CODEWITHSUNDEEP
spring-bootssl-certificatejax-wsjkssslhandshakeexception
Mahdi khodabandelu
Mahdi khodabandelu

Reputation: 152

How to call https webserivce in spring boot with certificate

I am getting the following exception while calling a https webservice in spring boot with apache cxf face

SSLHandshakeException invoking https://fanava.shaparak.ir:443/merchantwebservice/jax/merchantAuth: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What are the configurations required to invoke this service?

classClient:

@Configuration
public class WSClient {
   @Bean(name = "PaymentWebService")
   public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException {
          JaxWsProxyFactoryBean factory;
          factory = new JaxWsProxyFactoryBean();
          factory.setServiceClass(PaymentWebService.class);
          factory.setAddress("http://localhost:8080/soap-api/merchantAuth_1.0");
          return (PaymentWebService) factory.create();
   }
}

Upvotes: 1

Views: 6617

Answers (2)

Mahdi khodabandelu
Mahdi khodabandelu

Reputation: 152

1.get certificate webservice you want.

2.create keystore with this cerificate.

3.ssl config client with keystore :

@Configuration
public class WebServiceClient {

@Inject
private PaymentProperties paymentProperties;

@Autowired
private ResourceLoader resourceLoader;

@Bean(name = "PaymentWebService")
public PaymentWebService PaymentWebServiceCLient() throws MalformedURLException {

    JaxWsProxyFactoryBean factory;
    factory = new JaxWsProxyFactoryBean();
    factory.setServiceClass(PaymentWebService.class);
    // factory.setAddress("http://localhost:8080/ws/merchantAuth_1.0");
    factory.setAddress(paymentProperties.getWsPublicUrl());

    PaymentWebService service = (PaymentWebService) factory.create();
    try {
        final Client client = ClientProxy.getClient(service);
        setupSsl((HTTPConduit) ClientProxy.getClient(service).getConduit());
    } catch (Exception e) {
    }
    return service;
}

private void setupSsl(HTTPConduit httpConduit) throws Exception {

    final TLSClientParameters tlsCP = new TLSClientParameters();

    final String keyStoreLoc = paymentProperties.getSsl().getKeyStore();
    final String keyPassword = paymentProperties.getSsl().getKeyStorePassword();
    final String keystoreType = paymentProperties.getSsl().getKeyStoreType();

    final KeyStore keyStore = KeyStore.getInstance(keystoreType);
    Resource resource1 = resourceLoader.getResource(keyStoreLoc);
    keyStore.load(resource1.getInputStream(), keyPassword.toCharArray());
    final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
    tlsCP.setKeyManagers(myKeyManagers);

    final String trustStoreLoc = paymentProperties.getSsl().getTrustStore();
    final String trustStorePassword = paymentProperties.getSsl().getTrustStorePassword();
    final String trustStoreType = paymentProperties.getSsl().getTrustStoreType();

    final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
    Resource resource2 = resourceLoader.getResource(trustStoreLoc);
    trustStore.load(resource2.getInputStream(), trustStorePassword.toCharArray());
    final TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
    tlsCP.setTrustManagers(myTrustStoreKeyManagers);

    httpConduit.setTlsClientParameters(tlsCP);
}

private static TrustManager[] getTrustManagers(KeyStore trustStore)
        throws NoSuchAlgorithmException, KeyStoreException {
    String alg = KeyManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
    fac.init(trustStore);
    return fac.getTrustManagers();
}

private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
        throws GeneralSecurityException, IOException {
    String alg = KeyManagerFactory.getDefaultAlgorithm();
    char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null;
    KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
    fac.init(keyStore, keyPass);
    return fac.getKeyManagers();
}
}

Upvotes: 1

Gokhan Oner
Gokhan Oner

Reputation: 3257

The root certificate of the web site is not in JVM truststore. So if you import the root certificate to the <path_to>/jre/lib/security/cacerts I think you'll be OK.

Upvotes: 0

Related Questions