Reputation: 135
Connect to webservice with certificate from java
I am connecting to a webservice from a java program. The webservice requires a certificate in order to give me back any data. I have not managed to set up the certificate connection with my java code. Instead I have used something called Stunnel which simply creates a connection to the host with the certificate. Now I want to remove the stunnel and do everything from java. Surely this must be possible?
This is the config for the stunnel.
cert = /etc/stunnel/client.pem
options = NO_SSLv2
[https]
client = yes
accept = 8083
sni = www.xxx.se
connect = www.xxx.se:443
And in order to start the tunnel I need to provide a password connected to the certificate so this will also be needed in the code.
My current code.
URL url = new URL(wsdlURL);
QName qname = new QName("urn:ws.fps.xxx.com/supportToolSupport", "SupportToolSupportService");
javax.xml.ws.Service = javax.xml.ws.Service.create(url, qname);
SupportToolSupport support = service.getPort(SupportToolSupport.class);
List<Company> companies = support.supportToolGetCompanies("");
Any idea what code to do before this code to replace the stunnel?
Upvotes: 3
Views: 2291
Answers (1)
Reputation: 437
Looks like the class SupportToolSupport is pojo generated from the WSDL. When you call SupportToolSupport.supportToolGetCompanies() that pojo is actually making the connection. By default it will use your JVM's certificate stores, both the Keystore and TrustStore. The Keystore is usually called keyStore.jks and the TrustStore is usually called cacerts(.jks). These are usually found in < java JRE install directory >/lib/security. You can manage how the JVM accesses the certificate stores programmatically, but if possible it is easier to set up the environment. You can force the JVM to use a specific keystore, alias, and password when calling java by passing these variables to java:
-Djavax.net.ssl.keyStore="path to keyStore.jks"
-Djavax.net.ssl.keyStoreType="JKS"
-Djavax.net.ssl.keyStorePassword="changeit"
-Djavax.net.ssl.trustStore="path to cacerts"
For example command line:
java -Djavax.net.ssl.keyStore="path to keyStore.jks" ... -cp <class path> class.to.run
For Eclipse copy and paste the lines above into the VM Arguments box of the Arguments Tab within the run configurations. Run -> Run Configurations -> find your configuration -> Select Arguments Tab
Upvotes: 1
Related Questions
- Java: Accessing Webservice with HTTPS and Clientcertificate
- JAVA Webservice certificate Configuration
- How to connect to a soap webservice via HTTPS/SSL?
- Consuming a WebService over SSL in Java
- Web service client with Java application and SSL
- Sending a certificate
- Web service authentication using https giving error
- Webservices client and ssl
- Webservice certificate-related error
- How do I call a webservice over SSL in Java?