prohacx
asked on
Calling HTTPS webservices using Axis and Soap
Hi,
I'm pretty new in this webservice thing and I want to call a webservice deployed over HTTPS.
My current code is like so:
System.setProperty("javax. net.ssl.tr ustStore", "CustomKeyStore");
System.setProperty("javax. net.ssl.tr ustStorePa ssword", "littlesecret");
String endpoint = "https://brsla-cadev-vm3/axis/services/USD_R11_WebService?wsdl";
String user = "someuser";
String pwd = "somepassword";
try
{
// create a new web service stub instance
USD_WebServiceLocator ws = new USD_WebServiceLocator();
java.net.URL url = new java.net.URL(endpoint);
USD_WebServiceSoap usd = ws.getUSD_WebServiceSoap(u rl);
// login to server
int sid = usd.login(user, pwd);
When deploying the service over HTTP I don't have any problems and can access all methods of the web service. However, over HTTPS, I keep on getting Java errors.
I already created a keystore and it looks like the code has no problems accessing that. However, now I run in errors like this:
javax.net.ssl.SSLHandshake Exception: sun.security.validator.Val idatorExce ption: PKIX path building failed: sun.security.provider.cert path.SunCe rtPathBuil derExcepti on: unable to find valid certification path to requested target
All I'm looking for is a simple example of calling a method over HTTPS, but I seem to be unable to find that anywhere. Kind of stuck here....
Can anyone help me please?
Thanks in advance!
I'm pretty new in this webservice thing and I want to call a webservice deployed over HTTPS.
My current code is like so:
System.setProperty("javax.
System.setProperty("javax.
String endpoint = "https://brsla-cadev-vm3/axis/services/USD_R11_WebService?wsdl";
String user = "someuser";
String pwd = "somepassword";
try
{
// create a new web service stub instance
USD_WebServiceLocator ws = new USD_WebServiceLocator();
java.net.URL url = new java.net.URL(endpoint);
USD_WebServiceSoap usd = ws.getUSD_WebServiceSoap(u
// login to server
int sid = usd.login(user, pwd);
When deploying the service over HTTP I don't have any problems and can access all methods of the web service. However, over HTTPS, I keep on getting Java errors.
I already created a keystore and it looks like the code has no problems accessing that. However, now I run in errors like this:
javax.net.ssl.SSLHandshake
All I'm looking for is a simple example of calling a method over HTTPS, but I seem to be unable to find that anywhere. Kind of stuck here....
Can anyone help me please?
Thanks in advance!
ASKER
I'm using netbeans IDE and set a working directory for the project. The CustomKeyStore file is located there.
I'm pretty sure the code can find it now, because I used to have another problem before that was caused because the file could not be found.
My main problem is that I have no clue on how this Axis stuff works (in the docs they talk about factories and other stuff). An example code would be really great. I'm really confused because of the difference in a simple call over HTTP (which I got to work quite easily) and the trouble I'm having to make it work over HTTPS.
I'm pretty sure the code can find it now, because I used to have another problem before that was caused because the file could not be found.
My main problem is that I have no clue on how this Axis stuff works (in the docs they talk about factories and other stuff). An example code would be really great. I'm really confused because of the difference in a simple call over HTTP (which I got to work quite easily) and the trouble I'm having to make it work over HTTPS.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Hi Manyankeagle:
the code finds the certificate all right, but I still get this error now:
java.net.SocketException: Default SSL context init failed: DerInputStream.getLength() : lengthTag=109, too big.
