Thursday, 28 April 2016

How to configure to use SSL certificate through Apache Axis ?


Axis Configuration for SSL

Set a Socket Secure Factory, at application startup

  AxisProperties.setProperty(
       "axis.socketSecureFactory",
       "com.genius.utils.CustomSSFactory");


Create Socket Secure Factory class

1. Import following APIs :
import java.security.KeyStore;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.apache.axis.components.net.JSSESocketFactory;
import org.apache.axis.components.net.SecureSocketFactory;


2.   Create class by extending JSSESocketFactory and implementing SecureSocketFactory
public class CustomSSLFactory extends JSSESocketFactory
        implements SecureSocketFactory

3.  Override a parameterized constructor, to set attributes :
public CustomSSLFactory(Hashtable attributes) {
        super(attributes);
}

4.  Override method initFactory to set sslFactory :
protected void initFactory() throws IOException {
        try {
               SSLContext context = getContext();
               sslFactory = context.getSocketFactory();
        } catch (Exception e) {
               e.printStackTrace();
        }
}
  

5.  Override method getContext to return the SSL context :
protected SSLContext getContext() throws Exception {
   . . . . .
}
              
 

Details of getContext method

Use 2 constants for keystore location and password :
private static String MY_KEYSTORE_PASSWORD = "passwd";
private static String RESOURCE_PATH_TO_KEYSTORE = "/usr/bin/certificate.P12";


Check if password is in correct format :
char[] keystorepass = MY_KEYSTORE_PASSWORD.toCharArray();

if (StringUtils.isBlank(new String(keystorepass))) {
    throw new Exception("Could not read password for configured keystore!");
}


Load the keystore :
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(new File(RESOURCE_PATH_TO_KEYSTORE)),
                     MY_KEYSTORE_PASSWORD.toCharArray());


Check intialization of key manager factory :
KeyStore keyStore = ks;
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
                    KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, keystorepass);


Check initialization of Trust manager factory :
TrustManagerFactory tmf =  TrustManagerFactory.getInstance(
                             TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);


Initialize the X509 Trust manager :
X509TrustManager tm = new X509TrustManager() {
  public X509Certificate[] getAcceptedIssuers() {
               return null;
  }

  public void checkClientTrusted(X509Certificate[] certs, String authType) {
  }

  public void checkServerTrusted(X509Certificate[] certs, String authType) {
  }
};


Initialize Key Manager Factory and Key managers
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
                               KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keyStore, keystorepass != null ? keystorepass : null);
KeyManager[] keymanagers = kmfactory.getKeyManagers();



Initialize SSL context with Key managers and Trust managers (X509)
sslContext.init(keymanagers, new TrustManager[]{tm}, null);


Return the SSL context

return sslContext;

Posted by at
Labels: , ,

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)