Relative path keystore Axis2

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Relative path keystore Axis2

Oscar Rugama
 Hi all:

      I'm developing a web service using axis2 & tomcat .

     It´s a little bit complicated due to the fact that I act as a server but within the aar in which I act as a server in same procedure I have to call to external Web Services (for calling those External Web Service which are legacy it´s used Axis.

     Those external Web Service are not secured, I´m not using SSL because tender are not asking for it.

  All work Ok, I mean I deploy aar and I make a calle to my server and everything ok.

     One of this Web Service now needs to be used using SSL, it means use a certificate.

      I know how to secure a Web Service that´s not the problem, in fact I have got all working.

     The key problem is that to get my keystore path I don´t want to use absolute path because I´m not the admin of the server.

     And I´m facing that I don´t know how to do it, let me explain it with an example.

    There I use a  keystdata.jks keystore file to store some certificates. When I give the Absolute Path for the keysdata.jks, everything works fine. But I am looking for a way to give the file path in relative to the source file. To achive that I have tried several methods and nothing works.

My project could be like that, so at first glance my keystore is placed at the what I thought is the root level, so just writing

System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");


I thought it should look in the root level. But nothing works (I mean an absolute path yes it works)


  
+Project
|-src
|-keysdata.jks


Do anyone have any idea?
Thank you
Kind regards,
Oscar


Reply | Threaded
Open this post in threaded view
|

Re: Relative path keystore Axis2

robertlazarski .
On Wed, Apr 27, 2016 at 12:25 PM, Oscar Rugama <[hidden email]> wrote:
>  Hi all:
>
>       I'm developing a web service using axis2 & tomcat .
>
<snip>
> My project could be like that, so at first glance my keystore is placed at
> the what I thought is the root level, so just writing
>
> System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");
>
>
> I thought it should look in the root level. But nothing works (I mean an
> absolute path yes it works)
>

I would try to use some form of getResourceAsSteam() . Lots of ways to
do that. At the axis2 level, you should be able to do something like:

MessageContext.getCurrentMessageContext().getAxisService().getClassLoader().getResourceAsSteam("keysdata.jks");

- R

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Relative path keystore Axis2

Oscar Rugama
 Hi Robert:

 Thank you very much for pointing me.

  I have performed the following code:

         KeyStore theKeystore = null;
        
          try {
            InputStream theKeystoreInputStream = ClassLoader.getSystemResourceAsStream("keysdata.jks");
            theKeystore = KeyStore.getInstance("JKS");
            theKeystore.load(theKeystoreInputStream, null);
            theKeystoreInputStream.close();
        } catch (KeyStoreException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        } catch (IOException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        } catch (NoSuchAlgorithmException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        } catch (CertificateException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        }

And as far as I have debugged it, theKeystore  is not null.

Reaching this point, I have been trying to perform code to use theKeystore  but unfortunately I didn´t reach the solution.

I have surfing on google, and I found some examples using a SecureSocketFactory.

I have done my own SecureSocketFactory and I have told Axis like this

 AxisProperties.setProperty("axis.socketSecureFactory","solvenciacenter.webservice.impl.MyCustomSSLSocketFactory");

My call to the web service looks like:

IcTransactionServiceServiceStub service = new IcTransactionServiceServiceStub(axisContext, endpointURL);
    
            org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties HTTPProxyProperties = new org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties();
           HTTPProxyProperties.setProxyName(IberdrolaConfigurationManager.getProperty("ws.proxy.host"));
           HTTPProxyProperties.setProxyPort(Integer.parseInt(IberdrolaConfigurationManager.getProperty("ws.proxy.port")));
           HTTPProxyProperties.setUserName(proxyUser);
           HTTPProxyProperties.setPassWord(proxyPassword);
           org.apache.axis2.client.Options options = service._getServiceClient().getOptions();
           options.setProperty("PROXY", HTTPProxyProperties);

           respuesta = service.submit(peticionA);

And I´m still getting the same error about not finding the certificate.

Could you please point me what I´m understanding wrong?

