Axis 1.4 pass custom SecureSocketFactory

Question

I have an application where for some environment related reasons I need to pass my own securesocketfactory. I went through Axis 1.4 documentation . Based on this I tried setting my value in multiple ways. All listed below.

System.setProperty("org.apache.axis.components.net.SocketFactory", CustomSocketFactory.class.toString());
System.setProperty("org.apache.axis.components.net.SecureSocketFactory",CustomSocketFactory.class.toString());
System.setProperty("axis.socketFactory",CustomSocketFactory.class.toString());
System.setProperty("axis.socketSecureFactory",CustomSocketFactory.class.toString());
AxisProperties.setProperty("axis.socketSecureFactory", CustomSocketFactory.class.toString());
AxisProperties.setProperty("axis.socketFactory", CustomSocketFactory.class.toString());
AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory", CustomSocketFactory.class.toString());
AxisProperties.setProperty("org.apache.axis.components.net.SocketFactory", CustomSocketFactory.class.toString());

I am doing this just before my Locator class is instantiated. But in none of the case when the axis connectivity happened it used my socket factory.

Is there a way to pass my custom SocketFactory? Even if I can pass my custom KeytoreManager it would do the job.

Am at my wits end! The options I have tried like socketFactory might show that. Any help is much appreciated.

Answer 1

This is my solution, after a week of googling:

Step 1. Create class MySocketFactory:

import java.util.Hashtable;
import javax.net.ssl.SSLContext;
import org.apache.axis.components.net.JSSESocketFactory;
import org.apache.axis.components.net.SecureSocketFactory;

import javax.net.ssl.*;
import java.io.IOException;
import java.net.Socket;
import java.security.*;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;

public class MySocketFactory extends JSSESocketFactory implements SecureSocketFactory {

public MySocketFactory(Hashtable attributes) {
    super(attributes);
}

protected void initFactory() throws IOException {
    SSLContext context;
    try {
        context = getContext();
        this.sslFactory = context.getSocketFactory();
    } catch (Exception ex) {
        Logger.getLogger(MySocketFactory.class.getName()).log(Level.SEVERE, null, ex);
    }

}

protected SSLContext getContext() throws Exception {
    MyKeyManager myKeyManager = new MyKeyManager();
    KeyManager[] km = new X509KeyManager[]{myKeyManager};
    SSLContext context = SSLContext.getInstance("TLSv1.2");
    context.init(km, null, null);
    return context;
}

static class MyKeyManager extends X509ExtendedKeyManager {

    private String defaultAlias;
    private X509ExtendedKeyManager wrapped;

    public void load(String defaultAlias, KeyStore ks, char[] passwd) throws UnrecoverableKeyException, KeyStoreException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(ks, passwd);
            this.defaultAlias = defaultAlias;
            wrapped = (X509ExtendedKeyManager) keyManagerFactory.getKeyManagers()[0];
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Override
    public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine engine) {
        /*
        From https://github.com/grahamedgecombe/netty-sni-example/blob/4c1b5b17e06c9478243617979b6e5e3f0d7103ff/src/main/java/SniKeyManager.java
        Copyright (c) 2014 Graham Edgecombe <graham@grahamedgecombe.com>
        Permission to use, copy, modify, and/or distribute this software for any
        purpose with or without fee is hereby granted, provided that the above
        copyright notice and this permission notice appear in all copies.
        THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
        WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
        MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
        ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
        WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
        ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
        OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
         */
        ExtendedSSLSession session = (ExtendedSSLSession) engine.getHandshakeSession();

        // Pick first SNIHostName in the list of SNI names.
        String hostname = null;
        for (SNIServerName name : session.getRequestedServerNames()) {
            if (name.getType() == StandardConstants.SNI_HOST_NAME) {
                hostname = ((SNIHostName) name).getAsciiName();
                break;
            }
        }

        // If we got given a hostname over SNI, check if we have a cert and key for that hostname. If so, we use it.
        // Otherwise, we fall back to the default certificate.
        if (hostname != null && (getCertificateChain(hostname) != null && getPrivateKey(hostname) != null)) {
            return hostname;
        } else {
            return defaultAlias;
        }
    }

    @Override
    public String[] getServerAliases(String s, Principal[] principals) {
        return wrapped.getServerAliases(s, principals);
    }

    @Override
    public X509Certificate[] getCertificateChain(String s) {
        return wrapped.getCertificateChain(s);
    }

    @Override
    public PrivateKey getPrivateKey(String s) {
        return wrapped.getPrivateKey(s);
    }

    @Override
    public String[] getClientAliases(String s, Principal[] principals) {
        throw new UnsupportedOperationException();
    }

    @Override
    public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
        throw new UnsupportedOperationException();
    }

    @Override
    public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
        throw new UnsupportedOperationException();
    }
}

}

Step 2: before making the Axis call, add:

        AxisProperties.setProperty("axis.socketSecureFactory",  "MySocketFactory");
    System.setProperty("org.apache.axis.components.net.SocketFactory", "MySocketFactory");
    System.setProperty("org.apache.axis.components.net.SecureSocketFactory", "MySocketFactory"); 

Answer 2

I found my mistake. I had to simply pass

System.setProperty("org.apache.axis.components.net.SocketFactory", "com.package.myclass");
System.setProperty("org.apache.axis.components.net.SecureSocketFactory","com.package.myclass");

I was passing the wrong value.

Thanks

Answer 3

When you have your ServiceClient instance, you can get the options and set a property for the protocol handler to use:

serviceClient.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, sslProtocol);

One of the things a bit tricky about this is that you cannot just use a SSLSocketFactory, you have to provide an org.apache.commons.httpclient.protocol.ProtocolSocketFactory, which defines a few more methods.

You also have the option of creating your own HTTPClient instance and populating that:

serviceClient.getOptions().setProperty(HTTPConstants.REUSE_HTTP_CLIENT, Boolean.TRUE);
serviceClient.getOptions().setProperty(HTTPConstants.CACHED_HTTP_CLIENT, httpClient);