CODEWITHSUNDEEP
javassl-certificatesoap-client
Daniel Cosio
Daniel Cosio

Reputation: 293

SOAP Client SSL, failed authentication

I'm putting together a soap client to call a thirdparty soap service. I'm having issues connecting with Java. It works fine with SoapUI. This is the first time I've set up a keystore within the app. All the code I have found is the same and pretty simple but I can't figure out why the java version isn't working.. I'm using a TLS pfx file provided by the company whose service I'm trying to connect too. I'm getting a 403 back from the server.. Here is the code

        URL wsdlLocation = new URL(SECURE_INTEGRATION_WSDL);
        ObjectFactory ofactory = new ObjectFactory();
        HttpsURLConnection httpsConnection = (HttpsURLConnection)wsdlLocation.openConnection();
        char[] password = CLIENT_KEYSTORE_PASSWORD.toCharArray();

        //load keystore
        FileInputStream is = new FileInputStream(new File(CLIENT_KEYSTORE_PATH));
        final KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(is, password);
        is.close();

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

        kmf.init(keystore, password);

        //set the ssl context
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(kmf.getKeyManagers(), null,
                new java.security.SecureRandom());


        httpsConnection.setSSLSocketFactory(sc.getSocketFactory());



        SecureIntegrationServicesImap client = new SecureIntegrationServicesImap(wsdlLocation);


        SesMessage message = ofactory.createSesMessage();

        ReceiveRequest r = ofactory.createReceiveRequest();

        r.setEmail(ofactory.createReceiveRequestEmail("<email ommitted>"));
    ArrayOfMessageSummary messages = client.getWSHttpBindingSecureIntegrationServiceImap().getMessageList(r);
    log.info(messages.getMessageSummary().size());

Any help with what I'm wrong is greatly appreciated..

Not sure if it matters but the server is a .NET platform

Here is the stacktrace I'm getting

javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://<host omitted>/TS?wsdl. It failed with: 
Server returned HTTP response code: 403 for URL: https://<host omitted>/TS?wsdl.
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:265)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:246)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:209)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:178)
at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:363)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:321)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:230)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:211)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:207)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:114)
at javax.xml.ws.Service.<init>(Service.java:77)
at org.tempuri.SecureIntegrationServicesImap.<init>(SecureIntegrationServicesImap.java:50)
at com.wiredinformatics.utils.SecureExchange.main(SecureExchange.java:127) Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://host omitted/TS?wsdl
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at java.net.URL.openStream(URL.java:1045)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:999)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:400)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:231)
... 11 more

Upvotes: 2

Views: 2569

Answers (1)

Michael Powers
Michael Powers

Reputation: 2050

It sounds like you're using TLS based client authentication. Based on the code you posted I suspect the issue is that you're not using httpsConnection anywhere after you initialize it. Therefore it's not trying to use your client certificate as you were expecting but is instead using the default request context settings.

Assuming you're using JAX-WS you should be able to use the solution outlined in this answer to bind your certificate to your request context (instead of initializing your own HttpsURLConnection):

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

Upvotes: 1

Related Questions