sabato 5 maggio 2012

java client side extra setting for ssl connections web service

Adding ssl  behaviour  to connection from client side is quite easy in java.
For example if you want move web service connection from HTTP to HTTPS  only 2 extra steps are required :
  1.  Download server certificate and store it in your keystore (if certificate is signed from some CA you should previously import CA certificate).
  2.  Insert information about keystore location and password as system properties (as JVM params or directly in code ).

Here a sample procedure to import  server certificate:
 Web Server’s certificate must be captured and then imported with Sun’s keytool utility (provided
with Java).  A method to do this is as follows.
1) Obtain a copy of the certificate in X.509 format using Microsoft’s Internet Explorer
Version 6, by accessing the HTTPS URL. A dialog requesting permission to accept
the certificate appears. Click the View Certificate button, then the Details tab. Click
Copy to File, then Next and select the Base-64 encoded X.509 (.CER) option. Click
Next to save the file.
2) Import the .cer file using the keytool utility, which can be found in the bin directory for a
Java installation. Using this tool, the .cer file is imported into a cacerts file, which is
located in the lib/security directory of a Java installation. The simplest method is to
copy the .cer file obtained using Internet Explorer to your Java home dir/lib/security
directory.
$ ../../bin/keytool.exe –import –storepass changeit –file mycert.cer –keystore cacerts –
alias mycert
3) The only changes required are the name of the certificate (in this case mycert.cer)
and the alias (mycert). Do this in the same VM as you run your client.



To insert information about keystore location and password as system properties.
Exact property names are javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword.
To set them  you have many choices 
public class  WS Client {

    /*
     * static block for secure SOAP      */
    static {
        Properties clientKeyStore = new Properties();
        String clietKeyStorePropertiesFileDir = System.getProperty("jboss.server.home.dir")+File.separator +"conf"+File.separator+"ssl";
        try {
            clientKeyStore.load(new FileInputStream(clietKeyStorePropertiesFileDir+File.separator+"clientKeystore.properties"));
            String trustStoreFile = clietKeyStorePropertiesFileDir + File.separator + clientKeyStore.getProperty("keystore");
            String password = clientKeyStore.getProperty("password");
            File file = new File(trustStoreFile);
            if(!file.exists()) {
                throw new FileNotFoundException(trustStoreFile + " DO NOT EXIST!!");
            }
            //Setto il KeyStore con il certificato per la connessione https nelle System.properties          
            System.setProperty("javax.net.ssl.trustStore",trustStoreFile);
            System.setProperty("javax.net.ssl.trustStorePassword", password);    

        } catch (FileNotFoundException e) {
            e.printStackTrace();
      
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
  

Nessun commento:

Posta un commento