How to programmatically set the SSL context of a Axis client?

10.3k views Asked by At

In a very old project we are using a client developed with Axis 1.4 to call a SOAP web service. This web service use mutual authentication mechanism, so we have a private certificate installed inside a keystore and a public key installed inside a truststore.

The SOAP client is used inside a task of a BPM process. We can't and we don't want to use JVM global truststore and keystore. Then we can't configure programmatically JVM global trustore and keystore:

// Keystore
System.setProperty("javax.net.ssl.keyStore", fileKeystore);
System.setProperty("javax.net.ssl.keyStorePassword", pwdKeystore);
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
// Truststore
System.setProperty("javax.net.ssl.trustStore", fileTruststore);
System.setProperty("javax.net.ssl.trustStorePassword", pwdTruststore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");

An approach like that will force us to synchronize the process on the JVM properties and we don't want to do that. Moreover, there are other java processes running on the machine.

My question is: Does Axis 1.4 offer some API to specify which keystore and truststore to use for a specific web service call?

1

There are 1 answers

7
riccardo.cardin On BEST ANSWER

Ok, googling a little I've found the answer to my question. The answer is that using solely Axis 1.4 it is not possible to specify a different keystore/truststore for each service invocation. We need an external library, called axistools.

The library implements a particular kind of EngineConfiguration that allows you to specify for each service call a keystore and/or a truststore.

The following example will be explicative:

// Setting up the configuration
SSLClientAxisEngineConfig config = new SSLClientAxisEngineConfig();
config.setKeystore("path/to/your/keystore");
config.setKeystoreType("JKS");
config.setKeystorePassword("password");
config.setTruststore("path/to/your/truststore");
config.setTruststoreType("JKS");
config.setTruststorePassword("password");
// Very important: without this method invocation 
// the client won't work at all
config.initialize();

// Calling the web service
URL url = new URL("https://localhost:8443/someService");
WebServiceLocator locator = new WebServiceLocator (config);
WebServiceSoap port = locator.getWebServiceSoap(url);
WebServiceSoapStub stub = (WebServiceSoapStub) port;
stub.serviceMethod();

And that's all, folks!!!