTTP 
and HTTPS are running but now I've reconfigured the end point i.e.

        <jaxws:endpoint implementor="org.xxx.ws.HelloWorldWs"
	 address="/HelloWorldService" 
	 publishedEndpointUrl="https://127.0.0.1:8086/xxx/ws/HelloWorldService"/>	

Now if I check the wsdl using my browser it shows 

        <wsdl:port binding="tns:HelloWorldWsServiceSoapBinding" 
name="HelloWorldWsPort">
           <soap:address 
location="https://127.0.0.1:8086/xxxx/ws/HelloWorldService"/>
        </wsdl:port>

which I assume to be what I need.

I've now changed the client to be :

        public static void main(String... argv) throws Exception
        {
                HelloWorldWsService service = new HelloWorldWsService();

                HelloWorldWs helloWorld = service.getHelloWorldWsPort();
                Client cxfClient = ClientProxy.getClient(helloWorld);
                HTTPConduit httpConduit = (HTTPConduit)cxfClient.getConduit();

                TLSClientParameters tslClientParameters = new 
TLSClientParameters();
                tslClientParameters.setSecureSocketProtocol("SSL");
                httpConduit.setTlsClientParameters(tslClientParameters);

                HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
                httpClientPolicy.setConnectionTimeout(36000);
                httpClientPolicy.setAllowChunking(false);
                httpClientPolicy.setReceiveTimeout(32000);
                httpConduit.setClient(httpClientPolicy);

                System.err.println(helloWorld.helloWorld());
                System.err.println(helloWorld.helloWorld2("foo"));
        }

Now, when I run it, it gets a little further but my new error is :

        org.apache.cxf.interceptor.Fault: Unconnected sockets not implemented
                at 
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:93)
                ...
        Caused by: com.ctc.wstx.exc.WstxIOException: Unconnected sockets not 
implemented
                at 
com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
                at 
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:91)
                ...
        Caused by: java.net.SocketException: Unconnected sockets not implemented
                at javax.net.SocketFactory.createSocket(SocketFactory.java:97)
                at 
sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:360)
                ...
        Caused by: org.apache.cxf.interceptor.Fault: Unconnected sockets not 
implemented
                at 
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:93)
                ...


The line it errors on is actually the 

                System.err.println(helloWorld.helloWorld());

line. I couldn't find anything searching the internet on "Unconnected sockets not 
implemented" (except a bunch of amq items). I can't really find anything else that 
tells me what is wrong or what is configured wrong.

Any information is appreciated, thanks.
 -- 
                                                           Ted Leung
                                                           [EMAIL PROTECTED]

// /*
You know things are getting a little fishy when you're commenting out 
comments.
// */