PlaceOweb Dotclear

Le plus simple est de configurer les propriétés du système :

String keyStoreFile = "/my-cert.p12";
		String keyStoreType = "pkcs12";
		String keyStorePassword = "myPassword";
 
		System.setProperty("javax.net.ssl.keyStore", keyStoreFile);
		System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);
		System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
		System.setProperty("javax.net.debug", "ssl,handshake");

Le problème, c'est que sous Jboss 6, cela ne marche pas, il faut redéfinir l'option "axis.socketSecureFactory" de la classe AxisProperties :

AxisProperties.setProperty("axis.socketSecureFactory","fr.test.ws.CertSSLSocketFactory");

avec la classe :

package fr.test.ws;
 
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Hashtable;
 
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
 
import org.apache.axis.components.net.JSSESocketFactory;
import org.apache.axis.components.net.SecureSocketFactory;
import org.apache.commons.lang.StringUtils;
 
 
/**
 * 	Custom SSL socket factory to use integrated keystore
 */
public class CertSSLSocketFactory extends JSSESocketFactory implements
		SecureSocketFactory {
 
	/* local keystore password */
	private static String MY_KEYSTORE_PASSWORD = "myPassword";
 
	/* local keystore file (contains the self-signed certificate from the server */
//	private static String RESOURCE_PATH_TO_KEYSTORE = "ServerKeyStore.jks";
	private static String RESOURCE_PATH_TO_KEYSTORE = "/my-cert.p12";
 
	private static String MY_KEYSTORE_TYPE = "PKCS12";
 
	/**
	 * Constructor MyCustomSSLSocketFactory
	 * 
	 * @param attributes
	 */
	public CertSSLSocketFactory(Hashtable attributes) {
		super(attributes);
	}
 
	/**
	 * Read the keystore, init the SSL socket factory
	 * 
	 * This overrides the parent class to provide our SocketFactory
	 * implementation.
	 * 
	 * @throws IOException
	 */
	protected void initFactory() throws IOException {
 
		try {
			SSLContext context = getContext();
			sslFactory = context.getSocketFactory();
		} catch (Exception e) {
			if (e instanceof IOException) {
				throw (IOException) e;
			}
			throw new IOException(e.getMessage());
		}
	}
 
	/**
	 * Gets a custom SSL Context. This is the main working of this class. The
	 * following are the steps that make up our custom configuration:
	 * 
	 * 1. Open our keystore file using the password provided 
	 * 2. Create a KeyManagerFactory and TrustManagerFactory using this file 
	 * 3. Initialise a SSLContext using these factories
	 * 
	 * @return SSLContext
	 * @throws WebServiceClientConfigException
	 * @throws Exception
	 */
	protected SSLContext getContext() throws Exception {
 
		char[] keystorepass = MY_KEYSTORE_PASSWORD.toCharArray();
 
		if (StringUtils.isBlank(new String(keystorepass)))
			throw new Exception("Could not read password for configured keystore!");
 
//		InputStream keystoreFile = this.getClass().getResourceAsStream(RESOURCE_PATH_TO_KEYSTORE);
//		InputStream keystoreFile = new FileInputStream("C:/Development/Graydon/certs/ServerKeyStore/ServerKeyStore.jks");
		InputStream keystoreFile = new FileInputStream(RESOURCE_PATH_TO_KEYSTORE);
 
		if (keystoreFile == null)
			throw new Exception("Could not read the configured keystore file at " + RESOURCE_PATH_TO_KEYSTORE);
 
		try {
			// create required keystores and their corresponding manager objects
//			KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
			KeyStore keyStore = KeyStore.getInstance(MY_KEYSTORE_TYPE);
 
			keyStore.load(keystoreFile, keystorepass);
 
			KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			kmf.init(keyStore, keystorepass);
 
			TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			tmf.init(keyStore);
 
			// congifure a local SSLContext to use created keystores
			SSLContext sslContext = SSLContext.getInstance("SSL");
//			sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
			sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
 
			return sslContext;
		} catch (Exception e) {
			throw new Exception("Error creating context for SSLSocket!", e);
		}
	}	
 
}

AxisProperties.setProperty("axis.socketSecureFactory",

• HTTPS - SSL in Java Axis web service validating the security certificate
• web service over https

• Axis SecureSocketFactory - Setting the constructor attributes
• SSL, AXIS, Web Service
• Source code of project : axis-ssl, Axis 1.4 Dynamic SSL Config
  • org/ apache/ axis/ client/ SSLClientAxisEngineConfig.java
  • org/ apache/ axis/ components/ net/ CertificateSecureSocketFactory.java
• Source code of taverna project :
  • http://code.google.com/p/taverna/so...
  • http://code.google.com/p/taverna/so...
  • http://code.google.com/p/taverna/so...
  • http://code.google.com/p/taverna/so...

Avec JBoss,

• StubExt

• Call web services with different certificates
• Call web services with different certificates
• No trusted certificate found - JBossWS Client
• Jboss 6.0 WebService Client with SSL (Saaj)
• WS client SSL Jboss 6 : handshake_failure
• Retrieve Server's Certificate
• Problema com Web Service e JBoss 6 - Resolvido

Autre

• EJBCA support, development and maintenance