HTTPS - SSL in Java Axis web service validating the security certificate - Anotaciones, enlaces y documentos - programación y software

Artículo

Fecha: 2010-02-19 13:28:53

HTTPS - SSL in Java Axis web service validating the security certificate


1.- Create the following util class which is going to initialise the SSL Context validating the security certificate from the server:

_________________________________________________________________



import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

import org.apache.axis.components.net.JSSESocketFactory;
import org.apache.axis.components.net.SecureSocketFactory;
import org.apache.commons.lang.StringUtils;


/**
 * 	Custom SSL socket factory to use integrated keystore
 */
public class CertSSLSocketFactory extends JSSESocketFactory implements
		SecureSocketFactory {

	/* local keystore password */
	private static String MY_KEYSTORE_PASSWORD = "sslwebsv";

	/* local keystore file (contains the self-signed certificate from the server */
	private static String RESOURCE_PATH_TO_KEYSTORE = "ServerKeyStore.jks";

	/**
	 * Constructor MyCustomSSLSocketFactory
	 * 
	 * @param attributes
	 */
	public CertSSLSocketFactory(Hashtable attributes) {
		super(attributes);
	}

	/**
	 * Read the keystore, init the SSL socket factory
	 * 
	 * This overrides the parent class to provide our SocketFactory
	 * implementation.
	 * 
	 * @throws IOException
	 */
	protected void initFactory() throws IOException {

		try {
			SSLContext context = getContext();
			sslFactory = context.getSocketFactory();
		} catch (Exception e) {
			if (e instanceof IOException) {
				throw (IOException) e;
			}
			throw new IOException(e.getMessage());
		}
	}

	/**
	 * Gets a custom SSL Context. This is the main working of this class. The
	 * following are the steps that make up our custom configuration:
	 * 
	 * 1. Open our keystore file using the password provided 
	 * 2. Create a KeyManagerFactory and TrustManagerFactory using this file 
	 * 3. Initialise a SSLContext using these factories
	 * 
	 * @return SSLContext
	 * @throws WebServiceClientConfigException
	 * @throws Exception
	 */
	protected SSLContext getContext() throws Exception {

		char[] keystorepass = MY_KEYSTORE_PASSWORD.toCharArray();

		if (StringUtils.isBlank(new String(keystorepass)))
			throw new Exception("Could not read password for configured keystore!");

		InputStream keystoreFile = this.getClass().getResourceAsStream(RESOURCE_PATH_TO_KEYSTORE);
		//InputStream keystoreFile = new FileInputStream("C:/Development/Graydon/certs/ServerKeyStore/ServerKeyStore.jks");

		if (keystoreFile == null)
			throw new Exception("Could not read the configured keystore file at " + RESOURCE_PATH_TO_KEYSTORE);

		try {
			// create required keystores and their corresponding manager objects
			KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

			keyStore.load(keystoreFile, keystorepass);

			KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			kmf.init(keyStore, keystorepass);

			TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			tmf.init(keyStore);

			// congifure a local SSLContext to use created keystores
			SSLContext sslContext = SSLContext.getInstance("SSL");
			sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

			return sslContext;
		} catch (Exception e) {
			throw new Exception("Error creating context for SSLSocket!", e);
		}
	}
}

2- Set default SSL Socket factory before calling the operation of the axis web service:

AxisProperties.setProperty("axis.socketSecureFactory","test.utils.SSLSocketFactory");

Autor:Jose Miguel Bataller