You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-dev@ws.apache.org by pop m <po...@regens.hu> on 2002/04/19 16:05:12 UTC
SOAP and SSL HELP
Hi !
I have the client.keystore and server.keystore files.
Can anyone send me a part of a soap client code example where SSl is being integrated with the code.
My soap client looks like :
...................
try {
Call call = new Call();
call.setTargetObjectURI("urn:" + m_service);
call.setMethodName("select_vegreh");
call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
// where should I implement SSL and how can I test it , if it data is encoded indeed !
URL url = new URL (m_http);
..............................................
Üdv. Pop Marius L.
Re: SOAP and SSL HELP
Posted by Andrew Trieger <at...@yahoo.com>.
oh yeah, there are some great docs in the jsse. examples and stuff,
check out the jdk1.4.0 docs at java.sun.com and find the jsse specific
stuff. its not soap-specific, but enabling SSL in a java program has
nothing to do with soap, the two are really nicely separated.
Drew
Re: SOAP and SSL HELP
Posted by Andrew Trieger <at...@yahoo.com>.
oh yeah, there are some great docs in the jsse. examples and stuff,
check out the jdk1.4.0 docs at java.sun.com and find the jsse specific
stuff. its not soap-specific, but enabling SSL in a java program has
nothing to do with soap, the two are really nicely separated.
Drew
Re: SOAP and SSL HELP
Posted by pop m <po...@regens.hu>.
First of all , I would thank you for your answer.
I've tried to configure my soap client as you have written in your example as you see below:
...... ...... ...... ...... ...... ...... ...... ......
// settings for client-authentication via certificates.
// for trustStore we need client.keystore ??? I think
System.setProperty("javax.net.ssl.trustStore","C:\java_sources\jsse\key\client.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","XXXXXXXX");
// Keystore
// I don't understand what I need to put here. M yserver.keystore ? It is imlemented in my Orion app. // server,
//System.setProperty("javax.net.ssl.keyStore","/home/atrieger/workspaces/xmlclient4.p12");
//System.setProperty("javax.net.ssl.keyStoreType","PKCS12");
//System.setProperty("javax.net.ssl.keyStorePassword","XXXXXXXX");
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
m_https = "https://" + m_host + ":" + m_port + "/regens_app/servlet/rpcrouter";
URL url = new URL (m_https);
...... ...... ...... ...... ...... ...... ...... ......
but, I haven't enjoyed, I always get an Exception :
Caught SOAPException (SOAP-ENV:Client): Error opening socket: null
Any ideas !
Regards Pop Marius L.
----- Original Message -----
From: Andrew Trieger
To: soap-dev@xml.apache.org
Sent: Friday, April 19, 2002 2:16 PM
Subject: Re: SOAP and SSL HELP
I did this:
// settings for client-auth via certs.
// Truststore
System.setProperty("javax.net.ssl.trustStore","/home/atrieger/workspaces/trieger_rootca_truststore.jks");
// missing type-setting here because default type is jks
System.setProperty("javax.net.ssl.trustStorePassword","XXXXXXXXX");
// Keystore
System.setProperty("javax.net.ssl.keyStore","/home/atrieger/workspaces/xmlclient4.p12");
System.setProperty("javax.net.ssl.keyStoreType","PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword","XXXXXXXXXX");
// use Sun's reference implementation of a URL handler for the "https" URL protocol type.
// debugtrieger, note this is what the jsse docs say to do either here or command line
// when this is run with -Dblablabla=this.thing.below
//System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// dynamically register sun's ssl provider
// debugtrieger, also note: just like above, this can also be done in the
// security/java.policy or something file according to jsse install docs.
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
try {
soapRouterURL= new URL("https://" + host + ":" + port + "/soap/servlet/rpcrouter") ;
resp = call.invoke(soapRouterURL,"");
if (resp.generatedFault() == false) {
System.out.println("no faults generated.");
// dangerous, check to make sure its a string first.
answer = (String)(resp.getReturnValue().getValue());
//h = (Hashtable)(resp.getReturnValue().getValue());
} else {
// there was a fault.
System.out.println("A fault was generated: "+resp.getFault().toString());
}
} catch (SOAPException e) {
System.out.println("Soap Exception raised in authenticate: ["+e.getMessage()+"]");
} catch (java.net.MalformedURLException e ) {
System.out.println("Malformed URL exception caught in authenticate: "+e.getMessage());
}
System.out.println("answer is: "+answer);
System.out.println("hashtable is: "+h);
//return auth;
}
}
Which is a soap rpc-style client that not only talks over SSL to the soap server, but also has a local certificate that authenticates itself, the server requires clients to prove their identity with certificates. (its an iplanet 6.0 server).
I had a hard time getting this to work, but finally realized that my truststore should have the trusted root CA in it, and I was having problems with my java $HOME/.keystore file with keys made using keytool, so i finally had a browser with a key in it that was the identity i wanted to use, I exported that key into a pkcs12 file and i use that file as my keystore, referenced in the code above.
the basic idea here is that because the URL is "https..." instead of http, it will use the providers associated with https set in the System properties above it. you dont need the truststore/keystore jazz if you're not doing client authentication, and just talking to some ssl server.
hope this helps...
