You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Joao Luis Pinto <jp...@inescporto.pt> on 2004/02/26 22:19:24 UTC
Follow-up on "Connecting to service with HTTPS using several client
certificate authentication"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Previously I wrote the following:
| Dear all
|
| I am using Axis 1.1 with Tomcat 5.0.16 and Sun J2SE 1.4.
|
| I am building a client application that connects to remote services
| through SSL requiring client authentication, using several different
| certificates stored in the same keystore file. The idea is to have the
| service only allowing connections authenticated with the same
| certificate of the enclosed XML digital signature, and to have the
| application emulating several clients.
|
| Before using Axis (and SOAP) I was using raw HTTPS and XML for the
| connection, and changed the SocketFactory for each of the connecting
| clients (running in the same application) creating a custom
| SSLSocketFactory by implementing a KeyManager that returned a single
| certificate, specific to the connections in question.
|
| My question is: how do I set the SSLSocketFactory a particular SOAP call
| uses with Axis? I cannot use the parameter method, since it interferes
| with the whole application, right?
|
| Any help is much appreciated...
|
| Thank you
|
| João Luis
Having no reply, I tried to set a transport handler on the client side,
with a custom HTTP implementation that allows the parameters for the
KeyManager to be set using static fields that are changed before each
call to the webapp i.e., before the particular socket is created.
Something like this:
(...)
SimpleProvider clientConfig=new SimpleProvider();
Handler sessionHandler=(Handler)new SimpleSessionHandler();
SimpleChain reqHandler=new SimpleChain();
SimpleChain respHandler=new SimpleChain();
reqHandler.addHandler(sessionHandler);
respHandler.addHandler(sessionHandler);
Handler pivot=(Handler)new HTTPSender();
Handler transport=new SimpleTargetedChain(reqHandler, pivot, respHandler);
clientConfig.deployTransport(HTTPTransport.DEFAULT_TRANSPORT_NAME,transport);
Service service = new Service(clientConfig);
Call call = (Call) service.createCall();
HTTPSender.alias = "Alice";
HTTPSender.certificate = certificate;
HTTPSender.privateKey = key;
call.setTargetEndpointAddress(new java.net.URL(endpoint));
call.setOperationName(
new QName("http://soapinterop.org/", "processRequest"));
(...)
I set the Tomcat SSL connector to require client authentication in
server.xml, and by debugging the SSL handshake things look OK, and the
client certificate is being used in the negotiation. But I have a new
problem. I want to have access to the client certificate on the server
side, so I implemented a Handler (with my previous plain servlet
experience) that looks like this:
public class MyHandler extends BasicHandler
{
~ public void invoke(MessageContext messageContext) throws AxisFault
~ {
~ MessageContext context = MessageContext.getCurrentContext();
~ HttpServletRequest request =
~ (HttpServletRequest) context.getProperty(
~ HTTPConstants.MC_HTTP_SERVLETREQUEST);
~ if (request.isSecure())
~ {
~ X509Certificate[] certificates =
~ (X509Certificate[]) request.getAttribute(
~ "javax.servlet.request.X509Certificate");
~ Enumeration enumeration = request.getAttributeNames();
~ while (enumeration.hasMoreElements())
~ {
~ String string = (String) enumeration.nextElement();
~ system.out.println(string + ": " +
~ request.getAttribute(string).toString());
~ }
~ }
The problem is that the HttpServletRequest attribute list is empty, so
as a consequence "certificates" is null...
Does anyone have any idea on what might be going wrong? How can I get
the client certificate?
Thank you,
João Luis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAPmLbplvT4bMzQewRAhK9AKDXsP+p3qbp7kVsvjq91MTzRdSWcACeITdT
EdZ8VKEWq5XS5k9/wRUyPFU=
=JAnc
-----END PGP SIGNATURE-----