Discussion:
Relative path keystore Axis2
Oscar Rugama
2016-04-27 15:25:04 UTC
Permalink
Hi all:

I'm developing a web service using axis2 & tomcat .

ItŽs a little bit complicated due to the fact that I act as a server but within the aar in which I act as a server in same procedure I have to call to external Web Services (for calling those External Web Service which are legacy itŽs used Axis.

Those external Web Service are not secured, IŽm not using SSL because tender are not asking for it.

All work Ok, I mean I deploy aar and I make a calle to my server and everything ok.

One of this Web Service now needs to be used using SSL, it means use a certificate.

I know how to secure a Web Service thatŽs not the problem, in fact I have got all working.

The key problem is that to get my keystore path I donŽt want to use absolute path because IŽm not the admin of the server.

And IŽm facing that I donŽt know how to do it, let me explain it with an example.

There I use a keystdata.jks keystore file to store some certificates. When I give the Absolute Path
for the keysdata.jks, everything works fine. But I am looking for a way
to give the file path in relative to the source file. To achive that I
have tried several methods and nothing works.

My project could be like that, so at first glance my keystore is placed at the what I thought is the root level, so just writing



System.setProperty("javax.net.ssl.keyStore",
"keysdata.jks");


I thought it should look in the root level. But nothing works (I mean an absolute path yes it works)



+Project
|-src
|-keysdata.jks


Do anyone have any idea?
Thank you
Kind regards,
Oscar
robertlazarski .
2016-04-27 15:54:36 UTC
Permalink
Post by Oscar Rugama
I'm developing a web service using axis2 & tomcat .
<snip>
Post by Oscar Rugama
My project could be like that, so at first glance my keystore is placed at
the what I thought is the root level, so just writing
System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");
I thought it should look in the root level. But nothing works (I mean an
absolute path yes it works)
I would try to use some form of getResourceAsSteam() . Lots of ways to
do that. At the axis2 level, you should be able to do something like:

MessageContext.getCurrentMessageContext().getAxisService().getClassLoader().getResourceAsSteam("keysdata.jks");

- R

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-***@axis.apache.org
For additional commands, e-mail: java-user-***@axis.apache.org
Oscar Rugama
2016-04-28 11:05:22 UTC
Permalink
Hi Robert:

Thank you very much for pointing me.

I have performed the following code:

KeyStore theKeystore = null;

try {
InputStream theKeystoreInputStream = ClassLoader.getSystemResourceAsStream("keysdata.jks");
theKeystore = KeyStore.getInstance("JKS");
theKeystore.load(theKeystoreInputStream, null);
theKeystoreInputStream.close();
} catch (KeyStoreException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
} catch (NoSuchAlgorithmException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
} catch (CertificateException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
}

And as far as I have debugged it, theKeystore is not null.

Reaching this point, I have been trying to perform code to use theKeystore but unfortunately I didnŽt reach the solution.

I have surfing on google, and I found some examples using a SecureSocketFactory.

I have done my own SecureSocketFactory and I have told Axis like this

AxisProperties.setProperty("axis.socketSecureFactory","solvenciacenter.webservice.impl.MyCustomSSLSocketFactory");

My call to the web service looks like:

IcTransactionServiceServiceStub service = new IcTransactionServiceServiceStub(axisContext, endpointURL);

org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties HTTPProxyProperties = new org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties();
HTTPProxyProperties.setProxyName(IberdrolaConfigurationManager.getProperty("ws.proxy.host"));
HTTPProxyProperties.setProxyPort(Integer.parseInt(IberdrolaConfigurationManager.getProperty("ws.proxy.port")));
HTTPProxyProperties.setUserName(proxyUser);
HTTPProxyProperties.setPassWord(proxyPassword);
org.apache.axis2.client.Options options = service._getServiceClient().getOptions();
options.setProperty("PROXY", HTTPProxyProperties);

respuesta = service.submit(peticionA);

And IŽm still getting the same error about not finding the certificate.

Could you please point me what IŽm understanding wrong?

