Simple Java soap client with x509 but without sprint/cf/metro etc

Question

I need to connect to a soap server, using x509 security.

The client should be a simple java program, called from the command line. I have a WSDL file, and I generated the java sources from it via wsimport.

How do I sign the communication? I only found answers using Spring, CF etc. but I have Java SE.

What do you mean with 'x509 security'? Do you have to sign SOAP requests with a client certificate or creating a SSL channel with client authentication? — pedrofb, Jun 27 '16 at 14:01

score 0 · Accepted Answer · edited May 23 '17 at 11:44

SSL/TLS two-way authentication mechanism refers two parties authenticating each other at the same time. The client uses a digital certificate during the SSL/TLS handshake to create the secure channel

Signing a SOAP request means signing the body of a soap message with a digital certificate and embed the XML signature in SOAP header to be validadted by the server

The are different mechanisms to authenticate and and it is rare to find together, but it is correct. I can provide you some links to perform each step

First you will need

A truststore with the SSL certificate of the server
A keystore with the SSL client certificate
A keystore with the SOAP signing certificate (could be the same)

The keystore could be in JKS or PKCS#12 format. If you have never worked with keystore, I suggest to use the portecle GUI tool

Two ways authentication

You need to create a SSLContext, init with keystore and truststore and set the context in urlconnection

KeyStore keystore = KeyStore.getInstance("pkcs12"); 
keystore.load(new FileInputStream("clientstore.p12"), keystorePassword); 
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
kmf.init(keystore, keystorePassword); 
KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType()); 
truststore.load(new FileInputStream("truststore.jks"), truststorePassword); 

TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); 
tmf.init(truststore); 
SSLContext context = SSLContext.getInstance("TLS"); 
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 

URL url = new URL("https://yourservice.com"); 
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); 
SSLSocketFactory sslSocketFactory = context.getSocketFactory(); 
urlConnection.setSSLSocketFactory(sslSocketFactory);

You can also use system properties to define keystores

-Djavax.net.debug=ssl
-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.keyStore=client.p12
-Djavax.net.ssl.keyStorePassword=whatever
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStore=client-truststore.jks
-Djavax.net.ssl.trustStorePassword=whatever

Signing soap

JAX-WS is bundled with JDK 1.6. You can use it to invoke SOAP web services, but it is often used a WS-Security framework like WSS4J to sign SOAP. I provide you some links to perform signature without it Sign JAX-WS SOAP request

Check this link

Simple Java soap client with x509 but without sprint/cf/metro etc

1 Answers1

Two ways authentication

Signing soap