Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WSDL Client Auth and Multiple Certs

Tags:

java

authentication

wsdl

keystore

So I'm running into a bit of an issue here with wsdls and selecting multiple certs in java. A smartcard, for example, has multiple certs on it, for signing, encryption, identification. I have a WSDL that generates the code for the client auth connection but as far as I can tell, you give the wsdl a path to the keystore by setting the property, like this

  System.setProperty("javax.net.ssl.keyStore",
    keyStore);
  System.setProperty("javax.net.ssl.keyStorePassword",
    keyStorePassword);

I'm following this tutorial. Now, for multiple certs in a keystore, like in a smart card, this presents a problem because there's no way to specify WHICH cert you want to use on that smartcard. It looks like the wsdl selects the first cert in the keystore, which might be the wrong certificate to authenticate with.

My question is 2-fold:

  1. Is there a way other than doing a System.setProperty to tell the wsdl which certificate to use? What can I do to specify which cert since most of the code is generated by the wsdl using wsconsume?

  2. The System.setProperty() only allows you to specify a path. Is there a way to specify an object? The way I am getting the certificates off of the smartcard is by using SunPKCS11 class (as found here). However, this returns to me a keystore object, and as far as I know System.setProperty() wants a path.

Thanks for your help!

like image 833
Otra Avatar asked Nov 13 '22 13:11

Otra

1 Answers

I finally found the answer to my question. Keep in mind I'm using CXF.

So when I call wsdl2java on the wsdl, I get a bunch of generated code. There are two pieces in particular that handle authorization aptly named Authorization and AuthorizationService. In my code, in order to call these links, I do the following

AuthorizationService authSvc = new AuthorizationService();
Authorization authWs = authSvc.getAuthorizationPort();

At this point, you'll need to construct your own keyManager and trustmanager by creating a new keystore from the chosen certificate. A good place to get started is this

Then you need to construct TLSClientParameters

TLSClientParameters params = new TLSClientParameters();
params.setKeyManagers(keyManagers);
params.setTrustManagers(trustManagers);

Then create your HTTPConduit.

HTTPConduit conduit = (HTTPConduit) ClientProxy.getClient(authWs).getConduit();
conduit.setTlsClientParameters(params);

And then you can use your web service with the cert that your user has selected.

like image 50
Otra Avatar answered Nov 16 '22 04:11

Otra
Sign in to Comment

Related questions

Uses of Java Security Manager
Depth first knapsack using stack and no recursion
How can i run a .jar file in java
Derby Auto-Increment and Eclipselink UnitOfWork
Spanning user information across multiple EJBs
Find an object with a data member with a unique value in Java?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!