I'm facing a strange situation while I try to consume SOAP service under HTTPS. I have the following scenario, my application is serving some SOAP services, at this moment this services are open, they don't need any kind of authorization to be accessed. At the same time the application has to consume other services that has to be accessed using https protocol (TLSv1.2). To achieve the goal I did this configuration:
@Configuration
public class SSLClientConfig {
@Value("${trust.store}")
private String trustStore;
@Value("${trust.store.password}")
private String trustStorePassword;
@Value("${trust.store.type}")
private String trustStoreType;
@Value("${sslContext.tls.protocol}")
private String tlsProtocol;
@Bean
public SSLSocketFactory sslSocketFactory() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, KeyManagementException {
final char[] keyPassphrase = trustStorePassword.toCharArray();
final KeyStore ks = KeyStore.getInstance(trustStoreType);
ks.load(new FileInputStream(trustStore), keyPassphrase);
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassphrase);
final char[] trustPassphrase = trustStorePassword.toCharArray();
final KeyStore tks = KeyStore.getInstance(trustStoreType);
tks.load(new FileInputStream(trustStore), trustPassphrase);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
//load SSLContext with keystore and truststore
SSLContext c = SSLContext.getInstance(tlsProtocol);
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
SSLContext.setDefault(c);
return c.getSocketFactory();
}
Then in my Service I call the service this way
URL url = new URL(wsdlloLocation);
MyService service = new MyService(url);
service.setHandlerResolver(customHandlerResolver);
MyPort operaciones = service.getMyServiceSOAP();
BindingProvider bp = (BindingProvider) operaciones;
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, myUrl);
bp.getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory", sslSocketFactory);
bp.getRequestContext().put("com.sun.xml.internal.ws.connect.timeout", connectTimeout);
bp.getRequestContext().put("com.sun.xml.internal.ws.request.timeout", responseTimeout);
MyResponseType response = null;
MyRequestType request = generateRequest();
response = operaciones.operation_1(request);
The sslContextFactory is autowired. The problem is that the server is returning a 403 status, and the trace in the log says that no certificate is sending.
I use a customHandlerResolver to get the SOAPMessage and sign it, and to audit the action.
I don't know if this is relevant, but I have a proxy between the application and the server.
I also tried setting some system properties in the SSLClientConfig
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
System.setProperty("javax.net.ssl.trustStoreType", trustStoreType);
System.setProperty("https.protocols", tlsProtocol);
I added this in the beggining of the sslSocketFactory method, but nothing changed, still have the same error.
The situation is that it seems that the BindingProvider is fine, cause the call is made pointing the correct url (myUrl), but it seems that the SSLContext is not working.
Is there something I'm missing or doing wrong?
Thanks in advance.