AnsweredAssumed Answered

WebService Call with Client certificate

Question asked by Kumar Gaurav Employee on Dec 19, 2017
Latest reply on Feb 6, 2018 by David Kurniawan

Hi All,

We developed on shell script to invoke a soap web service which enforces client certificate validation.

The script is working fine without any issue.

But we came to know that there is no AFX module available yet so we cannot invoke this script from IG&L.

Also we cannot invoke this script from Java Node as IG&L restricts doing this.

 

Then we ported the code to java and trying to get it working.

Even though we are able to connect to server, we are not able to open the stream to write the data.

 

We get java.net.SocketTimeoutException: connect timed out exception.

 

//This line of code is throwing exception

OutputStreamWriter outputStream = new OutputStreamWriter(con.getOutputStream());

 

The sample code snippet is below:

try {

// Open a secure connection.

System.out.println("endpoint="+endPoint);

URL url = new URL(null,endPoint,new sun.net.www.protocol.https.Handler());

HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

//URLConnection con=url.openConnection();

System.out.println("Connection opened successfully");

 

// Set up the connection properties

//con.setRequestProperty( "Connection", "close" );

con.setDoInput(true);

con.setDoOutput(true);

con.setUseCaches(false);

con.setConnectTimeout( 30000 );

//con.setReadTimeout( 30000 );

con.setRequestMethod( "POST" );

con.setRequestProperty("Content-Type", "text/xml");

//con.setRequestProperty( "Content-Type", "application/x-www-form-urlencoded" );

//con.setRequestProperty( "Content-Length", Integer.toString(message.length()) );

 

 

// Set up the user authentication portion of the handshake

File pKeyFile = new File(certFile);

String pKeyPassword = certPassword;

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");

KeyStore keyStore = KeyStore.getInstance("PKCS12");

InputStream keyInput = new FileInputStream(pKeyFile);

keyStore.load(keyInput, pKeyPassword.toCharArray());

keyInput.close();

keyManagerFactory.init(keyStore, pKeyPassword.toCharArray());

 

SSLContext context = SSLContext.getInstance("TLS");

context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());

SSLSocketFactory sockFact = context.getSocketFactory();

con.setSSLSocketFactory( sockFact );

HttpsURLConnection.setDefaultSSLSocketFactory(sockFact);

 

System.out.println("Before con.getOutPutStream...");

OutputStreamWriter outputStream = new OutputStreamWriter(con.getOutputStream());

System.out.println("After con.getOutPutStream...");

System.out.println("Posting the request...");

//OutputStreamWriter outputStream = con.getOutputStream();

outputStream.write(message);

outputStream.flush();

outputStream.close();

 

 

We verified followings:

1> web service is up

2> Socket connection is working fine with test code. The below code returns true.

try (Socket socket = new Socket()) {

socket.connect(new InetSocketAddress(host, port), timeout);

isConnected = socket.isConnected();

} catch (SocketException e) {

if (e.getMessage().contains("Connection refused")) {

return false;

}

} catch (SocketTimeoutException e) {

return false;

}

Outcomes