0

I am working to correct an issue with some older Java app code that has to be able to run in a Java 1.4 app server.

The app is calling a SOAP WebService and must pass a client certificate. The app is sharing a server with a number of other apps, so I am attempting to use custom key managers to make the connection. The code below works in newer versions of Java, but the 'setDefault' was introduced in 1.6. It is causing a cannot find symbol error when I try to compile it. 

    javax.net.ssl.SSLContext context = javax.net.ssl.SSLContext.getInstance("SSL");
    context.init(getKeyManagers(), (TrustManager[]) getKeyManagers(), null);
    SSLContext.setDefault(context);

So, in Java 1.4 what would be the equivalent of "SSLContext.setDefault(context);"?

Thanks, Doug

Here is additional code for what I am trying to do:

private org.apache.axis.message.SOAPEnvelope SendSOAP(String SOAPaction,
        String EndPointURL, String SOAPmessage) {

    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            // TODO Auto-generated method stub
            return null;
        }

        public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                throws CertificateException {
            // TODO Auto-generated method stub
        }

        public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                throws CertificateException {
            // TODO Auto-generated method stub
        }
    } };

    try {
        SSLContext context = SSLContext.getInstance("SSL");
        context.init(getKeyManagers(), trustAllCerts, null);
        SSLContext.setDefault(context);
    } catch (Exception e) {
        logger.fatal(e.toString());
    }


    org.apache.axis.message.SOAPEnvelope resp = null;
    try {
        InputStream input = new ByteArrayInputStream(SOAPmessage.getBytes());
        org.apache.axis.client.Service service = new org.apache.axis.client.Service();

        logger.debug(SOAPmessage);

        Call call = (Call) service.createCall();
        call.setSOAPActionURI(SOAPaction);
        call.setTargetEndpointAddress(new URL(EndPointURL));

        SOAPEnvelope env = new SOAPEnvelope(input);

        resp = call.invoke(env);
    } catch (Exception e) {
        e.printStackTrace();
        logger.fatal("Exception from send soap: " + e.toString());
        e.printStackTrace(System.out);
    }

    return resp;

}
Doug
  • 51
  • 6
  • 1
    There isn't one (in was only introduced in Java 6). What you can do instead is use the SSLContext instance for that specific connection (often by passing an SSLSocketFactory to your client library). How to do so heavily depends on what you're using to make that call. Please elaborate with more details (library, version number, ...). – Bruno Jul 08 '14 at 22:48
  • 1
    (a) It's rarely a good idea to use that sort of trust manager, import the correct in your truststore instead and (b) which version of Axis is this? – Bruno Jul 08 '14 at 23:40
  • I agree with (a). I don't have the ability to add keys to the keystore or truststore, so I was working through the keystore and client certificate first since I thought it would be the more complex piece to address. (b) it is Axis 1.4, sorry I didn't include that before. – Doug Jul 09 '14 at 00:06
  • I think that what I need to do is create a custom class that extends JSSESocketFactory and implements org.apache.axis.components.net.SecureSocketFactory. I have started this process, but I am not exactly sure what needs to be in the create method that is returning a socket. I can see that my code is now calling this method, but failing since there is basically just the auto generated code in the method. I did write the parms being passed and the port that is being passed is -1, but I would have thought it would be 443 since this is an https connection. – Doug Jul 09 '14 at 13:42
  • You might want to have a look at [this question](http://stackoverflow.com/a/3713147/372643). Note that if you create your own `SSLContext` to pass a client cert (via the keymanager), you might as well use a trustmanager properly initialised with the server cert you need (instead of using one that accepts anything). – Bruno Jul 09 '14 at 13:49
  • Yes, I used very close to that example. The original issue that I was working to solve for is that the client certificate didn't always get passed to the server. After I had this done and working I removed the JKS file as a JVM parm and just let my code load it and I ended up with the same problem of the app not always sending the certificate. Is that a way to force a certificate to be sent? – Doug Jul 18 '14 at 15:29

0 Answers0