Drew
pop m wrote:
Hi ! I have the client.keystore and server.keystore files. Can anyone send me a part of a soap client code example where SSl is being integrated with the code.My soap client looks like :................... try { Call call = new Call(); call.setTargetObjectURI("urn:" + m_service);
call.setMethodName("select_vegreh");
call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC); // where should I implement SSL and how can I test it , if it data is encoded indeed ! URL url = new URL (m_http);.............................................. Üdv. Pop Marius L.
--
---
Re: SOAP and SSL HELP
Posted by pop m <po...@regens.hu>.
First of all , I would thank you for your answer.
I've tried to configure my soap client as you have written in your example as you see below:
...... ...... ...... ...... ...... ...... ...... ......
// settings for client-authentication via certificates.
// for trustStore we need client.keystore ??? I think
System.setProperty("javax.net.ssl.trustStore","C:\java_sources\jsse\key\client.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","XXXXXXXX");
// Keystore
// I don't understand what I need to put here. M yserver.keystore ? It is imlemented in my Orion app. // server,
//System.setProperty("javax.net.ssl.keyStore","/home/atrieger/workspaces/xmlclient4.p12");
//System.setProperty("javax.net.ssl.keyStoreType","PKCS12");
//System.setProperty("javax.net.ssl.keyStorePassword","XXXXXXXX");
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
m_https = "https://" + m_host + ":" + m_port + "/regens_app/servlet/rpcrouter";
URL url = new URL (m_https);
...... ...... ...... ...... ...... ...... ...... ......
but, I haven't enjoyed, I always get an Exception :
Caught SOAPException (SOAP-ENV:Client): Error opening socket: null
Any ideas !
Regards Pop Marius L.
----- Original Message -----
From: Andrew Trieger
To: soap-dev@xml.apache.org
Sent: Friday, April 19, 2002 2:16 PM
Subject: Re: SOAP and SSL HELP
I did this:
// settings for client-auth via certs.
// Truststore
System.setProperty("javax.net.ssl.trustStore","/home/atrieger/workspaces/trieger_rootca_truststore.jks");
// missing type-setting here because default type is jks
System.setProperty("javax.net.ssl.trustStorePassword","XXXXXXXXX");
// Keystore
System.setProperty("javax.net.ssl.keyStore","/home/atrieger/workspaces/xmlclient4.p12");
System.setProperty("javax.net.ssl.keyStoreType","PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword","XXXXXXXXXX");
// use Sun's reference implementation of a URL handler for the "https" URL protocol type.
// debugtrieger, note this is what the jsse docs say to do either here or command line
// when this is run with -Dblablabla=this.thing.below
//System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// dynamically register sun's ssl provider
// debugtrieger, also note: just like above, this can also be done in the
// security/java.policy or something file according to jsse install docs.
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
try {
soapRouterURL= new URL("https://" + host + ":" + port + "/soap/servlet/rpcrouter") ;
resp = call.invoke(soapRouterURL,"");
if (resp.generatedFault() == false) {
System.out.println("no faults generated.");
// dangerous, check to make sure its a string first.
answer = (String)(resp.getReturnValue().getValue());
//h = (Hashtable)(resp.getReturnValue().getValue());
} else {
// there was a fault.
System.out.println("A fault was generated: "+resp.getFault().toString());
}
} catch (SOAPException e) {
System.out.println("Soap Exception raised in authenticate: ["+e.getMessage()+"]");
} catch (java.net.MalformedURLException e ) {
System.out.println("Malformed URL exception caught in authenticate: "+e.getMessage());
}
System.out.println("answer is: "+answer);
System.out.println("hashtable is: "+h);
//return auth;
}
}
Which is a soap rpc-style client that not only talks over SSL to the soap server, but also has a local certificate that authenticates itself, the server requires clients to prove their identity with certificates. (its an iplanet 6.0 server).
I had a hard time getting this to work, but finally realized that my truststore should have the trusted root CA in it, and I was having problems with my java $HOME/.keystore file with keys made using keytool, so i finally had a browser with a key in it that was the identity i wanted to use, I exported that key into a pkcs12 file and i use that file as my keystore, referenced in the code above.
the basic idea here is that because the URL is "https..." instead of http, it will use the providers associated with https set in the System properties above it. you dont need the truststore/keystore jazz if you're not doing client authentication, and just talking to some ssl server.
hope this helps...
Drew
pop m wrote:
Hi ! I have the client.keystore and server.keystore files. Can anyone send me a part of a soap client code example where SSl is being integrated with the code.My soap client looks like :................... try { Call call = new Call(); call.setTargetObjectURI("urn:" + m_service);
call.setMethodName("select_vegreh");
call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC); // where should I implement SSL and how can I test it , if it data is encoded indeed ! URL url = new URL (m_http);.............................................. Üdv. Pop Marius L.
--
---