On Sep 4, 2013, at 12:56 PM, cxf_webservice <[email protected]> wrote:
> i am not understanding what you need with respect to a test case, i am trying > to perform mutual authentication using 2 way ssl and i have shared the > scenario as to what i am doing in the first post and as mentioned above the > client cert is not getting sent after server hello done stage of ssl > handshake, i believe that my TLSParameters are getting overwritten or > getting blanked out within which i have initialized the SSL socketfactory. I > was reading the migration guide to 2.7.6 version, HTTPConduit has been > rewritten and some methods have been removed when compared to the same class > present in 2.5.11. > > Will you be able to tell if i am initializing the TLSParameters correctly in > the code above. That is where i believe lies the problem. Not sure why the > client is unable to send the client cert to the server, that can only happen > if the SSL SocketFactory has been nulled out or is not getting called to > initialize the ssl channel, which is properly happening with version 2.5.11. > > DO you want me to attach the full client code here? I've gone ahead and used your code to update the wsdl_first_https sample from the kits and it seems to work OK providing a TrustManager[] is also set on the context. (which may be a requirement of the sample). I've attached the diff below. My suggestion would be to take the wsdl_first_https sample and modify it until you can reproduce your issue. Since the sample works using a variety of methods of configuring the TLS stuff, we have a fairly high confidence that it all works. My 'gut feeling' is that your WSDL has a "http" url in it instead of an https URL. Thus, the configuration of the TLS stuff doesn't apply at that point. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java b/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java index f8e9a6c..602480a 100644 --- a/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java +++ b/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java @@ -23,14 +23,18 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.io.InputStream; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.xml.namespace.QName; @@ -56,8 +60,9 @@ public final class ClientNonSpring { public static void main(String args[]) throws Exception { if (args.length == 0) { - System.out.println("please specify wsdl"); - System.exit(1); + args = new String[] {"src/main/config/hello_world.wsdl", "secure"}; + //System.out.println("please specify wsdl"); + //System.exit(1); } URL wsdlURL; @@ -96,25 +101,48 @@ public final class ClientNonSpring { private static void setupTLS(Greeter port) throws FileNotFoundException, IOException, GeneralSecurityException { - String keyStoreLoc = "src/main/config/clientKeystore.jks"; - HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit(); - - TLSClientParameters tlsCP = new TLSClientParameters(); - String keyPassword = "ckpass"; - KeyStore keyStore = KeyStore.getInstance("JKS"); - keyStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray()); - KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword); - tlsCP.setKeyManagers(myKeyManagers); - - KeyStore trustStore = KeyStore.getInstance("JKS"); - trustStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray()); - TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore); - tlsCP.setTrustManagers(myTrustStoreKeyManagers); + SSLContext sslContext = null; + try { + sslContext = getSSLContext("src/main/config/clientKeystore.jks", "cspass", "ckpass"); + } catch (Exception e) { + e.printStackTrace(); + } + + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSecureSocketProtocol("TLS"); + SSLSocketFactory socketFactory = sslContext.getSocketFactory(); - httpConduit.setTlsClientParameters(tlsCP); + tlsParams.setSSLSocketFactory(socketFactory); + + HTTPConduit conduit = (HTTPConduit) ClientProxy.getClient(port).getConduit(); + conduit.setTlsClientParameters(tlsParams); } + + private static SSLContext getSSLContext(String keyStoreFilePath, + String pStorePassword, + String pKeyPassword) throws Exception { + try { + SSLContext context = SSLContext.getInstance("TLS"); + InputStream keyInput = new FileInputStream(keyStoreFilePath); + KeyStore ks = KeyStore.getInstance("JKS"); + KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509"); + ks.load(keyInput, pStorePassword.toCharArray()); + keyInput.close(); + km.init(ks, pKeyPassword.toCharArray()); + + KeyStore trustStore = KeyStore.getInstance("JKS"); + trustStore.load(new FileInputStream(keyStoreFilePath), "cspass".toCharArray()); + TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore); + + context.init(km.getKeyManagers(), myTrustStoreKeyManagers, new SecureRandom()); + return context; + } catch (Exception e) { + e.printStackTrace(); + } + return null; +} private static TrustManager[] getTrustManagers(KeyStore trustStore) throws NoSuchAlgorithmException, KeyStoreException { String alg = KeyManagerFactory.getDefaultAlgorithm();