Thank you very much

Kind regards
Date: Wed, 27 Apr 2016 12:54:36 -0300
Subject: Re: Relative path keystore Axis2
Post by Oscar Rugama
I'm developing a web service using axis2 & tomcat .
<snip>
Post by Oscar Rugama
My project could be like that, so at first glance my keystore is placed at
the what I thought is the root level, so just writing
System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");
I thought it should look in the root level. But nothing works (I mean an
absolute path yes it works)
I would try to use some form of getResourceAsSteam() . Lots of ways to
MessageContext.getCurrentMessageContext().getAxisService().getClassLoader().getResourceAsSteam("keysdata.jks");
- R
---------------------------------------------------------------------
Martin Gainty
2016-04-28 13:20:00 UTC
Permalink
Buenasyesterday I was trying to determine *best price* to get to South America this year..obrigado Robert for stepping in
public org.apache.commons.ssl.SSLClient client;
public java.security.KeyStore ks = java.security.KeyStore.getInstance("JKS");public java.security.cert.Certificate cert = ks.getCertificate(alias);public String original_keystoreFile="servidor.jks"; //sub in actual location of keystore filepublic String keystoreFile ="servidor.jks"; //sub in actual location of keystore filepublic String keystorePass="contrasuena"; //sub in actual password to keystorepublic String cert_filename="C:\\cacerts"; // sub in actual location of cacerts filepublic javax.net.ssl.SSLSocket ssl_socket;public java.util.Properties props = new java.util.Properties();public String hostURL_for_socket= props.getProperty("HostURL"); //sub in actual HTTP hostpublic String securePortURL =props.getProperty("SSLHostURL"); //sub in actual SSL hosttry{ client=new org.apache.commons.ssl.SSLClient(); client = setup_certificate(client); System.out.println("SSLClient="+client);}catch(Exception excp){ System.err.println("Cannot setup SSLClient message="+excp.getMessage()); return;}System.out.println("before secure_socket = (SSLSocket) client.createSocket(hostURL_for_socket,securePortURL )");secure_socket = (javax.net.ssl.SSLSocket) client.createSocket(hostURL_for_socket,securePortURL ); System.out.println("AFTER client.createSocket secure_socket="+secure_socket); } catch(UnknownHostException unknown_host) { System.out.println("UnknownHostException has been thrown message="+unknown_host.getMessage()); System.out.println("new Socket(hostURL_for_socket="+hostURL_for_socket); System.out.println("securePortURL="+securePortURL); System.out.println("client.createSocket(hostURL_for_socket,securePortURL ) throws UnknownHostException has been thrown message="+unknown_host.getMessage()); }
public org.apache.commons.ssl.SSLClient setup_certificate(org.apache.commons.ssl.SSLClient client){try{// Let's trust usual "cacerts" that come with Java. Plus, let's also trust a self-signed cert// we know of. We may have additional trusted certs inside keystore file. System.out.println("before client.addTrustMaterial( TrustMaterial.DEFAULT )"); client.addTrustMaterial( org.apache.commons.ssl.TrustMaterial.DEFAULT );// client.addTrustMaterial( new org.apache.commons.ssl.TrustMaterial( "/path/to/self-signed.pem" ) ); try { System.out.println("before key_material=new org.apache.commons.ssl.KeyMaterial( keystoreFile,keystorePass.toCharArray() )");//public org.apache.commons.ssl.KeyMateria(File jksFile,char[] password) throws GeneralSecurityException,IOException Throws: //GeneralSecurityException IOException key_material=new org.apache.commons.ssl.KeyMaterial( new java.io.File(keystoreFile),(char[])keystorePass.toCharArray() ); } catch(java.security.GeneralSecurityException general_security_exception) { System.out.println("key_material=new org.apache.commons.ssl.KeyMaterial( new java.io.File(keystoreFile),(char[])keystorePass.toCharArray() ) throws GeneralSecurityException has been thrown message="+general_security_exception.getMessage()); key_material=null; return null; } System.out.println("key_material="+key_material);
System.out.println("addding keystore file ..before client.addTrustMaterial( key_material )"); if(key_material!=null) client.addTrustMaterial( key_material );
// To be different, let's bypass check the hostname of the certificate System.out.println("before client.setCheckHostname( false )"); client.setCheckHostname( false ); // default setting is "true" for SSLClient //to be difference lets allow for expired certs (not recommended) System.out.println("before client.setCheckExpiry( false )"); client.setCheckExpiry( false ); // default setting is "true" for SSLClient
//lets check against the Certificate Revocation List System.out.println("before client.setCheckCRL( true )"); client.setCheckCRL( true ); // default setting is "true" for SSLClient
System.out.println("before key_material=new org.apache.commons.ssl.KeyMaterial(cert_filename, keystorePass.toCharArray()) where cert_filename="+cert_filename+" keystoreFile="+keystoreFile+" keystorePass="+keystorePass); //org.apache.commons.ssl.KeyMaterial(String pathToCerts, String pathToKey, char[] keystorePass) key_material=new org.apache.commons.ssl.KeyMaterial(cert_filename, (String)keystoreFile,(char [])keystorePass.toCharArray()); System.out.println("(Certificate) key_material="+key_material);
// Let's load a client certificate (max: 1 per SSLClient instance). System.out.println("adding cert to client ..before client.setKeyMaterial( key_material )"); client.setKeyMaterial( key_material);
cert_filename = "C:\cacerts"; //sub in actual location of cacerts file original_keystoreFile = "servidor.jks"; //sub in actual location of server key file char[] lfstorepass = keystorePass.toCharArray(); //make sure keystorePass contains actual password for cacerts char[] lfkeypass = keystorePass.toCharArray(); //make sure keystorePass contains actual password for key store stored in cacerts (i use //same password..NOT recommended)
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); System.out.println("X.509 CertificateFactory ="+cf); java.io.FileInputStream cacert_file = new java.io.FileInputStream(cert_filename); System.out.println("FileInputStream cacert_file="+cert_filename);
System.out.println("Generating the cert"); java.security.cert.Certificate certificate = cf.generateCertificate(cacert_file); System.out.println("closing cacert_file="+cert_filename); cacert_file.close();
System.out.println("Generating cert chain for certificate ="+certificate); java.security.cert.Certificate[] cchain = { certificate }; System.out.println("cchain="+cchain);
System.out.println("loading server key "+original_keystoreFile); java.io.FileInputStream original_keystoreFile_file = new java.io.FileInputStream(original_keystoreFile); System.out.println("original_keystoreFile_file="+original_keystoreFile_file);
System.out.println("about to load KeyStore ks = java.security.KeyStore.getInstance(JKS"); java.security.KeyStore ks = java.security.KeyStore.getInstance("JKS"); System.out.println("ks="+ks);
System.out.println("load keystore from original_keystoreFile_file="+original_keystoreFile_file+" lfstorepass="+lfstorepass); ks.load(original_keystoreFile_file, lfstorepass);
//for asymmetric encryption (server and client keys are different) we need to dig out the private key System.out.println("before java.security.PrivateKey prk = (java.security.PrivateKey) ks.getKey(lf, lfkeypass)"); java.security.PrivateKey prk = (java.security.PrivateKey) ks.getKey(alias, lfkeypass); System.out.println("private key="+prk);
System.out.println("setting signed key for keystore ks.setKeyEntry(lf_signed, prk, lfstorepass, cchain)"); ks.setKeyEntry("lf_signed", prk, lfstorepass, cchain);
System.out.println("Store keystore to file"); java.io.FileOutputStream server_key_file = new java.io.FileOutputStream(original_keystoreFile); ks.store(server_key_file, keystorePass.toCharArray()); server_key_file.close(); } catch(java.security.GeneralSecurityException security_exception) { System.out.println("************************************************************************************************************"); System.out.println("* GeneralSecurityException has been thrown message="+security_exception.getMessage()); System.out.println("************************************************************************************************************"); } catch(java.io.IOException ioe) { System.out.println("************************************************************************************************************"); System.out.println("* IOException has been thrown message="+ioe.getMessage()); System.out.println("************************************************************************************************************"); } catch(java.lang.SecurityException security_excp) { System.out.println("************************************************************************************************************"); System.out.println("* SecurityException has been thrown message="+security_excp.getMessage()); System.out.println("************************************************************************************************************"); } System.out.println("returning SSLClient client="+client); return client; }
¡Saludos Cordiales desde las Americas!Martín



