Home/ Questions/Q 6084971
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T11:35:09+00:00

I have generated code using org.codehaus.mojo axistools-maven-plugin plugin version 1.4. I am trying to

  • 0

I have generated code using org.codehaus.mojo axistools-maven-plugin plugin version 1.4. I am trying to connect to web service over https. I have installed server certificate into jssecacerts and copied this key store into /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/ folder. So this means I have server certificate in the client keystore. I have also imported server private key and certificate into kestore.ImportKey key store. I guess I will have to use this as trust store. Now, how to I connect all these together in java client?
I am using auto generated stub at client side. I tried using following but does not work.

System.setProperty("javax.net.ssl.trustStore","certs/keystore.ImportKey");
System.setProperty("javax.net.ssl.trustStorePassword", "importkey");

I am getting following exception. 

faultString: javax.net.ssl.SSLHandshakeException: 
    sun.security.validator.ValidatorException: 
PKIX path building failed: 
    sun.security.provider.certpath.SunCertPathBuilderException:
     unable to find valid certification path to requested target

The certificates are valid as I am using same certs over HTTPS client for the same host. Also, I was able to see successful curl request to using the same certs. Actually, I am not sure how to write Axis2 soap Java client over https using self signed server certificate. Can anyone point me to step by step example.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Thanks @Jcs

    This is how I solved the problem. When I tried opening the webservice URL in a browser, it asked for client certificate. This means, because I had already imported server certificate in jssecacert in jvm, my client was missing the client certificate. So, instead of setting javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties I set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword properties and it is working fine. I missed before the fact that the private key and certificate are imported into the keystore. ImportKey are basically client identity which I received long back from someone saying those are server certificates. That was misleading me. So, let me summarize the solution if someone is looking for it.

    1. Download server certificate and import into JVM cacerts or jssecacerts on system path.
      I used this post.

    2. Open webservice URL in a browser and if it asks for client certificate it means server is set to expect certificate from client. In case of self signed certificate you must already have self signed certificate from server. Import these in a keystore and set the system properties for key store and not the trust store before actually making call to web service as shown below. This is because you already have imported server certificate into client trust store (cacerts).

    Code:

    MySoap12Stub stub = (MySoap12Stub) new MyLocator().getMySoap12(new java.net.URL(WSUrl));

System.setProperty("javax.net.ssl.keyStore", "certs/keystoreQA.Importkey");
System.setProperty("javax.net.ssl.keyStorePassword", "importkey");

    In addition in my case, server is expecting user token and password set into SOAP headers. This is how I set this into SOAP headers:

    ((Stub) stub).setHeader(HeaderHandler.getSecurityHeader(User, password));

public class HeaderHandler {

    public static SOAPHeaderElement getSecurityHeader(String user,String password) throws Exception {
        SOAPHeaderElement wsseSecurity = new SOAPHeaderElement(new PrefixedQName(
            "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
            "Security", "wsse"));
        wsseSecurity.setActor(null);
        wsseSecurity.setMustUnderstand(true);

        SOAPElement usernameToken = wsseSecurity.addChildElement("UsernameToken", "wsse");
        usernameToken.setAttribute("xmlns:wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        SOAPElement username = usernameToken.addChildElement("Username", "wsse");
        username.addTextNode(user);

        SOAPElement password = usernameToken.addChildElement("Password", "wsse");
        password.setAttribute("Type","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        password.addTextNode(password);
        return wsseSecurity;
    }
}

    I hope this explains in details how to use self signed certificates and WSSE user token and password in axis2 client calling web services over https using usertoken and password.

    Cheers! good to go now.

    • 0