My code is now this:
System.setProperty("java.p rotocol.ha ndler.pkgs ", "com.sun.net.ssl.internal. www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.s sl.Provide r());
System.setProperty("javax. net.ssl.ke yStoreType ", "PKCS12"); // pkcs12 JKS
System.setProperty("javax. net.ssl.ke yStore", "vm3KeyStore");
System.setProperty("javax. net.ssl.ke yStorePass word", "littlesecret");
com.sun.net.ssl.HostnameVe rifier hv=new com.sun.net.ssl.HostnameVe rifier() {
public boolean verify(String urlHostname, String certHostname) {
System.out.println("urlHos tname >>" + urlHostname +"<<");
System.out.println("certHo stname >>" + certHostname +"<<");
System.out.println("WARNIN G: Hostname is not matched for cert.");
return true;
}
};
com.sun.net.ssl.HttpsURLCo nnection.s etDefaultH ostnameVer ifier(hv);
// The endpoint for the R11 web service
String endpoint = "https://brsla-cadev-vm3/axis/services/USD_R11_WebService?wsdl";
// Assume user and password are both "ServicePlus"
String user = "someuser";
String pwd = "somepassword";
try
{
// create a new web service stub instance
USD_WebServiceLocator ws = new USD_WebServiceLocator();
java.net.URL url = new java.net.URL(endpoint);
USD_WebServiceSoap usd = ws.getUSD_WebServiceSoap(u rl);
// login to server
int sid = usd.login(user, pwd);
Does anyone know where this error comes from? I read on the internet that keytool.exe can add an extra line break to the .cer file. I even deleted that extra line before creating the vm3Keystore and still I get this error.
Thanks again for all your efforts!
the code finds the certificate all right, but I still get this error now:
java.net.SocketException: Default SSL context init failed: DerInputStream.getLength()
My code is now this:
System.setProperty("java.p
Security.addProvider(new com.sun.net.ssl.internal.s
System.setProperty("javax.
System.setProperty("javax.
System.setProperty("javax.
com.sun.net.ssl.HostnameVe
public boolean verify(String urlHostname, String certHostname) {
System.out.println("urlHos
System.out.println("certHo
System.out.println("WARNIN
return true;
}
};
com.sun.net.ssl.HttpsURLCo
// The endpoint for the R11 web service
String endpoint = "https://brsla-cadev-vm3/axis/services/USD_R11_WebService?wsdl";
// Assume user and password are both "ServicePlus"
String user = "someuser";
String pwd = "somepassword";
try
{
// create a new web service stub instance
USD_WebServiceLocator ws = new USD_WebServiceLocator();
java.net.URL url = new java.net.URL(endpoint);
USD_WebServiceSoap usd = ws.getUSD_WebServiceSoap(u
// login to server
int sid = usd.login(user, pwd);
Does anyone know where this error comes from? I read on the internet that keytool.exe can add an extra line break to the .cer file. I even deleted that extra line before creating the vm3Keystore and still I get this error.
Thanks again for all your efforts!
you might have to make your own SSLSocketFactory:
http://www-128.ibm.com/developerworks/websphere/techjournal/0502_benantar/0502_benantar.html
http://www-128.ibm.com/developerworks/websphere/techjournal/0502_benantar/0502_benantar.html
ASKER
Found my problem!
As I said I clearly did not understand this certificate stuff good enough...
The keystore I initially had was imported from a certificate I created myself. This was different from the certificate that was running on the server. I thought any valid certificate would do, but clearly you need to use the one that is installed on the server (yes, you can stop laughing now ;).
So... to make a long story short: browse (in IE) to the WSDL URL, view the certificate, go to the details tab, click "copy to file" and save as .cer
Then, use keytool to create the keystore. Move the keystore to where you want to call it.
Use following code to make it work:
System.setProperty("javax. net.ssl.tr ustStore", "c:\\...\\myKeyStore");
System.setProperty("javax. net.ssl.tr ustStorePa ssword", "password");
if you have problems, System.setProperty("javax. net.debug" , "all" ); can help to understand the process better.
As I said I clearly did not understand this certificate stuff good enough...
The keystore I initially had was imported from a certificate I created myself. This was different from the certificate that was running on the server. I thought any valid certificate would do, but clearly you need to use the one that is installed on the server (yes, you can stop laughing now ;).
So... to make a long story short: browse (in IE) to the WSDL URL, view the certificate, go to the details tab, click "copy to file" and save as .cer
Then, use keytool to create the keystore. Move the keystore to where you want to call it.
Use following code to make it work:
System.setProperty("javax.
System.setProperty("javax.
if you have problems, System.setProperty("javax.
ASKER
Although I mostly found the solution myself, reading the document provided by Mayankeagle explains it all. So, thanks for the info!
>> This was different from the certificate that was running on the server.
Well, oh :) they have to be the same otherwise how would you authenticate :) ?
Well, oh :) they have to be the same otherwise how would you authenticate :) ?
Just like the password you type at the client-side for logging on to a website has to be same as the password stored on the server :)
Where is CustomKeyStore located? Is it in the same directory as the main class running your application?