0 Replies Latest reply on Jun 8, 2010 12:07 PM by Tommy Dzwigaj

    JBoss WS and setting own trustmanager

    Tommy Dzwigaj Newbie

      Hi.

      My main goal is to have a trustmanager filled with certificates retrieved from a database for a secure WebService client connections with JBoss Ws.

      I've created my own implementation of trustmanager which implements javax.net.ssl.X509TrustManager, and it's basically getting certs from a database and loads them into keystore. I'm setting it for my HTTPSConnections like this:

       

      ...

      TrustManager[] myTMs = new TrustManager [] {
                      myTrustManager };

      final SSLContext sslContext = SSLContext.getInstance( "TLS" );

       

      sslContext.init( null, myTMs, null );

       

      HttpsURLConnection.setDefaultSSLSocketFactory( sslContext.getSocketFactory() );

       

      Althought it works fine (the webservice is call is made properly) at every connection it messes with my head with:


      java.io.IOException: Error initializing socket factory SSL context: Can not find truststore url.
              at org.jboss.remoting.security.SSLSocketBuilder.initializeSocketFactorySSLContext(SSLSocketBuilder.java:1340)
              at org.jboss.remoting.security.SSLSocketBuilder.createCustomSocketFactory(SSLSocketBuilder.java:451)
              at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:431)
              at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:381)
              at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.createSocketFactory(HTTPSClientInvoker.java:140)
              at org.jboss.remoting.RemoteClientInvoker.<init>(RemoteClientInvoker.java:46)
              at org.jboss.remoting.transport.http.HTTPClientInvoker.<init>(HTTPClientInvoker.java:105)
              at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.<init>(HTTPSClientInvoker.java:63)
              at org.jboss.remoting.transport.https.TransportClientFactory.createClientInvoker(TransportClientFactory.java:39)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:597)
              at org.jboss.remoting.InvokerRegistry.loadClientInvoker(InvokerRegistry.java:419)
              at org.jboss.remoting.InvokerRegistry.createClientInvoker(InvokerRegistry.java:320)
              at org.jboss.remoting.Client.connect(Client.java:459)
              at org.jboss.ws.core.client.RemotingConnectionImpl.createRemotingClient(RemotingConnectionImpl.java:247)
              at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:165)
              at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
              at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
              at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
              at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
              at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)

       

      So i've tried to set a java system property javax.net.ssl.trustStore to an empty keystore and althought it worked fine on a windows server (the annoying exception was gone) on a linux server, after setting this property this empty keystore was used as a truststore which only gave me another nightmane - what if in other part of code of large application i'm dealing with - somebody is setting this property for his reasons?

       

      Maybe anyone found some solution for this problem?

       

      I'm using I'm using Jboss 4.2.2

       

      Regards

      zlytomek