SSL Client connecting to a web service on HTTPS
I have to write a client web service to consume a secure web service (government web service) . Secure means that the web service is accessible through https using certificates with mutual authentication.
I received 2 certificates, from my client:
First certificate to identify and authorize my company to connect to them. It's used to establish the SSL connection with my client server. This certificate should installed on the application server , so it could be used by all my users
Second certificate is delivered in USB key for each authorized user.
The client requires that the SOAP message should looks like this
<s:envelope xmlns:s="...">
<s:header>
<security s: actor="actorA">PKC7 signature with person certificate using a specific part on the message</signature>
<security s: actor="actorB">XML signature for the signature and encryption of the message</signature>
</header>
<s:body id="bodyID">message</body>
</envelope>
To do tha,t I tried to use a java SSL client (see code below) to consume this secure web service.
I used a InstallCert to get their (my client) certifcate and add it to java trust store ...succeffully done
I create a java keystore in my home directory and add to it the certificate delivered to the company (to be used for SSL connection)
I could connect to their server, handshake well done...
I write in the ssl socket outputstream the HTTP header + blank line + soap message as described above. BUT I got bad request HTTP 400.
Here is what I wrote in the socket outpustream:
"POST /PARTE/CA/XML/V02R02.0/1.0/Usagers_LIST/FindCandidates/ReceptionService.svcl HTTP/1.1" + "\r \n";
"Content-type: text/xml;charset=\"utf-8\"" + "\r \n"
"Host: " + host+":" + port + "\r \n"
"Content-Length: " + soapMessage.length() + "\r \n"
"\r \n"
soapMessage
When I try with browser : https://host:/PARTE/CA/XML/V02R02.0/1.0/Usagers_LIST/FindCandidates/ReceptionService.svcl?wsdl ==> I got the wsdl file.
Should I encrypt the HTTP header (post ... content-type:.. host: ... message) ? If yes How can do it ?
Could you please help with this issue ?
I am open to discuss other solutions too
Thanks for your help
Moh.
Java SSL Client:
public void testSSL( String request){
String trustStoreName = System.getProperty("java.home") + File.separator
+ "lib" + File.separator + "security" + File.separator + "jssecacerts";
String trustStorePass = "xxx";
System.setProperty("javax.net.ssl.trustStore", trustStoreName);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
String keyStoreName = System.getProperty("user.home") + File.separator + "keystore.jks";
String keyStorePass = "yyy";
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePass);
BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
PrintStream out = System.out;
try {
KeyStore ks = getKeyStore();
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "xxx".toCharArray());
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(kmf.getKeyManagers(), null, null);
SSLSocketFactory f = sc.getSocketFactory();
String host="host"; int port = 443;
SSLSocket c = (SSLSocket) f.createSocket(host, port);
printSocketInfo(c);
log.info("Hand shaking..");
//c.startHandshake();
log.info("Handshake done.");
BufferedWriter w = new BufferedWriter(new OutputStreamWriter(c.getOutputStream()));
BufferedReader r = new BufferedReader(new InputStreamReader(c.getInputStream()));
String httpHeader = "POST /PARTE/CA/XML/V02R02.0/1.0/Usagers_LIST/FindCandidates/ReceptionService.svc HTTP/1.1" + "\r \n";
httpHeader = httpHeader + "Content-type: text/xml;charset=\"utf-8\"" + "\r \n";
httpHeader = httpHeader + "Host: " + host+":" + port + "\r \n";
//httpHeader = httpHeader + "Soapaction: \"http://ttt/1/IFindCandidates/FindCandidates\"" + "\r \n" ;
httpHeader = httpHeader + "Content-Length: " + request.length() + "\r \n";
request = httpHeader + request + "\r\n";
request = "\r\n";
log.info("Message to be sent:\n" + request);
//w.write(request);
w.write(request, 0, request.length());
w.flush();
String response ="";
String m = null;
while ((m = r.readLine()) != null) {
response += m + "\n";
}
log.info("message received:\n" + response);
w.close();
r.close();
c.close();
} catch (Exception e) {
log.log(Level.SEVERE,e.toString());
}
}
Edited by: user6106278 on Mar 22, 2011 4:07 PM