CODEWITHSUNDEEP
javaweb-servicesjakarta-eeapache-axis
Sharad Ahire
Sharad Ahire

Reputation: 788

javax.net.ssl.trustStore not getting updated

Below is the sample code which invoke 1st web service using dev keystore and invoke 2nd web service using stage keystore.

public static void main(String args[]) {

    System.setProperty("javax.net.ssl.trustStore",
            "C:\\Users\\shahire\\Desktop\\Keystores\\Keystores\\dev\\dev.keystore");
    System.out.println("1st web service call");
            // 1st axis2 web service call code

    System.setProperty("javax.net.ssl.trustStore",
        "C:\\Users\\shahire\\Desktop\\Keystores\\Keystores\\stage\\stage.keystore");
    System.out.println("2nd web service call");
            // 2nd axis2 web service call code

}

I am able to call first web service call however i have been getting below error while accessing 2nd web service call

org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.axis2.AxisFault.makeFault(AxisFault.java:417)

By looking at the exception i feel that it caching "javax.net.ssl.trustStore" location.

When i comment 1st web service call then i can able access the 2nd web service.

Upvotes: 1

Views: 3357

Answers (2)

Apostolos Emmanouilidis
Apostolos Emmanouilidis

Reputation: 7197

Υou could try an alternative way without modifying the properties provided by the JVM.

Here is a sample example:

package test.ssl;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

public class SSLClient {

    public void provider() throws Exception {
        // first call
        invokeWebServiceSSL(".../.../.../name.keystore", "changeit",
                "https://../../");
        // second call
        // invokeWebServiceSSL(String keystorePath, String pass, String
        // endpointURL)
    }

    public static void invokeWebServiceSSL(String keystorePath, String pass, String endpointURL) {
        HttpsURLConnection conn = null;
        try {

            char[] password = pass.toCharArray();
            FileInputStream fis = new FileInputStream(keystorePath);
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            ks.load(fis, password);

            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, password);

            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(ks);
            fis.close();

            SSLContext ctx = SSLContext.getInstance("SSL");
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            SSLSocketFactory sf = ctx.getSocketFactory();

            URL url = new URL(endpointURL);
            conn = (HttpsURLConnection) url.openConnection();
            conn.setSSLSocketFactory(sf);

            InputStream inputstream = conn.getInputStream();
            InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
            BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

            String rs = null;
            while ((rs = bufferedreader.readLine()) != null) {
                System.out.println("Received: " + rs);
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                conn.getInputStream().close();
            } catch (Exception e) {
            }
        }
    }
}

I hope this helps.

Upvotes: 0

Cratylus
Cratylus

Reputation: 54074

Just to be clear. I don't know if Axis2 actually for some reason "reuses" or caches as you say the truststore system property that you have provided; my best guess is that it initializes some object under the hood which reads the property and after it has been configured does not need to read it again.
But you can work arround this by putting all your trusted certificates in the same truststore. This will definetely solve your problem since as you say you actually can connect succesfully to the 2nd web service.
Why are you using different truststores in the first place?
If you have to, due to some security requirement (do you have one?) you should look into whether there are other ssl properties for Axis specifically that you are not using.

Upvotes: 4

Related Questions