1

I have generated java classes using cxf wsdl2java. But not sure how to authenticate the request with client certificate. I was able to generate client classes from wsdl with out any issue by using the below command:

wsdl2java -ant - client -d D:\cxf-client D:\HelperActions.wsdl

I am getting the blogs or forums with userid and password authentication in google search. But not able to find how to authenticate the request with the jks or .crt certificate.

I tried what it was mentioned in the below link

https://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2014-07-java-soap-client-certificate-authentication

and also I tried implementing the certification mentioned in the below link

http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java?revision=1406329&view=markup

But I am getting the following exception

javax.xml.ws.webserviceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'wsdl path'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failes: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: javax.net.ssl.HandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Caused by: sun.security.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I placed the certificate in the class path, I tried both the ways mentioned in the above links, but all the effort didnt work well. I am not sure where I am going wrong.

Can anyone help me in sending the request with client certificate?

raajaag
  • 175
  • 4
  • 18
  • Did you check links like that? https://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication I think it's not really related to CXF or webservice, since the authentication will be proceeded during the SSL connection establishment. – sjahan Jun 14 '17 at 13:15
  • @sjahan - You are correct that it is not related to cxf. My problem is how to use the cxf wsdl generated classes with client certificate. Usually, cxf will generate service and port classes along with the supported type classes. Once we get service object, over that we will get port. So using port we can call the respective service. But iin order to call the respective service the request must have the details of the certificate as part of header. So how can we achieve that. – raajaag Jun 15 '17 at 04:35
  • If I understand you correctly, you want to pass in the SOAP headers the details of the certificate. I'm not sure that can be done automatically. From my point of view, the code of the client should 'manually' put it in the SOAP enveloppe before the request is done. Then, server-side, you will read these headers and validate them against what your server will have extracted from the certificate (Tomcat allows you to get it like that: `X509Certificate x509[] = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); `) – sjahan Jun 15 '17 at 07:35
  • But you definitely need not to forget that the authoritative source is the SSL layer of your server, you obviously never trust just the SOAP headers that can be forged. HTTPS/certification authentication is really odd since it's performed in lower network layers... I also saw in some cases the authentication was performed by a reverse proxy and the content of the certificate was set in the HTTP headers on the request forwarded to the application server. (If that can help!) – sjahan Jun 15 '17 at 07:39

0 Answers0