Multiple Staff HTTPS SOAP Clients in One Application

[tkcandyh]

I'd like to have clients for multiple diverse HTTPS SOAP web services contained within one application.  I've successfully consumed each of the services in question, so I know that Staff will work for my needs in at least a proof-of-concept capacity.  The problem I'm running into is that the axis2.xml file, regardless of where it is located, seems that it can only contain a single reference to a server certificate, and that certificate must be a local file on the machine running the application.  So I have a few questions.

Is there a way to consume HTTPS SOAP services without first downloading the server certificate and explicitly specifying it in the axis2.xml file?

If not, is there a way to specify multiple server certificates in a single axis2.xml file?

If not, is it possible to have multiple axis2.xml files, each referring to a single server certificate, and select the appropriate one, based on which service I'm consuming at any given time?

[Dmitry Utkin]

Hi,

1. yes! 

Since Staff uses Axis2/C as transport, you can pass server certificate as client's option:

    staff::ServiceClient tClient;

    // initialize client

    tClient.Init("http://localhost:9090/axis2/services/echo");

    // client options

    staff::Options& rOptions = tClient.GetOptions();

    // set path to server's certificate

    rOptions.SetProperty("SERVER_CERT", "/path/to/server.pem");

Please note, you must have Staff r857 or above. staff::Options had no SetProperty function before this commit.

2. no, as far I know, you can't setup multiple certificates for single axis2.xml file

3. no, because axis2.xml location is read from environment variable AXIS2C_HOME - which is global variable for the single process.

For more details about client/server certificates please see this article: http://people.apache.org/~dumindu/docs/HowToConfigureSSL.html . It's a bit outdated regarding API, but you may get the idea.

вторник, 17 июня 2014 г., 22:19:12 UTC+4 пользователь tkcandyh написал:

[Andrew Hoffmeyer]

Is it possible to do this _without_ first downloading the server's certificate?  Can it acquire the server's cert automatically?

--

---
You received this message because you are subscribed to a topic in the Google Groups "wsf-staff" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wsf-staff/0zRY7bLEyv8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wsf-staff+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Andrew Hoffmeyer
Software Developer/Network Administrator
Turnkey Corrections/Turnkey Software Solutions
V: 715-386-5700
F: 715-386-9988

[Dmitry Utkin]

Hi,

This is not possible while using built-in SSL support, because ssl certificate is always imported from file (see ssl_utils.c:110).

But this may be possible, if you will use CURL based transport.

вторник, 17 июня 2014 г., 23:30:51 UTC+4 пользователь tkcandyh написал:

[Andrew Hoffmeyer]

This seems like an unnecessary restriction.  Is it a part of axis2/c or is it specific to Staff?  It makes no sense that I should have to manually get a copy of the server's certificate, especially for trusted certs.  I can see it being useful for self-signed certs, but I just don't get why it wouldn't be automatic for trusted certs.

[Dmitry Utkin]

This is an Axis2/C restriction. It always load server_cert from file in case of built-in SSL transport is used.

CURL transport does not read the SERVER_CERT option, and seems like it does load server certificate automatically.

Try to compile Axis2/C (unofficial) with CURL support and see if it works.

среда, 18 июня 2014 г., 0:28:48 UTC+4 пользователь tkcandyh написал:

[Andrew Hoffmeyer]

I'm trying to build axis2/c, and I'm getting a lot of "warnings treated as errors" type of messages from the compiler, mostly for declared, but unused, variables.  I'm building on Ubuntu 14.04 with GCC 4.8.  Is there an easy way to get through this?

[Dmitry Utkin]

Hi,

Please use Axis2/C-unofficial instead: http://code.google.com/p/staff/wiki/InstallationManualLinuxUser.

Link to project's page: http://code.google.com/p/axis2c-unofficial/

среда, 18 июня 2014 г., 16:38:02 UTC+4 пользователь tkcandyh написал:

[Andrew Hoffmeyer]

Ok, so just to be clear, when I run configure, I want --enable-libcurl and NOT --enable-openssl, correct?

[Dmitry Utkin]

When I tested that I had both options enabled:

./configure --prefix=$AXIS2C_HOME --enable-libcurl --enable-openssl

среда, 18 июня 2014 г., 16:59:58 UTC+4 пользователь tkcandyh написал:

[Andrew Hoffmeyer]

I just got the following error when running configure

checking whether to build libxml2 xml parser library... ./configure: line 15998: syntax error near unexpected token `LIBXML2,'
./configure: line 15998: `    PKG_CHECK_MODULES(LIBXML2, libxml-2.0)'

I have libxml2 installed, but I don't think the problem is related to whether or not it is.  I'm not really familiar with autotools, so I'm not sure how to proceed here.

[Dmitry Utkin]

That's strange, I don't have such error on clean Ubuntu 14.04 (with and without libxml2-dev).

Probably this topic can help you: http://stackoverflow.com/a/6770183/395616

среда, 18 июня 2014 г., 17:22:01 UTC+4 пользователь tkcandyh написал:

[Andrew Hoffmeyer]

It turns out I had a few things screwed up in my build environment.  Packages not installed, etc.  I got it all hammered out, and it now does exactly what I want.  I don't need a copy of the server's certificate, and a single axis2.xml file does the trick.

Thanks for all your help.  This definitely looks like a great replacement for my existing gSOAP-based code.  I'll be happy to be rid of it.