From: ***@hotmail.com
To: java-***@axis.apache.org
Subject: RE: Relative path keystore Axis2
Date: Thu, 28 Apr 2016 13:05:22 +0200




Hi Robert:

Thank you very much for pointing me.

I have performed the following code:

KeyStore theKeystore = null;

try {
InputStream theKeystoreInputStream = ClassLoader.getSystemResourceAsStream("keysdata.jks");
theKeystore = KeyStore.getInstance("JKS");
theKeystore.load(theKeystoreInputStream, null);
theKeystoreInputStream.close();
} catch (KeyStoreException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
} catch (NoSuchAlgorithmException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
} catch (CertificateException ex) {
java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
}

And as far as I have debugged it, theKeystore is not null.

Reaching this point, I have been trying to perform code to use theKeystore but unfortunately I didnŽt reach the solution.

I have surfing on google, and I found some examples using a SecureSocketFactory.

I have done my own SecureSocketFactory and I have told Axis like this

AxisProperties.setProperty("axis.socketSecureFactory","solvenciacenter.webservice.impl.MyCustomSSLSocketFactory");

My call to the web service looks like:

IcTransactionServiceServiceStub service = new IcTransactionServiceServiceStub(axisContext, endpointURL);

org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties HTTPProxyProperties = new org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties();
HTTPProxyProperties.setProxyName(IberdrolaConfigurationManager.getProperty("ws.proxy.host"));
HTTPProxyProperties.setProxyPort(Integer.parseInt(IberdrolaConfigurationManager.getProperty("ws.proxy.port")));
HTTPProxyProperties.setUserName(proxyUser);
HTTPProxyProperties.setPassWord(proxyPassword);
org.apache.axis2.client.Options options = service._getServiceClient().getOptions();
options.setProperty("PROXY", HTTPProxyProperties);

respuesta = service.submit(peticionA);

And IŽm still getting the same error about not finding the certificate.

Could you please point me what IŽm understanding wrong?

Thank you very much

Kind regards
Date: Wed, 27 Apr 2016 12:54:36 -0300
Subject: Re: Relative path keystore Axis2
Post by Oscar Rugama
I'm developing a web service using axis2 & tomcat .
<snip>
Post by Oscar Rugama
My project could be like that, so at first glance my keystore is placed at
the what I thought is the root level, so just writing
System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");
I thought it should look in the root level. But nothing works (I mean an
absolute path yes it works)
I would try to use some form of getResourceAsSteam() . Lots of ways to
MessageContext.getCurrentMessageContext().getAxisService().getClassLoader().getResourceAsSteam("keysdata.jks");
- R
---------------------------------------------------------------------
Loading...