Prerequisites
- Apache Tomcat 7
- Spring 3.2.11.RELEASE
- Apache Camel 2.14.1
- Apache Axis 1 (1.4)
- Keystore including client certificate (private key, public key etc.): my_keystore.p12
Question
I am trying to access a remote rpc/encoded werbservice using Apache Axis 1.
It is neccessary to use Apache Axis 1 because of rpc/encoded style of the webservice.
The webservice is protected by a client certificate contained in my_keystore.p12. The client certificate is needed for bidirectional SSL handshake with remote server (my appication is the client) ---> client checks if it talks to the right server and server checks if it talks to the right client. The file my_keystore.p12 is contained in the classpath of Apache Tomcat.
I tested the connection with following Unit-Test:
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("classpath:spring-test-config.xml")
public class MyClientTest {
private static MyWebservices webservices;
@BeforeClass
public static void initializeWebservices() throws IllegalStateException {
if (webservices == null ) {
URL servicesUrl;
try {
servicesUrl = new URL("https://examplehost.com/abcd/abcdefg/rpcrouter");
AxisProperties.getProperties().put("proxySet", "true");
AxisProperties.setProperty("http.proxyHost", "11.222.333.44");
AxisProperties.setProperty("http.proxyPort", "80");
AxisProperties.setProperty("keystore", "my_keystore.p12");
AxisProperties.setProperty("keystorePassword", "abc");
AxisProperties.setProperty("keystoreType", "pkcs12");
} catch (MalformedURLException e) {
throw new IllegalStateException(e.getMessage());
}
try {
webservices = new MyWebservicesServiceLocator().getrpcrouter(servicesUrl);
} catch (ServiceException e) {
throw new IllegalStateException(e.getMessage());
}
}
}
@Test
public void testConnection() throws Exception {
webservices.doSomething("2");
}
}
Following exception occurs:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
I think the problem is that the keystore is not read by axis. Is it possible to use client certificates with Apache Axis 1?
Thanks in advance,
Max
The solutions is to use JVM-Paramters for truststore and keystore.