Thank you very much

Kind regards




> Date: Wed, 27 Apr 2016 12:54:36 -0300

> Subject: Re: Relative path keystore Axis2
> From: [hidden email]
> To: [hidden email]
>
> On Wed, Apr 27, 2016 at 12:25 PM, Oscar Rugama <[hidden email]> wrote:
> > Hi all:
> >
> > I'm developing a web service using axis2 & tomcat .
> >
> <snip>
> > My project could be like that, so at first glance my keystore is placed at
> > the what I thought is the root level, so just writing
> >
> > System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");
> >
> >
> > I thought it should look in the root level. But nothing works (I mean an
> > absolute path yes it works)
> >
>
> I would try to use some form of getResourceAsSteam() . Lots of ways to
> do that. At the axis2 level, you should be able to do something like:
>
> MessageContext.getCurrentMessageContext().getAxisService().getClassLoader().getResourceAsSteam("keysdata.jks");
>
> - R
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
Reply | Threaded
Open this post in threaded view
|

RE: Relative path keystore Axis2

Martin Gainty
Buenas
yesterday I was trying to determine *best price* to get to South America this year..obrigado Robert for stepping in

public org.apache.commons.ssl.SSLClient client;
public java.security.KeyStore ks = java.security.KeyStore.getInstance("JKS");
public java.security.cert.Certificate cert = ks.getCertificate(alias);
public String original_keystoreFile="servidor.jks"; //sub in actual location of keystore file
public String keystoreFile ="servidor.jks";    //sub in actual location of keystore file
public String keystorePass="contrasuena"; //sub in actual password to keystore
public String cert_filename="C:\\cacerts"; // sub in actual location of cacerts file
public javax.net.ssl.SSLSocket ssl_socket;
public java.util.Properties props = new java.util.Properties();
public String hostURL_for_socket= props.getProperty("HostURL");    //sub in actual HTTP host
public String securePortURL =props.getProperty("SSLHostURL"); //sub in actual SSL host

try
{
 client=new org.apache.commons.ssl.SSLClient();
 client = setup_certificate(client);
 System.out.println("SSLClient="+client);
}
catch(Exception excp)
{
 System.err.println("Cannot setup SSLClient message="+excp.getMessage());
 return;
}
System.out.println("before secure_socket = (SSLSocket) client.createSocket(hostURL_for_socket,securePortURL )");
secure_socket = (javax.net.ssl.SSLSocket) client.createSocket(hostURL_for_socket,securePortURL );
System.out.println("AFTER client.createSocket secure_socket="+secure_socket);
   }
   catch(UnknownHostException unknown_host)
   {
   System.out.println("UnknownHostException has been thrown message="+unknown_host.getMessage());
   System.out.println("new Socket(hostURL_for_socket="+hostURL_for_socket);
System.out.println("securePortURL="+securePortURL);
System.out.println("client.createSocket(hostURL_for_socket,securePortURL ) throws UnknownHostException has been thrown message="+unknown_host.getMessage());
            }

public org.apache.commons.ssl.SSLClient setup_certificate(org.apache.commons.ssl.SSLClient client)
{
try
{
// Let's trust usual "cacerts" that come with Java.  Plus, let's also trust a self-signed cert
// we know of.  We may have additional trusted certs inside keystore file.
    System.out.println("before client.addTrustMaterial( TrustMaterial.DEFAULT )");
    client.addTrustMaterial( org.apache.commons.ssl.TrustMaterial.DEFAULT );
// client.addTrustMaterial( new org.apache.commons.ssl.TrustMaterial( "/path/to/self-signed.pem" ) );
try
{
System.out.println("before key_material=new org.apache.commons.ssl.KeyMaterial( keystoreFile,keystorePass.toCharArray() )");
//public org.apache.commons.ssl.KeyMateria(File jksFile,char[] password) throws GeneralSecurityException,IOException Throws: //GeneralSecurityException IOException
key_material=new org.apache.commons.ssl.KeyMaterial( new java.io.File(keystoreFile),(char[])keystorePass.toCharArray() );
   }
   catch(java.security.GeneralSecurityException general_security_exception)
   {
System.out.println("key_material=new  org.apache.commons.ssl.KeyMaterial( new java.io.File(keystoreFile),(char[])keystorePass.toCharArray() ) throws GeneralSecurityException has been thrown message="+general_security_exception.getMessage());
key_material=null;
                                   return null;
}
System.out.println("key_material="+key_material);

