I did this:
// settings for client-auth
via certs.
// Truststore
System.setProperty("javax.net.ssl.trustStore","/home/atrieger/workspaces/trieger_rootca_truststore.jks");
// missing type-setting here because
default type is jks
System.setProperty("javax.net.ssl.trustStorePassword","XXXXXXXXX");
// Keystore
System.setProperty("javax.net.ssl.keyStore","/home/atrieger/workspaces/xmlclient4.p12");
System.setProperty("javax.net.ssl.keyStoreType","PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword","XXXXXXXXXX");
// use Sun's reference implementation
of a URL handler for the "https" URL protocol type.
// debugtrieger, note this is what
the jsse docs say to do either here or command line
// when this is run with -Dblablabla=this.thing.below
//System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// dynamically register sun's ssl provider
// debugtrieger, also note:
just like above, this can also be done in the
// security/java.policy
or something file according to jsse install docs.
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
try {
soapRouterURL= new URL("https://"
+ host + ":" + port + "/soap/servlet/rpcrouter") ;
resp = call.invoke(soapRouterURL,"");
if (resp.generatedFault()
== false) {
System.out.println("no
faults generated.");
// dangerous, check to make sure its a string first.
answer = (String)(resp.getReturnValue().getValue());
//h = (Hashtable)(resp.getReturnValue().getValue());
} else {
// there was
a fault.
System.out.println("A
fault was generated: "+resp.getFault().toString());
}
} catch (SOAPException e) {
System.out.println("Soap
Exception raised in authenticate: ["+e.getMessage()+"]");
} catch (java.net.MalformedURLException
e ) {
System.out.println("Malformed
URL exception caught in authenticate: "+e.getMessage());
}
System.out.println("answer is: "+answer);
System.out.println("hashtable is:
"+h);
//return auth;
}
}
Which is a soap rpc-style client that not only talks over SSL to
the soap server, but also has a local certificate that authenticates itself,
the server requires clients to prove their identity with certificates.
(its an iplanet 6.0 server).
I had a hard time getting this to work, but finally realized that
my truststore should have the trusted root CA in it, and I was having
problems with my java $HOME/.keystore file with keys made using keytool,
so i finally had a browser with a key in it that was the identity i wanted
to use, I exported that key into a pkcs12 file and i use that file
as my keystore, referenced in the code above.
the basic idea here is that because the URL is "https..." instead of
http, it will use the providers associated with https set in the System
properties above it. you dont need the truststore/keystore jazz if
you're not doing client authentication, and just talking to some ssl server.
hope this helps...
Drew
pop m wrote:
Hi
! I
have the client.keystore and server.keystore files.
Can anyone
send me a part of a soap client code example where SSl is being integrated
with the code.My soap client looks like :................... try
{
Call call = new Call();
call.setTargetObjectURI("urn:" + m_service);
call.setMethodName("select_vegreh");
call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
// where should I implement SSL and how can I test it , if it data is encoded
indeed !
URL url = new URL (m_http);..............................................
Üdv. Pop
Marius L.
--
---
