You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Schielzeth (Jira)" <ji...@apache.org> on 2019/09/03 13:09:00 UTC

[jira] [Commented] (CXF-8104) Can't assign keystore and truststore before connecting

    [ https://issues.apache.org/jira/browse/CXF-8104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16921409#comment-16921409 ] 

Daniel Schielzeth commented on CXF-8104:
----------------------------------------

Okay, so we updated CXF to 3.3.3 and changed the code to 

{code:java}
    TLSClientParameters tlsParams = new TLSClientParameters();
        try {
            tlsParams.setTrustManagers(ksl.getTrustManagers(cert));
            tlsParams.setKeyManagers(ksl.getKeyManagers(cert));
        } catch (IOException e) {
            e.printStackTrace();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        }
        // disables verification of the common name (the host for which the certificate has been issued)
        tlsParams.setDisableCNCheck(true);
        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
        factory.setServiceClass(ListBuyerRequestsReadServicePortType.class);
        factory.setAddress(url);
        factory.setWsdlLocation(url);
        Map<String, Object> properties = new HashMap<String, Object>();
        properties.put(TLSClientParameters.class.getName(), tlsParams);
        factory.setProperties(properties);
        client = (ListBuyerRequestsReadServicePortType) factory.create();
{code}

But we still get a _handshake_failure_ in the last line.

> Can't assign keystore and truststore before connecting
> ------------------------------------------------------
>
>                 Key: CXF-8104
>                 URL: https://issues.apache.org/jira/browse/CXF-8104
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.3.11
>            Reporter: Daniel Schielzeth
>            Priority: Critical
>
> I want to use a SOAP Provider with my java client. The Provider requires a Certificate (keystore and truststore). We have tried many ways to make sure the certificate is used for the client but it doesn't seem to work. I guess, the certificate is set too late. The best we could come up with is
> {code:java}
> KeyStore keyStore = KeyStore.getInstance(cert.getKeystore_type());
> keyStore.load(new FileInputStream(cert.getKeystore_file()), cert.getKeystore_password().toCharArray());
> KeyStore trustStore = KeyStore.getInstance(cert.getTruststore_type());
> trustStore.load(new FileInputStream(cert.getTruststore_file()), cert.getTruststore_password().toCharArray());
> SSLContext context = initSecurityContext(keyStore, trustStore, cert.getKeystore_password());
> SOAPService client = (ListBuyerRequestsReadServicePortType) ClientBuilder.newBuilder().register(SOAPService.class).sslContext(context).build();
> {code}
> We get a _javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure_  when assigning the client in the last line. 
> Do you know how to do it?



--
This message was sent by Atlassian Jira
(v8.3.2#803003)