System.out.println("addding keystore file ..before client.addTrustMaterial( key_material )");
if(key_material!=null) client.addTrustMaterial( key_material );

// To be different, let's bypass check the hostname of the certificate
System.out.println("before client.setCheckHostname( false )");
client.setCheckHostname( false );  // default setting is "true" for SSLClient
                            //to be difference lets allow for expired certs (not recommended)
System.out.println("before client.setCheckExpiry( false )");
client.setCheckExpiry( false );   // default setting is "true" for SSLClient

                        //lets check against the Certificate Revocation List
System.out.println("before client.setCheckCRL( true )");
client.setCheckCRL( true );       // default setting is "true" for SSLClient

System.out.println("before key_material=new org.apache.commons.ssl.KeyMaterial(cert_filename, keystorePass.toCharArray()) where cert_filename="+cert_filename+" keystoreFile="+keystoreFile+" keystorePass="+keystorePass);
//org.apache.commons.ssl.KeyMaterial(String pathToCerts, String pathToKey, char[] keystorePass)
key_material=new org.apache.commons.ssl.KeyMaterial(cert_filename, (String)keystoreFile,(char [])keystorePass.toCharArray());
System.out.println("(Certificate) key_material="+key_material);

// Let's load a client certificate (max: 1 per SSLClient instance).
System.out.println("adding cert to client ..before client.setKeyMaterial( key_material )");
client.setKeyMaterial( key_material);

  cert_filename = "C:\cacerts"; //sub in actual location of cacerts file
             original_keystoreFile = "servidor.jks"; //sub in actual location of server key file
             char[] lfstorepass = keystorePass.toCharArray(); //make sure keystorePass contains actual password for cacerts
            char[] lfkeypass   = keystorePass.toCharArray();   //make sure keystorePass contains actual password for key store stored in cacerts (i use //same password..NOT recommended)

  java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
  System.out.println("X.509 CertificateFactory ="+cf);
           java.io.FileInputStream cacert_file = new java.io.FileInputStream(cert_filename);
           System.out.println("FileInputStream cacert_file="+cert_filename);

           System.out.println("Generating the cert");
           java.security.cert.Certificate certificate = cf.generateCertificate(cacert_file);
           System.out.println("closing cacert_file="+cert_filename);
           cacert_file.close();

  System.out.println("Generating cert chain for certificate ="+certificate);
            java.security.cert.Certificate[] cchain = { certificate };
            System.out.println("cchain="+cchain);

           System.out.println("loading server key "+original_keystoreFile);
           java.io.FileInputStream original_keystoreFile_file = new java.io.FileInputStream(original_keystoreFile);
           System.out.println("original_keystoreFile_file="+original_keystoreFile_file);

           System.out.println("about to load KeyStore ks = java.security.KeyStore.getInstance(JKS");
           java.security.KeyStore ks = java.security.KeyStore.getInstance("JKS");
           System.out.println("ks="+ks);

    System.out.println("load keystore from original_keystoreFile_file="+original_keystoreFile_file+" lfstorepass="+lfstorepass);
    ks.load(original_keystoreFile_file, lfstorepass);

//for asymmetric encryption (server and client keys are different) we need to dig out the private key
            System.out.println("before java.security.PrivateKey prk = (java.security.PrivateKey) ks.getKey(lf, lfkeypass)");
           java.security.PrivateKey prk = (java.security.PrivateKey) ks.getKey(alias, lfkeypass);
           System.out.println("private key="+prk);

           System.out.println("setting signed key for keystore ks.setKeyEntry(lf_signed, prk, lfstorepass, cchain)");
           ks.setKeyEntry("lf_signed", prk, lfstorepass, cchain);

