3
public class ResLookupGetService extends Service {
    ServerServicePortType getServerServicePort();
}
public interface ServerServicePortType {
    ServerServiceResponse doSoapMethod(RequestObject request, ParamObject parameters);
}

ServerServicePortType service = new ServerServiceGetService().getServerServicePort();
ServerServiceResponse response = service.doSoapMethod(request, parameters);

The above code works fine for invoking my SOAP service before mutual SSL encryption is required.

Once it's turned on, I try creating an SSL Context and setting it like so:

ServerServicePortType service = new ServerServiceGetService().getServerServicePort();

BindingProvider bindingProvider = (BindingProvider) service;
    bindingProvider.getRequestContext().put(
        "com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",
        getSslContext().getSocketFactory());

ServerServiceResponse response = service.doSoapMethod(request, parameters);

And the code to create the SSLContext:

public SSLContext getSslContext(String keyStorePath, String keyStoreType, String trustStorePath) {
  KeyStore keyStore = KeyStore.getInstance(keyStoreType);
  InputStream ksis = ClassLoader.getSystemResourceAsStream(keyStorePath);
  keyStore.load(ksis, "mypassword".toCharArray());
  ksis.close();

  KeyStore trustStore = KeyStore.getInstance("JKS");
  InputStream tsis = ClassLoader.getSystemResourceAsStream(trustStorePath);
  trustStore.load(tsis, "mypassword".toCharArray());
  tsis.close();

  TrustManagerFactory tmf =
      TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  tmf.init(trustStore);

  KeyManagerFactory kmf =
      KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  kmf.init(keyStore, "mypassword".toCharArray());

  sslContext = SSLContext.getInstance("TLS");
  sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  return sslContext;
}

But it doesn't seem to be passing my credentials correctly. Am I setting this correctly?

Thanks

Cuga
  • 17,668
  • 31
  • 111
  • 166

1 Answers1

2

Turns out, using the BindingProvider does nothing (or at least I couldn't use it to a point where it made a difference).

Prior to the calls invoking the web service, I simply set these system properties:

  private void setSystemProps() {

    String keyStoreFileName = "ssl/clientKeyStore.jks";
    String keyStorePath = ClassLoader.getSystemResource(keyStoreFileName).getPath();
    String keyStoreType = "JKS";
    String keyStorePassword = "mypassword";

    String trustStoreFileName = "ssl/clientTruststore.jks";
    String trustStorePath = ClassLoader.getSystemResource(trustStoreFileName).getPath();
    String trustStoreType = "JKS";
    String trustStorePassword = "mypassword";

    Properties systemProps = System.getProperties();
    systemProps.put("javax.net.ssl.keyStore", keyStorePath);
    systemProps.put("javax.net.ssl.keyStorePassword", trustStorePassword);
    systemProps.put("javax.net.ssl.keyStoreType", keyStoreType);

    systemProps.put("javax.net.ssl.trustStore", trustStorePath);
    systemProps.put("javax.net.ssl.trustStoreType", trustStoreType);
    systemProps.put("javax.net.ssl.trustStorePassword", keyStorePassword);
    System.setProperties(systemProps);
  }

Then I can do the service call like normal:

ServerServicePortType service = new ServerServiceGetService().getServerServicePort();
ServerServiceResponse response = service.doSoapMethod(request, parameters);

It's worth noting that when I was setting the System Properties, they accept any Object as the value, and I was incorrectly originally setting it to a URL object rather than a String.

So the trustStorePath and keyStorePath variables are being set to the .getPath() value, which is an absolute file path, such as:

"/Users/username/path/to/directory/with/ssl/clientKeyStore.jks"

Now everything works.

Cuga
  • 17,668
  • 31
  • 111
  • 166