Skip to main content

Consuming secured WCF service from Java client

5 replies [Last post]
bbelovic
Offline
Joined: 2012-11-15

Hello
I am trying to consume secured WCF service from Java client using Netbeans IDE. Service's WSDL contains certificate enclosed in elements. I am trying to create Netbeans client. Here's what I've done:

1) I cropped text between X509 certificate and stored it into truststore. I sed following command

keytool -import -noprompt -trustcacerts -alias mycert -file .\selfsignedetr2.cer -keystore sample.jks -storepass ****

2) I have created Java project in Netbeans
3) I have added webservice client to this project and setup WSDL url for the client
4) I have right-clicked on web service references, chose edit webservice attributes
5) on security tab I clicked Trustore... button and specified truststore created in step 1
6) I have specified Default username and Default password for the webservice
7) I clicked OK and run my client and I got following message:

SEVERE: WSS1533: Validation of self signed certificate failed followed by information about certificate.

My question is how to make it running?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
gmazza
Offline
Joined: 2005-01-14

I'm not sure what security method your WCF service is requiring ("Service's WSDL contains certificate enclosed in elements" can mean anything), and the more clearly you explain your authentication requirements the better the answers you can get. Three common use cases: SSL transport w/Basic Auth, UsernameToken authentication over SSL, and two-way Message-layer X.509 authentication are covered by blog articles #11, #13, and #15 here: http://www.jroller.com/gmazza/entry/blog_article_index.

HTH,
Glen

bbelovic
Offline
Joined: 2012-11-15

I am not sure either, I am posting relevant part of WSDL here: http://pastebin.com/E2tDgNsX and part which refer to certificate is here http://pastebin.com/3mnZtE6c.

I'd say it SSL transport w/Basic Auth or UsernameToken authentication over SSL, but I am really not sure.

gmazza
Offline
Joined: 2005-01-14

Because it's symmetric and not transport binding at the top-level, you're not doing transport layer encryption aka SSL but message layer encryption instead with the server's key used for encryption. My Metro username token tutorial should mostly work (even though it's using transport layer SSL), just make sure the server's public cert is in the client's truststore & configure a client-side truststore similar to my Metro X509 tutorial.

Anonymous

Looks like the problem was in keytool import, when I use this command for
import: keytool -importcert -rfc -alias myalias -keystore mystore.jks -file
mycert.cer and refer to mystore from wsit-client.xml, everything works fine.
I can call service without any problems.

bbelovic
Offline
Joined: 2012-11-15

Looks like the problem was in keytool import, when I use this command for import:
keytool -importcert -rfc -alias myalias -keystore mystore.jks -file mycert.cer

and refer to mystore from wsit-client.xml, everything works fine. I can call service without any problems.