How to set up Apache CXF client to use WebSphere truststore? (Receiving “No trusted certificate found” exception.)

后端未结

关注

 4  739

情深已故 2020-12-31 14:19

First, I\'ll start with a summary. I\'m using an Apache CXF client to communicate over SSL with an Apache CXF service provider that is using a self-signed certificate. I i

4条回答

别那么骄傲 (楼主)

2020-12-31 14:47

Looking at how CXF and WAS work, it is fairly straightforward to access the Websphere's SSLSocketFactory and pass it to CXF using an outbound interceptor.

If you use the following class:

public class WebsphereSslOutInterceptor extends AbstractPhaseInterceptor {

  private String sslAlias = null;

  public WebsphereSslOutInterceptor() {
    super(Phase.SETUP);
  }

  public void handleMessage(Message message) throws Fault {
    Conduit conduit = message.getExchange().getConduit(message);
    if (conduit instanceof HTTPConduit) {
      HTTPConduit httpConduit = (HTTPConduit)conduit;
      String endpoint = (String) message.get(Message.ENDPOINT_ADDRESS);
      if (endpoint != null) {
        try {
          URL endpointUrl = new URL(endpoint);
          Map connectionInfo = new HashMap();

          connectionInfo.put(
            JSSEHelper.CONNECTION_INFO_REMOTE_HOST, 
            endpointUrl.getHost());
          connectionInfo.put(
            JSSEHelper.CONNECTION_INFO_REMOTE_PORT, 
            Integer.toString(endpointUrl.getPort()));
          connectionInfo.put(
            JSSEHelper.CONNECTION_INFO_DIRECTION, 
            JSSEHelper.DIRECTION_OUTBOUND);
          SSLSocketFactory factory = 
            JSSEHelper.getInstance().getSSLSocketFactory(
              sslAlias, 
              connectionInfo, 
              null);

          TLSClientParameters tlsClientParameters = httpConduit.getTlsClientParameters();
          if (tlsClientParameters != null) {
            tlsClientParameters.setSSLSocketFactory(factory);
          }
        } catch (MalformedURLException e) {
          throw new Fault(e);
        } catch (SSLException e) {
          throw new Fault(e);
        }
      }
    }
  }

  public void setSslAlias(String sslAlias) {
    this.sslAlias = sslAlias;
  }
}

Then you'll be able to hook up to Websphere's SSLSocketFactory and can optionally use the "Dynamic Outbound Endpoint SSL Configuration" settings to specify any client certs, by specifying the interceptor in the jaxws:client tag:

As an aside, if the sslAlias property is declared in the WebsphereSslOutInterceptor, a client certificate can be chosen based on its alias.

Because this is using the SSLSocketFactory from Websphere, the trust stores will also be used from Websphere.

EDIT:

I used CXF 2.3.6 and Websphere 6.1

0 讨论(0)

查看其它4个回答