System.out.println("Store keystore to file");
            java.io.FileOutputStream server_key_file = new java.io.FileOutputStream(original_keystoreFile);
            ks.store(server_key_file, keystorePass.toCharArray());
            server_key_file.close();
   }
   catch(java.security.GeneralSecurityException security_exception)
   {
System.out.println("************************************************************************************************************");
System.out.println("* GeneralSecurityException has been thrown message="+security_exception.getMessage());
System.out.println("************************************************************************************************************");
   }
catch(java.io.IOException ioe)
{
System.out.println("************************************************************************************************************");
System.out.println("* IOException has been thrown message="+ioe.getMessage());
System.out.println("************************************************************************************************************");
}
catch(java.lang.SecurityException security_excp)
{
System.out.println("************************************************************************************************************");
System.out.println("* SecurityException has been thrown message="+security_excp.getMessage());
System.out.println("************************************************************************************************************");
}
System.out.println("returning SSLClient client="+client);
return client;
    }

¡Saludos Cordiales desde las Americas!
Martín




From: [hidden email]
To: [hidden email]
Subject: RE: Relative path keystore Axis2
Date: Thu, 28 Apr 2016 13:05:22 +0200

 Hi Robert:

 Thank you very much for pointing me.

  I have performed the following code:

         KeyStore theKeystore = null;
        
          try {
            InputStream theKeystoreInputStream = ClassLoader.getSystemResourceAsStream("keysdata.jks");
            theKeystore = KeyStore.getInstance("JKS");
            theKeystore.load(theKeystoreInputStream, null);
            theKeystoreInputStream.close();
        } catch (KeyStoreException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        } catch (IOException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        } catch (NoSuchAlgorithmException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        } catch (CertificateException ex) {
            java.util.logging.Logger.getLogger(AsnefWS.class.getName()).log(Level.SEVERE, null, ex);
        }

And as far as I have debugged it, theKeystore  is not null.

Reaching this point, I have been trying to perform code to use theKeystore  but unfortunately I didn´t reach the solution.

I have surfing on google, and I found some examples using a SecureSocketFactory.

I have done my own SecureSocketFactory and I have told Axis like this

 AxisProperties.setProperty("axis.socketSecureFactory","solvenciacenter.webservice.impl.MyCustomSSLSocketFactory");

My call to the web service looks like:

IcTransactionServiceServiceStub service = new IcTransactionServiceServiceStub(axisContext, endpointURL);
    
            org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties HTTPProxyProperties = new org.apache.axis2.transport.http.HttpTransportProperties.ProxyProperties();
           HTTPProxyProperties.setProxyName(IberdrolaConfigurationManager.getProperty("ws.proxy.host"));
           HTTPProxyProperties.setProxyPort(Integer.parseInt(IberdrolaConfigurationManager.getProperty("ws.proxy.port")));
           HTTPProxyProperties.setUserName(proxyUser);
           HTTPProxyProperties.setPassWord(proxyPassword);
           org.apache.axis2.client.Options options = service._getServiceClient().getOptions();
           options.setProperty("PROXY", HTTPProxyProperties);

           respuesta = service.submit(peticionA);

And I´m still getting the same error about not finding the certificate.

Could you please point me what I´m understanding wrong?

Thank you very much

Kind regards




> Date: Wed, 27 Apr 2016 12:54:36 -0300

> Subject: Re: Relative path keystore Axis2
> From: [hidden email]
> To: [hidden email]
>
> On Wed, Apr 27, 2016 at 12:25 PM, Oscar Rugama <[hidden email]> wrote:
> > Hi all:
> >
> > I'm developing a web service using axis2 & tomcat .
> >
> <snip>
> > My project could be like that, so at first glance my keystore is placed at
> > the what I thought is the root level, so just writing
> >
> > System.setProperty("javax.net.ssl.keyStore", "keysdata.jks");
> >
> >
> > I thought it should look in the root level. But nothing works (I mean an
> > absolute path yes it works)
> >
>
> I would try to use some form of getResourceAsSteam() . Lots of ways to
> do that. At the axis2 level, you should be able to do something like:
>
> MessageContext.getCurrentMessageContext().getAxisService().getClassLoader().getResourceAsSteam("keysdata.jks");
>
> - R
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>