Clever Geek Handbook

Connecting to a web service with a certificate from java

I am connecting to a web service from a java program. The web service requires a certificate to return any data to me. I was unable to set up a certificate connection with my java code. Instead, I used something called Stunnel, which simply creates a connection to the host with a certificate. Now I want to remove stunnel and do everything from java. Does this really have to be possible?

This is the configuration for stunnel.

cert = /etc/stunnel/client.pem
options = NO_SSLv2

[https]
client = yes
accept = 8083
sni = www.xxx.se
connect = www.xxx.se:443

And in order to start the tunnel, I need to provide the password connected to the certificate, so this will also be needed in the code.

My current code.

 URL url = new URL(wsdlURL);            
 QName qname =  new QName("urn:ws.fps.xxx.com/supportToolSupport",       "SupportToolSupportService");      
 javax.xml.ws.Service = javax.xml.ws.Service.create(url, qname);        
 SupportToolSupport support = service.getPort(SupportToolSupport.class);    
 List<Company> companies =  support.supportToolGetCompanies("");

Any idea what code needs to be done before this code to replace stunnel?

+3


source to share


1 answer


It looks like the class SupportToolSupport

is a pojo generated from WSDL. When you call SupportToolSupport.supportToolGetCompanies()

that pojo actually does the connection. By default it will use your JVM certificate stores, both Keystore and TrustStore. Keystore is usually named keyStore.jks and TrustStore is usually named cacerts (.jks). They are usually found in <java JRE install directory> / lib / security. You can control how the JVM accesses the certificate programmatically, but it's easier to set up your environment if possible. You can force the JVM to use a specific keystore, alias and password when calling java by passing these variables to java:

-Djavax.net.ssl.keyStore="path to keyStore.jks"
-Djavax.net.ssl.keyStoreType="JKS"
-Djavax.net.ssl.keyStorePassword="changeit"
-Djavax.net.ssl.trustStore="path to cacerts"

For example, on the command line:



java -Djavax.net.ssl.keyStore="path to keyStore.jks" ... -cp <class path> class.to.run

For Eclipse copy and paste lines in the above arguments VM tabs arguments within launch configurations. Run -> Run Configurations -> find your configuration -> Select the "Arguments" tab

+1


source






More articles:


All Articles