https jboss ws client
Hi,
Trying to use https endpoint address in client proxy (Jboss-4.2.3.GA) from java swing client with endorsed liraries and WS-Security UsernameToken enabled.
Solution goes thru a Portwise security server like:
swingclient->https->portwise->http->jboss-in-dmz.
Code from Swing client:
System.setProperty("javax.net.ssl.keyStore", "C:/k.jks");
System.setProperty("javax.net.ssl.trustStore", "C:/Program/Java/jdk1.6.0_06/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "jks");
System.setProperty("javax.net.ssl.trustStoreType", "jks");
System.setProperty("org.jboss.security.ignoreHttpsHost","true");
String wsdlURLFileName = Resources.getProperty("wsdlURL");
URL wsdlURL = Resources.findFileAsURL(wsdlURLFileName);
String namespaceURI = Resources.getProperty("namespaceURI");
String localpart = Resources.getProperty("localpart");
service = new KService(wsdlURL, new QName(namespaceURI, localpart));
port = service.getKPort();
((StubExt)port).setConfigName("Standard WSSecurity Client");
Map<String, Object> reqContext = ((BindingProvider) port).getRequestContext();
reqContext.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
String kEnpointAddress = "https://portwise.k.se/KService";
((BindingProvider) port).getRequestContext().put(
BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
kEnpointAddress);
When invoking web service methods the call does not bring a valid certificate. Portwise says 'not a valid certificate' and the call does not reach to jboss in dmz.
Did some debugging on Jboss Remoting code and can see truststore and keystore being loaded correctly. Monitoring TLS protocol from client to portwise server seems ok with handshake.
Also trying to access Jboss in DMZ with plain Java code:
try {
System.setProperty("javax.net.ssl.keyStore", "C:/k.jks");
System.setProperty("javax.net.ssl.trustStore", "C:/Program/Java/jdk1.6.0_06/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "jks");
System.setProperty("javax.net.ssl.trustStoreType", "jks");
String keyStorePath = "C:/k.jks";
String trustStorePath = "C:/Program/Java/jdk1.6.0_06/jre/lib/security/cacerts";
String password = "123456";
String host = "https://portwise.k.se/KService?wsdl";
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream keyStoreInput = new FileInputStream(keyStorePath);
try {
ks.load(keyStoreInput, password.toCharArray());
} finally { keyStoreInput.close(); }
KeyStore ts = KeyStore.getInstance("JKS");
FileInputStream trustStoreInput = new FileInputStream(trustStorePath);
try {
ts.load(trustStoreInput, "changeit".toCharArray());
} finally { trustStoreInput.close(); }
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(ts);
keyManagerFactory.init(ks,password.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), null);
SSLContext.setDefault(sslContext);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
javax.net.ssl.HttpsURLConnection connection =
(javax.net.ssl.HttpsURLConnection)url.openConnection();
connection.setDoOutput(true);
connection.setDoInput(true);
connection.connect();
BufferedReader in = new BufferedReader(new InputStreamReader(
connection.getInputStream()));
int c;
while ((c = in.read()) != -1) {
System.out.write(c);
}
in.close();
} catch (Exception ex) {
ex.printStackTrace();
return false;
}
This code retrieve wsdl OK from jboss in DMZ thru Portwise.
Any ideas ?
tia
johan