4

I'm trying to pass client certificate to a web service using JAX-RPC implementation. (the web service is in rpc-encoded style).

So far, I am able to do it by setting system properties:

System.setProperty("javax.net.ssl.keyStore", "client_cert.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "newpasswd");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");

and then constructing and calling the web service:

CertificateInfoPortType svc = new CertificateInfoLocator().getCertificateInfo(new URL(SERVICE_URL));
svc.methodToBeInvoked();

But since this will be used inside of an EJB, I don't want to set the JVM-wide parameters using System.setProperty since that will affect all web service clients.

Is there a way to pass client certificate as parameter? From what I've been able to read up I should be using a custom KeyManager, but I don't know how to set the custom KeyManager to the client.

Thanks!

miha
  • 3,287
  • 3
  • 29
  • 44

1 Answers1

1

i'm not sure if this will work for how you use jaxws, but you can set a custom socket factory (configured with a custom ssl context) on a jaxws client using something like:

dispatch.getRequestContext().put(com.sun.xml.ws.developer.JAXWSProperties.SSL_SOCKET_FACTORY, getSSLContext().getSocketFactory());

(this is specific to the sun/oracle jaxws implementation).

jtahlborn
  • 52,909
  • 5
  • 76
  • 118
  • Unfortunately I don't see how I can get hold of RequestContext. I have a reference to javax.xml.rpc.Stub. I tried setting the above proprety on the stub using `_setProperty` but it has no effect. – miha Apr 17 '11 at 05:07
  • ah, i misread your initial post as saying that you were using jaxws. now i see that you are using jax-rpc, which is a different beast entirely. do you know what jax-rpc impl you are using? axis perhaps? – jtahlborn Apr 17 '11 at 19:01
  • 1
    JAX-RPC below is Axis, yes. But I got nowhere with that. I changed implementation to JAX-WS (by changing the WSDL by hand) and then used `((BindingProvider)port).getRequestContext...` to set the custom SSL socket factory. Phew... What were those java guys smoking when they were designing this? :) – miha Apr 17 '11 at 20:04