0

I have a question in regards to SSLHandshakeException talking to a https Web service using Spring WebServiceTemplate

answerd by borodark

"No need to import keys into keystore."

If we dont provide a keystore then what will Httpclient use for sending the Client certificate for SSL handshake ?

I have a requirement to invoke web services on a bussiness partner -

a) Authenticate using SSL using a public key certificate X

b) Encrypt and Sign SOAP messages using public key certificate Y

I guess I will need to specify certificate Y to the following :

<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="securementActions" value="Signature"/>
    <property name="securementSignatureKeyIdentifier" value="DirectReference"/>
    <property name="securementUsername" value="mycert"/>
    <property name="securementPassword" value="certpass"/>
    <property name="securementSignatureCrypto">
      <bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
        <property name="keyStorePassword" value="123456"/>
        <property name="keyStoreLocation" value="classpath:/keystore.jks"/>
      </bean>
    </property>
</bean>

I am not sure how/where to specify certificate X for SSL handshake. I think its the HttpClient but I dont see it in the XML posted by borodark.

Please help !

user2412398
  • 471
  • 4
  • 10

1 Answers1

0

in the xml file where you have configured the keystore you should have something like this:

            <beans>
               <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
               <property name="keyStore" ref="keyStore"/>
               <property name="privateKeyPassword" value="changeit"/>
           </bean>

           <bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
               <property name="location" value="classpath:keystore.jks"/>
               <property name="password" value="changeit"/>
           </bean>
       </beans>

the cue here is 

     <property name="location" value="classpath:keystore.jks"/>

that is the path to the keystore.. now, possibly you can use a certain alias inside the keystore for ssl handhshake (and that's what you configure here), additionally the security policy leverages on the same file, but then again in the securitypolicy file you can specify a different alias.. and that should do the trick.. Consider that while 

    <property name="location" value="classpath:keystore.jks"/>

indicates classpath you can use other form to reference resources outside the war itself, and that lets you change the certificate without touching the war at all..

witchedwiz
  • 295
  • 2
  • 10