2

I'm putting together a soap client to call a thirdparty soap service. I'm having issues connecting with Java. It works fine with SoapUI. This is the first time I've set up a keystore within the app. All the code I have found is the same and pretty simple but I can't figure out why the java version isn't working.. I'm using a TLS pfx file provided by the company whose service I'm trying to connect too. I'm getting a 403 back from the server.. Here is the code

        URL wsdlLocation = new URL(SECURE_INTEGRATION_WSDL);
        ObjectFactory ofactory = new ObjectFactory();
        HttpsURLConnection httpsConnection = (HttpsURLConnection)wsdlLocation.openConnection();
        char[] password = CLIENT_KEYSTORE_PASSWORD.toCharArray();

        //load keystore
        FileInputStream is = new FileInputStream(new File(CLIENT_KEYSTORE_PATH));
        final KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(is, password);
        is.close();

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

        kmf.init(keystore, password);

        //set the ssl context
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(kmf.getKeyManagers(), null,
                new java.security.SecureRandom());


        httpsConnection.setSSLSocketFactory(sc.getSocketFactory());



        SecureIntegrationServicesImap client = new SecureIntegrationServicesImap(wsdlLocation);


        SesMessage message = ofactory.createSesMessage();

        ReceiveRequest r = ofactory.createReceiveRequest();

        r.setEmail(ofactory.createReceiveRequestEmail("<email ommitted>"));
    ArrayOfMessageSummary messages = client.getWSHttpBindingSecureIntegrationServiceImap().getMessageList(r);
    log.info(messages.getMessageSummary().size());

Any help with what I'm wrong is greatly appreciated..

Not sure if it matters but the server is a .NET platform

Here is the stacktrace I'm getting

javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://<host omitted>/TS?wsdl. It failed with: 
Server returned HTTP response code: 403 for URL: https://<host omitted>/TS?wsdl.
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:265)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:246)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:209)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:178)
at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:363)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:321)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:230)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:211)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:207)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:114)
at javax.xml.ws.Service.<init>(Service.java:77)
at org.tempuri.SecureIntegrationServicesImap.<init>(SecureIntegrationServicesImap.java:50)
at com.wiredinformatics.utils.SecureExchange.main(SecureExchange.java:127) Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://host omitted/TS?wsdl
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at java.net.URL.openStream(URL.java:1045)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:999)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:400)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:231)
... 11 more
Daniel Cosio
  • 177
  • 1
  • 2
  • 16
  • Can you share the exception you're getting from Java? HTTP Code 403 means not authorized, so presumably you're not authenticating to your web service correctly, but without more information it's hard to be sure. What are you trying to type of server are you trying to authenticate to? What type of authorization does it expect? – Michael Powers Jul 31 '18 at 19:29
  • The server is .NET and they provided us with a pfx cert file/password. I added the stack trace to my original post. Everything seems to work fine using SoapUI – Daniel Cosio Jul 31 '18 at 21:37
  • You don’t set the protocol on the socketfactory. Add the javax.net.debug system property and see if ClientHello is using the right version of TLS. – Nathan Hughes Jul 31 '18 at 22:50
  • @NathanHughes the protocal is set in SSLContext.getInstance("TLS") and *** ClientHello, TLSv1.2 which is correct – Daniel Cosio Aug 01 '18 at 13:24

1 Answers1

1

It sounds like you're using TLS based client authentication. Based on the code you posted I suspect the issue is that you're not using httpsConnection anywhere after you initialize it. Therefore it's not trying to use your client certificate as you were expecting but is instead using the default request context settings.

Assuming you're using JAX-WS you should be able to use the solution outlined in this answer to bind your certificate to your request context (instead of initializing your own HttpsURLConnection):

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
Michael Powers
  • 1,970
  • 1
  • 7
  • 12
  • I used the static call setDefaultSSLSocketFactory and now get a Server returned HTTP response code: 400 for URL: – Daniel Cosio Aug 01 '18 at 15:08
  • HTTP 400 means bad request. That means the server thinks there is a problem with your request. What that means exactly will depend on your application. The good news is that 400 probably means you've authenticated correctly, since most servers don't validate requests until after you've authenticated. Make sure you've built your bindings off of the correct WSDL and the data you're passing in makes sense. – Michael Powers Aug 01 '18 at 15:43
  • ok. I didn't realize that it would have been authenticated by then.. I'm asking our client to see what is in there logs.. – Daniel Cosio Aug 01 '18 at 17:18