1

I am currently working on a webservice that uses http! I have been asked to change (to use ) https instead to call this webservice!

I am using eclipse kepler and JBoss EAP6.1

I found in the internet that I have to create a keystore and edit the server.xml file. The thing is that i can't find the xml file in this JBOss version [ i have a standalone.xml file is it the same ? ] and for the generation of the keystore where do i have to do it ? Thank you for you ansewers! if I am on the wrong way, would you please re-direct me to right path ?

Thanks again !

surendrapanday
  • 530
  • 3
  • 13
Hopeful
  • 75
  • 1
  • 3
  • 11

3 Answers3

1

Get the certificate of the HTTPS url. (You can do it by typing the URL in the browser and then extracting the certificate from the browser certificate installation location). After this add this certificate to the JRE of your application which is used by JBOSS server. Most probably this will be the JRE you have given in the system environment. You can google to get how to install certificate in the keystore. May be this will work.

Rahul
  • 309
  • 1
  • 11
  • how to get the certificate of HTTPS url? I am new to webservices so confused. –  Apr 06 '20 at 14:59
  • 2
    @Rohitjha : Same as I mentioned in the answer. Write your https://URL?wsdl in the browser. And extract the certificate from browser. ?wsdl give the wsdl of any webservice – Rahul Apr 09 '20 at 10:47
0

You're calling a remote webservice via https, right?

Ok, you could import the certificate of the remote service in the keystore (plenty of guides about that, look at this other question for an example)

OR

You can bypass the whole https certificate thing (launch this static method before the remote call):

/**
 * Bypassing SSL certificate check
 * 
 * @throws Exception
 */
public static void doTrustToCertificates() throws Exception {
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
            }
        }
    };

    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    HostnameVerifier hv = new HostnameVerifier() {
        @Override
        public boolean verify(String urlHostName, SSLSession session) {
            if (!urlHostName.equalsIgnoreCase(session.getPeerHost())) {
                logger.warn("Warning: URL host '" + urlHostName + "' is different to SSLSession host '" + session.getPeerHost() + "'.");
            }
            return true;
        }
    };
    HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
Community
  • 1
  • 1
Matteo Baldi
  • 5,613
  • 10
  • 39
  • 51
0

In addition to answer of @Rahul, you can import certificate (.cer) file using following command on command prompt for windows OS :

(Assuming you have set required Java paths)

keytool -importcert -file <path of certificate>\<YourCertificateName>.cer -keystore D:\java\jdk1.7.0_40\jre\lib\security\cacerts -alias <certificateAliasName> -storepass <Password>

usually default <password> is 'changeit'.

In case webservice is used for third party client then you can use HttpClient to interact. I am not sure what kind of operation you are performing with that webservice. I assume you want to send some xml to that URL. You can refer following code :

            HttpPost httppost = new HttpPost(url);
            CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY,
                    new UsernamePasswordCredentials(username, password));
            CloseableHttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider).build();
            StringEntity entity = null;
            try {
                entity = new StringEntity(xmlToSend);
            } catch (UnsupportedEncodingException e) {
                LOG.error("Unsupported Encoding ", e);
            }
            entity.setContentType("text/xml");
            httppost.setEntity(entity);
            try{
                CloseableHttpResponse response = client.execute(httppost);
                returnCode = response.getStatusLine().getStatusCode();
                EntityUtils.consume(entity);
                LOG.debug("HttpResponse :" + EntityUtils.toString(response.getEntity()));
            }catch(IOException e){
                LOG.error("Error occured while sending the xml");
            }
Suyash
  • 525
  • 1
  • 6
  • 10
  • i don't really from where i should start should i configure the xml file of the server if so which one ? if i have to create or import a certificat from where of to where i should do that.... and finally, the webservice i'm working on is for another company so if i add the certificate to jdk directory how is that going to work for the company ? – Hopeful Mar 15 '16 at 13:31
  • I had faced similar situation in past, so in your case if your webservice is working for some other company then ideally you shouldn't import any certificate(Provided client's jdk/jre is accessible to you).I used HttpClient 4.x as I had to sent some data in the form of xml to client(Other company).Do you have SLA with that company's https URL? I mean is there any mechanism in place with that company which can consume your webservice? If yes then you can use httpclient (There are other API's too!). Let me know if you need some help with the code. – Suyash Mar 15 '16 at 13:57
  • @Suyash Can you please answer this? I am not using any framework to create webservices. https://stackoverflow.com/questions/60976773/rest-api-in-java-using-https/61055768#61055768 –  Apr 06 '20 at 14:44